29 matches found
cisco-hypershield
Ansible Collection: stevefulme1.ciscohypershield Ansible Col...
EUVD-2021-0350
Malware in sbrugna...
RHEL 7 : pyyaml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - PyYAML: yaml.load API could execute arbitrary code CVE-2017-18342 Note that Nessus has not tested for this issue bu...
Dridex affiliate dresses up as Scrooge
Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent malicious spam campaigns malspam we and others have observed appear to have been created by someone who wants to play Scrooge and add onto peoples already heightened state of anxiety...
Virtual Patching 101
Get the lowdown on virtual patching: a simplified, automated solution to shielding vulnerabilities from exploits...
N-Day Exploit Protection Strategies
Over two years, Trend Micro Research scoured the underground forums for insight into the N-day exploit market. Discover their findings and how you can secure your organization against exploits...
Fetch Tweets <= 2.6.4 - Reflected Cross-Site Scripting
The plugin does not escape some parameters before outputting them back in attributes in an admin page, leading to Reflected Cross-Site Scripting issues alert/XSS-page/' / alert/XSS-tab/' /...
CVE-2020-5413
Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...
Get Ready for the Microsoft Windows 7 EOL on January 14th
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hot fixes for attacks in the wild will not be available, effectively making any...
Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any...
Microsoft Office SharePoint CVE-2019-1036 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Step 9. Protect your OS: top 10 actions to secure your environment
In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...
Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware
Windows Defender Exploit Guard is a new set of intrusion prevention capabilities that ships with the Windows 10 Fall Creators Update. The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviors commonly us...
Adobe Patches Two Critical RCE Vulnerabilities in Flash Player
Adobe may kill Flash Player by the end of 2020, but until then, the company would not stop providing security updates to the buggy software. As part of its monthly security updates, Adobe has released patches for eight security vulnerabilities in its three products, including two vulnerabilities ...
Moving Beyond EMET II – Windows Defender Exploit Guard
Since we last wrote about the future of EMET and how it relates to Windows 10 back in November 2016 see Moving Beyond EMET, we have received lots of invaluable feedback from EMET customers and enthusiasts regarding the upcoming EMET end of life. Based on that feedback, we are excited to share...
Moving Beyond EMET II – Windows Defender Exploit Guard
Since we last wrote about the future of EMET and how it relates to Windows 10 back in November 2016 see Moving Beyond EMET, we have received lots of invaluable feedback from EMET customers and enthusiasts regarding the upcoming EMET end of life. Based on that feedback, we are excited to share...
Microsoft Edge CVE-2017-8638 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...
Threat Outbreak Alert RuleID28872: Email Messages Distributing Malicious Software on April 25, 2017
Medium Alert ID: 53552 First Published: 2017 April 25 12:07 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28872 may contain the following files: Name | Si...
Microsoft Windows PDF Library CVE-2016-0058 Buffer Overflow Vulnerability
Description Microsoft Windows PDF library is prone to a buffer-overflow vulnerability because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer.. An attacker can leverage this issue to execute arbitrary code in the context of the...
xpshop网店系统sql注入再来一处
简要描述: 应该还有几个就收工了,其实还有一些,不过感觉好累不想弄了。再挖多几个就收工了! 详细说明: 漏洞位置xpshop.webui.IspOrderReturnBy: protected void PageLoadobject sender, EventArgs e base.Response.AddHeader"Pragma", "No-Cache"; base.Response.Buffer = true; base.Response.ExpiresAbsolute = DateTime.Now.AddSeconds-1.0; base.Response.Expires = 0...