Infographic: What is the economic impact of a data security platform?

Data security is important regardless of how your organization approaches cybersecurity. Whether it’s a protection-first approach, detection and remediation, or somewhere in between, data security enables organizations to inform on risk posture, protect against unauthorized data access and may...

vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is a community-driven project that aims to provide a safe and controlled environment for users to practice and improve their skills in web application security. The repository...

GitHub Security Lab: [Java] CWE-502: Unsafe deserialization with three JSON frameworks

This bug was reported directly to GitHub Security Lab...

5 Tips for Achieving Better Cybersecurity Risk Management

When thinking about cybersecurity risk management, think about the last time you were comparing health-insurance policies. Each policy offers a means to protect yourself and your family from financial losses e.g. from hospital coverage, and many policies include things that are designed to reduce...

in dompdf/dompdf

Description DomPDF is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate...

Jest Mocks—Unit Testing for EdgeWorkers

In case you haven’t already been working with EdgeWorkers, it allows you to run JavaScript code across more than 4,200 locations for proximity to users and fast application response times. With more and more application functionality moving to the edge, it’s increasingly important to ensure that...

vulhub

This is an open-source collection of vulnerable systems and applications for educational purposes. It is a repository of vulnerable systems and applications, including web servers, databases, and other software, that can be used to test and learn about security vulnerabilities. The repository is...

OESA-2021-1295 kf5-kconfig security update

KDE Frameworks 5 Tier 1 addon with advanced configuration system made of two parts: KConfigCore and KConfigGui. Security Fixes: In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to...

Oracle Commerce Guided Search/Oracle Commerce Experience Manager has an unspecified vulnerability (CNVD-2021-56438)

Oracle Commerce Guided Search enables people to interactively navigate data regardless of the size and complexity of the underlying data in real time through an easy-to-understand and use interface. Oracle Commerce Experience Manager is an intuitive web-based solution that enables you to create,...

Oracle Commerce Guided Search/Oracle Commerce Experience Manager has an unspecified vulnerability

Oracle Commerce Guided Search enables people to interactively navigate data regardless of the size and complexity of the underlying data in real time through an easy-to-understand and use interface. Oracle Commerce Experience Manager is an intuitive web-based solution that enables you to create,...

Oracle Commerce Guided Search/Oracle Commerce Experience Manager has an unspecified vulnerability (CNVD-2021-56439)

Oracle Commerce Guided Search enables people to interactively navigate data regardless of the size and complexity of the underlying data in real time through an easy-to-understand and use interface. Oracle Commerce Experience Manager is an intuitive web-based solution that enables you to create,...

Apps Built Better: DevSecOps, a Security Silver Bullet

Security should never be an afterthought when developing software and applications. However, as technological advances continue to take hold, the security tools many rely on are changing in real-time, and combatting potential breaches or hacks of your wares before they arise now requires new...

Securing the Supply Chain: Lessons Learned from the Codecov Compromise

Supply chain attacks are all the rage these days. While they’re not a new part of the threat landscape, they are growing in popularity among more sophisticated threat actors, and they can create significant system-wide disruption, expense, and loss of confidence across multiple organizations,...

What you need to know: Transitioning CSA STAR for Cloud Controls Matrix 4.0

In January of this year, the Cloud Security Alliance CSA released a major revision to its widely adopted Cloud Controls Matrix CCM in the form of version 4.0. This comes in the middle of a calendar year where several alternative information security frameworks are also expected to be refined,...

The vulnerability of the Frameworks component of the Oracle PeopleSoft Enterprise CS Campus Community application, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the Frameworks component in the Oracle PeopleSoft Enterprise CS Campus Community application is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP protocol...

[SECURITY] Fedora 34 Update: python-databases-0.4.3-2.fc34

Databases gives you simple asyncio support for a range of databases. It allows you to make queries using the powerful SQLAlchemy Core expression language, and provides support for PostgreSQL, MySQL, and SQLite. Databases is suitable for integrating against any async Web framework, such as...

Kiterunner - Contextual Content Discovery Tool

For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Over time,...

CVE-2021-2159

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft component: Frameworks. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS...

Oracle PeopleSoft Enterprise CS Campus Community Frameworks 安全漏洞

Oracle PeopleSoft Products is a set of enterprise human capital management solutions from Oracle Oracle. The products provide human capital management, financial management, supplier relationship management, and other capabilities. A security vulnerability exists in PeopleSoft Enterprise CS Campu...

How the Work-From-Home Shift Impacts SaaS Security

The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. Moreover, 75% of...