40 matches found
CVE-2024-1799
CVE-2024-1799 affects GamiPress (WordPress) up to version 6.8.6. Root cause: SQL Injection via the achievement_types parameter in the gamipress_earnings shortcode, caused by insufficient escaping and inadequate SQL query preparation. Impact per sources: authenticated users with contributor-level ...
CVE-2023-47853
CVE-2023-47853 is a Stored XSS in the WordPress plugin myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin. The vulnerability stems from improper neutralization of input during web page generation, enabling attackers to inject scripts. Affected versions are up to 2.6.1; the iss...
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin < 2.5.1 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin = 1.0.15 versions...
Malicious Package
Overview profile-nft-gamification is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Cybersecurity Issues in the Gaming Industry Portend Metaverse Challenges
The metaverse has greatly expanded the threat landscape. As industries gamify, gaming’s cybersecurity issues become a checklist for the future...
Gamification of Ethical Hacking and Hacking Esports
While ethical hacking is by no means a new or groundbreaking practice, the scale at which organizations and individuals are undertaking such initiatives continues to intensify, especially considering recent events such as the log4j vulnerability. Traditionally, ethical hacking is undertaken by...
Malicious code in profile-nft-gamification (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37710620e91bbba317c045b70e448937826b6a44304c5e388dc97727a4b9da57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Hacktory platform packed with new game-playing features
Without practice, theory is dead. Applied knowledge is essential in any area, especially in cybersecurity, and practice is the only way to make learning worthwhile. There are so many courses to fit any demand. However, boring lectures, outdated textbooks, and vague, complex tasks become obstacles...
Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
A dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can be used as a real-time situational awareness tool to gather threat intelligence information. The misp-dashboard includes a gamification tool to show the contributions of each...
Rethinking cyber scenarios—learning (and training) as you defend
In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I...
GHSA-769F-539V-F5JG PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some gamification module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some gamification module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...
Rethinking cyber learning—consider gamification
As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and...
Gamification Can Transform Company Cybersecurity Culture
Chief information security officers CISOs of Global 2000 enterprises have one of the toughest jobs in the world, defending their organization’s cyberspace and being the guardian of its assets and private information. But CISOs also have a second, even bigger problem: Their own company employees...
On Surveillance in the Workplace
Data & Society just published a report entitled "Workplace Monitoring & Surveillance": This explainer highlights four broad trends in employee monitoring and surveillance technologies: Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed...
Intentionally Insecure Webapp for Security Training: OWASP Juice Shop
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. It was the first application written entirely in JavaScri...
Hacker's Dome - Gamification the Information Security
When it comes to Information Security, there's a great way to learn, train and keep sharp your skills. This can be done using gamification mechanics to speed up the learning curve and improve retention rate. Capture The Flag competitions use gamification mechanics and represent one of the best wa...
Hack Battle at 'The Hacker Conference 2013' with CTF365
The Hacker Conference partnered up with CTF365 to provide the best CTF experience during the conference. While trying to find out more about their product and also about their CTF surprise, I got an interview with Marius Corici Co-founder and CEO for CTF365. Q: November 2012 was when you first...
Hack Battle at 'The Hacker Conference 2013' with CTF365
The Hacker Conference partnered up with CTF365 to provide the best CTF experience during the conference. While trying to find out more about their product and also about their CTF surprise, I got an interview with Marius Corici Co-founder and CEO for CTF365. Q: November 2012 was when you first...