Lucene search
K

402 matches found

Akamai Blog
Akamai Blog
added 2022/04/26 7:1 p.m.18 views

Reaching the Convergence of Security and Productivity

It’s all too common that IT security tools and practices come at the cost of productivity. Even physical security has this trade-off. There would be no rush to arrive at the airport an hour early if it weren’t for the extensive security measures that flying entails. As a result of this trade-off,...

6.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/04/24 12:0 a.m.11 views

Unified Cybersecurity Platform: Why CISOs are Shifting

Our global study polled more than 2,300 IT security decision makers to discover how to best assist and support SecOps teams with a unified cybersecurity platform so you can be more resilient with less resources...

2.2AI score
Exploits0
ThreatPost
ThreatPost
added 2022/04/19 5:29 p.m.63 views

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing...

9.3CVSS9.2AI score0.9857EPSS
Exploits33References1
Imperva Blog
Imperva Blog
added 2022/04/06 3:34 p.m.19 views

Ethical Hacking and Penetration Testing. Where to Begin.

Looking at the employment landscape, it’s clear that prospects for landing cybersecurity positions are excellent and on the rise, but what about the commercial viability of that “grey side-gig”, ethical hacking and penetration testing? While the notion of “being bad to help the good people” is...

Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/04/01 5:26 p.m.21 views

An integrated approach to security audits

A cyberattack can be devastating to any organization because it compromises sensitive data and, as a result, the financial position, strategic vision, and more important, the trust and credibility that the enterprise has built over the years. Given the magnitude of this risk, what role does the I...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/10 2:0 p.m.126 views

Multi-Ransomwared Victims Have It Coming–Podcast

You hate to blame the victim, but the fact of the matter is that businesses are just asking to get whacked with ransomware multiple times. A recent study of IT leaders from cloud-native network detection and response firm ExtraHop shows that businesses aren’t even aware of the “attack me,” “easy...

8.5AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/02/01 2:0 p.m.58 views

Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities

Living-off-the-land binaries LOLBins are no joke: Cyberattackers have been increasingly making use of them to hide their malicious work from security solutions. It’s time for threat hunters and IT security staff to familiarize themselves with how these are used in the attack chains of some of the...

8.6AI score
Exploits0References12
The Hacker News
The Hacker News
added 2022/01/26 1:0 p.m.28 views

Webinar: How to See More, But Respond Less with Enhanced Threat Visibility

The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond...

0.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/01/21 11:58 p.m.34 views

Incorrect Default Permissions and Improper Access Control in snipe-it

snipe-it is vulnerable to Improper Access Control/Incorrect Default Permissions...

6.3CVSS4.4AI score0.00639EPSS
Exploits1References5Affected Software1
HackRead
HackRead
added 2022/01/11 2:3 a.m.16 views

Indian APT exposes its Modus Operandi by infecting their own devices

By Waqas The IT security researchers at Malwarebytes have published a report revealing details of an ironic incident involving Patchwork… This is a post from HackRead.com Read the original post: Indian APT exposes its Modus Operandi by infecting their own devices...

3.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/12/08 6:0 p.m.21 views

New research shows IoT and OT innovation is critical to business but comes with significant risks

The need for much improved IoT and operational technology OT cybersecurity became clearer this year with recent attacks on network devices,1 surveillance systems,2 an oil pipeline,3 and a water treatment facility,4 to name a few examples. To better understand the challenges customers are facing,...

0.2AI score
Exploits0
NVD
NVD
added 2021/12/06 9:15 p.m.13 views

CVE-2021-4075

snipe-it is vulnerable to Server-Side Request Forgery SSRF...

7.2CVSS0.00893EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2021/11/30 2:37 p.m.12 views

New Hub for Lean IT Security Teams

One of the harsh realities of cybersecurity today is that malicious actors and attackers don’t distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/29 4:38 p.m.13 views

It’s a Wrap! QSC 2021 Las Vegas Laid Out Problems, Solutions and Innovation

Although organizations have made moves toward it for years, digital transformation, in a way, has only just begun. The pandemic may have accelerated migration to the cloud but going forward business will drive continued transformation—and innovation. But to get the most out of the investments in...

7.3AI score
Exploits0
OSV
OSV
added 2021/11/13 9:15 a.m.11 views

CVE-2021-3931

snipe-it is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS6.9AI score
Exploits0References2
Packet Storm
Packet Storm
added 2021/10/06 12:0 a.m.294 views

G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation

DATA Anti-Virus: Abusing OpenSSL to get local admin Metadata =================================================== Release Date: 05-Oct-2021 Author: Florian Bogner @ https://bee-itsecurity.at Affected product: G Data’s Security Client “EndpointProtection Enterprise” Fixed in: all versions after...

0.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/08/18 11:24 a.m.20 views

HolesWarm Malware Exploits Unpatched Windows, Linux Servers

By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between...

7.4AI score
Exploits0References3
CVE
CVE
added 2021/08/17 7:7 p.m.61 views

CVE-2021-3619

CVE-2021-3619 affects Rapid7 Velociraptor up to version 0.5.9. It is a post-authentication persistent XSS vulnerability where an authenticated user could abuse MIME type sniffing to embed executable code via a malicious upload. The issue was fixed in version 0.6.0. Note that Velociraptor login ri...

4.8CVSS4.4AI score0.00578EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/17 7:7 p.m.25 views

CVE-2021-3619 Rapid7 Velociraptor Notebooks Authenticated Persistent XSS

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting XSS issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to...

3.5CVSS5.2AI score0.00578EPSS
Exploits0References2
NVD
NVD
added 2021/07/22 7:15 p.m.20 views

CVE-2021-3619

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting XSS issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to...

4.8CVSS0.00578EPSS
Exploits0References2
Rows per page
Query Builder