Lucene search
+L

136 matches found

taosecurity
taosecurity
added 2019/07/01 12:0 p.m.59 views

Reference: TaoSecurity News

I started speaking publicly about digital security in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. 2017 Mr. Bejtlich led a podcast titled Threat Hunting: Past, Present, and Future, in early July 2017. H...

Exploits0
schneier
schneier
added 2019/06/06 7:16 p.m.70 views

Security and Human Behavior (SHB) 2019

Today is the second day of the twelfth Workshop on Security and Human Behavior, which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and...

7.3AI score
Exploits0
hackerone
hackerone
added 2019/03/12 4:17 a.m.24 views

GitLab: Persistent XSS in Note objects

Summary: Some cache invalidation and project import logic issues enable an attacker to import a project with XSS payloads in places like MR discussions and similar places where a Note object exists. Description: There are basically 3 issues causing the XSS here: All attributes of Note objects are...

0.1AI score
Exploits0
schneier
schneier
added 2019/03/08 8:24 p.m.120 views

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. Video here. I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologist...

7.5AI score
Exploits0
schneier
schneier
added 2019/02/01 3:48 p.m.155 views

Public-Interest Tech at the RSA Conference

Our work in cybersecurity is inexorably intertwined with public policy and­ -- more generally­ -- the public interest. It's obvious in the debates on encryption and vulnerability disclosure, but it's also part of the policy discussions about the Internet of Things, cryptocurrencies, artificial...

7AI score
Exploits0
thn
thn
added 2018/07/31 6:42 a.m.2 views

Activist Leaks 11,000 Private Messages from WikiLeaks' Twitter Chats

An activist has just leaked thousands of private messages of an organization that's been known to publishing others' secrets. More than 11,000 direct messages from a Twitter group used by WikiLeaks and around 10 close supporters have been posted online by journalist and activist Emma Best, exposi...

6.5AI score
Exploits0
ubuntucve
ubuntucve
added 2018/07/10 5:0 p.m.58 views

CVE-2018-3693

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis...

5.6CVSS7.3AI score0.08416EPSS
Exploits0References4
schneier
schneier
added 2018/05/25 6:57 p.m.15 views

Security and Human Behavior (SHB 2018)

I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the roo...

7.3AI score
Exploits0
cnvd
cnvd
added 2018/03/27 12:0 a.m.5 views

Scilico I, Librarian Access Control Error Vulnerability

Scilico I, Librarian is the United States Scilico company a set of online PDF document management system. An access control error vulnerability exists in the ajaxdiscussion.php file in Scilico I, Librarian 4.9 and earlier versions. An attacker can exploit this vulnerability to gain unauthorized...

9.1CVSS6.9AI score0.01353EPSS
Exploits0References1
osv
osv
added 2018/03/23 9:29 p.m.21 views

CVE-2018-1000141

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access read, write and delete to project discussions...

9.1CVSS9.3AI score
Exploits0References1
prion
prion
added 2018/03/23 9:29 p.m.17 views

Improper access control

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access read, write and delete to project discussions...

7.5CVSS9.1AI score0.01353EPSS
Exploits0References1Affected Software1
hackerone
hackerone
added 2018/03/04 5:31 a.m.25 views

Vanilla: A user can comment in private discussions without having permission to access the discussion

Hello team, I have found a vulnerability which allows a user who does not have access to a discussion to comment on it and thus avoid the control applied. http://littleguy.vanillastaging.com/ Proof Of Concept ============= For this proof of concept I have used 3 users. User A creates a PRIVATE...

6.9AI score
Exploits0
schneier
schneier
added 2018/02/16 10:8 p.m.28 views

Friday Squid Blogging: Squid Pin

There's a squid pin on Kickstarter. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
cnvd
cnvd
added 2018/02/05 12:0 a.m.4 views

Drupal Open Atrium module Discussions sub module security vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Open Atrium module is a collaborative team development module based on the Drupal platform.Discussions sub module is one of the sub-modules. A security vulnerability exists in the...

6.5CVSS7AI score0.014EPSS
Exploits0References1
trendmicroblog
trendmicroblog
added 2017/08/18 2:0 p.m.41 views

Level up your cybersecurity journey with CLOUDSEC 2017

Beginning this month, Trend Micro will be hosting CLOUDSEC, one of the largest cybersecurity conferences across Asia-Pacific and Europe. The event features presentations and panel discussions from industry experts and thought leaders who will discuss high-level strategies, forward looking securit...

6.7AI score
Exploits0
schneier
schneier
added 2017/05/25 7:30 p.m.27 views

Security and Human Behavior (SHB 2017)

I'm in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myself. The 50 or so people in the room include...

6.8AI score
Exploits0
avleonov
avleonov
added 2017/04/24 5:31 p.m.27 views

CISO Forum 2017

Last week I have attended CISO Forum 2017 in Moscow. I was talking there about "Vulnerability Quadrants: automated hot topic detection in public vulnerability CVE flow". Today I want to share my impressions about the forum itself. To be short, I liked it very much. Both exhibition and...

6.7AI score
Exploits0
osv
osv
added 2017/04/20 9:59 p.m.2 views

UBUNTU-CVE-2016-3731

Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions...

5.3CVSS6.4AI score0.01595EPSS
Exploits0References2
cve
cve
added 2017/04/20 9:0 p.m.57 views

CVE-2016-3731

CVE-2016-3731 affects Moodle 3.0 (3.0.0–3.0.3), 2.9 (2.9.0–2.9.5), and 2.8 (2.8.0–2.8.11). The vulnerability allows remote attackers to obtain the names of hidden forums and forum discussions. The provided documents do not include exploit details, affected module specifics beyond the version rang...

5.3CVSS6.5AI score0.01595EPSS
Exploits0References3Affected Software1
threatpost
threatpost
added 2016/07/19 1:2 p.m.15 views

Former Cardinals Scout Christopher Correa Sentenced Four Years for Houston Astros Hack

The Federal Court came down hard on a former scouting director for the St. Louis Cardinals on Monday, sentencing Christopher Correa to almost four years in prison for hacking into a computer system that belongs to the Houston Astros. Correa, who until last summer served as Director of Baseball...

7.2AI score
Exploits0References8
Rows per page
Query Builder