Cyberthreats to financial institutions 2019: overview and predictions

Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cryptocurrency threat predictions for 2019 Introduction – key events in 2018 The past year has been extremely eventful in terms of the digital threats faced by financial institutions:...

GitLab: Add and Access to Labels of any Private Projects/Groups of Gitlab(IDOR)

Summary & Description : If you have a private project or private group then no non member should be able to access any information.But Adding Labels in your Private boards API request is vulnerable to IDOR attack which is leading to add private group/project labels and access it. Vulnerable Reque...

The AWS Exploitation Framework: Pacu

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

[SECURITY] Fedora 28 Update: systemd-238-10.git438ac26.fc28

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

[SECURITY] Fedora 29 Update: systemd-239-6.git9f3aed1.fc29

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code through user groups or template menus...

This Week in Security News: Toll Fraud & Small Business Struggles

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn why telecommunications fraud has turned into a multi-billion euro criminal industry. Also, understand what cybersecurity struggles sma...

Voice of the Customer: Walmart embraces the cloud with Azure Active Directory

Todays post was written by Sue Bohn, partner director of Program Management and Ben Byford and Gerald Corson, senior directors of Identity and Access Management at Walmart. Greetings! Im Sue Bohn, partner director of Program Management at Microsoft. Im an insatiable, lifelong learner and I lead t...

To Curb Terrorist Propaganda Online, Look to YouTube. No, Really.

Opinion: Despite YouTube’s crackdown, extremist groups are still exploiting other Google platforms...

Microsoft Office: Never allow users to specify groups when restricting permission for documents

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officeneverallowdls.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Document Info Beaconing UI Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Foxit PDF Reader JavaScript Engine Remote Code Execution Vulnerability (CNVD-2018-20721)

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A remote code execution vulnerability exists in the way the JavaScript engine in Foxit PDF Reader handles Optional Content Groups. A remote attacker...

Foxit PDF Reader Javascript Optional Content Group Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

store.musicgroups.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-680767 Description| Value ---|--- Affected Website:| store.musicgroups.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

CVE-2018-17377

SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter...

Sql injection

SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter...

Anti-Spoofing Controls Bypass

openstack-neutron is vulnerable to anti-spoofing controls bypass. Authenticated users using the ML2 plugin or the security groups AMQP API are able to set the deviceowner field to an arbitrary value starting with network: on networks they do not own. Setting the affected field before the security...

dr-michael-bohne.de XSS vulnerability

Open Bug Bounty ID: OBB-677031 Description| Value ---|--- Affected Website:| dr-michael-bohne.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Volume groups created by proxy got stuck in UI

Challenge When a Veeam Backup for Nutanix AHV backup job fails unexpectedly, or the backup proxy appliance is powered off for some reason manual power-off, hypervisor host crash, or any unexpected failure, you may get the volume groups created for backup purposes left in Prism Element and not...

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

LibreHealthIO LH-EHR SQL Injection Vulnerability

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. A SQL injection vulnerability exists in the Show Groups Popup SQL query function in the LibreHealthIO LH-EHR REL-2.0.0 release. A remote attacker can exploit the vulnerability to execute...