Lucene search
K

402 matches found

Prion
Prion
added 2021/07/22 7:15 p.m.18 views

Cross site scripting

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting XSS issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to...

3.5CVSS4.9AI score0.00578EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2021/07/21 9:52 a.m.51 views

[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams

Today's cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can't prevent these attacks from happening, what ca...

Exploits0
Imperva Blog
Imperva Blog
added 2021/07/20 1:49 p.m.42 views

How to build a security-first culture with remote teams

If recent world events have driven an increase in the number of remote workers in your organization, you are now confronted by even more security challenges for already stretched security teams and busy IT departments. Sixty-one percent of CISOs are more concerned about security risks targeting...

7.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/09 3:57 p.m.35 views

How to Empower Employees to be Secure and Productive

How can CISOs make cybersecurity positive, productive, inclusive, and maintain best practices across the enterprise? -- Do your staff feel valued and important in their roles? More than 65 percent of employees report they do not feel recognized at work, and 31 percent say theyre "engaged but feel...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/07/02 12:0 a.m.7 views

Why SecOps Need A Cybersecurity Platform

Our global study polled more than 2,300 IT security decision makers to discover how to best assist and support SecOps teams so you can be more resilient...

2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/06/24 4:32 p.m.47 views

Top five insights from the 2021 CyberEdge Cyberthreat Defense Report

For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/21 12:0 a.m.233 views

CMS Made Simple 2.2.15 Shell Upload

1 Summary Affected software CMS Made Simple-2.2.15 Vendor URLhttp://www.cmsmadesimple.org/ Vulnerability File upload bypass with .phar extension lead to RCE 2 Vulnerability Description The vulnerability affect the FilePicker module, it is possible to bypass the restriction and upload a malicious...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/20 12:0 a.m.295 views

CMS Made Simple 2.2.15 SQL Injection

1 Summary Affected software CMS Made Simple-2.2.15 Vendor URLhttp://www.cmsmadesimple.org/ Vulnerability SQL injection 2 Vulnerability Description The affected software is vulnerable to SQL injection via the m1sortby POST parameter of the News module, reachable via the moduleinterface.php page. T...

0.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/03/15 4:0 p.m.172 views

5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats

As organizations connect massive numbers of IoT/OT devices to their networks to optimize operations, boards and management teams are increasingly concerned about the expanding attack surface and corporate liability that they represent. These connected devices can be compromised by adversaries to...

0.7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/03/11 5:0 p.m.52 views

The biggest challenges—and important role—of application security

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/03/02 9:27 p.m.56 views

Post-Cyberattack, Universal Health Services Faces $67M in Losses

The cyberattack that hit Universal Health Services UHS in September has cost the healthcare service provider a whopping $67 million in damages, according to financial statements. A fourth-quarter earnings report last week from UHS highlighted the “significant incremental labor expense” needed to...

0.7AI score
Exploits0References14
CVE
CVE
added 2021/02/21 11:5 p.m.70 views

CVE-2021-27513

The CVE-2021-27513 entry concerns EyesOfNetwork 5.3-10, where the module admin_ITSM allows remote authenticated users to upload arbitrary .xml.php files due to reliance on a client-side filter. Affected component: EyesOfNetwork 5.3-10 admin_ITSM; root cause: insufficient validation in the file-up...

8.8CVSS8.8AI score0.2839EPSS
Exploits2References2Affected Software1
The Hacker News
The Hacker News
added 2021/01/22 10:18 a.m.53 views

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work...

7.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/23 5:4 p.m.73 views

COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports. The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human...

0.4AI score
Exploits0References6
Securelist
Securelist
added 2020/09/30 3:15 p.m.39 views

SAS@Home is back this fall

The world during the pandemic prepares many surprises for us. Most of them are certainly unpleasant: health risks, inability to travel or meet old friends. One of these unpleasant surprises awaited us in the early spring, when the organizing team of the beloved SAS conference were forced to...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/09/23 11:6 p.m.43 views

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but the...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/09/04 5:23 p.m.48 views

Social Media: Thwarting The Phishing-Data Goldmine

Phishing attacks are on the rise and are more widespread — and successful — than ever before. They’ve gone way beyond mocked-up bank emails littered with malicious links although those are still around, too. Today’s hackers now target mobile users across multiple vectors, such as text and SMS...

Exploits0References6
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2020/09/03 3:7 p.m.23 views

The FBI Intrusion Notification Program

The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post in her story U.S. notified 3,000 companies in 2013...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2020/07/19 1:0 p.m.49 views

Bramble - A Hacking Open Source Suite

Bramble software has been designed for the bramble project. It incorporates many features of pentesting and IT Security. It's easy to use and completely editable. It allows beginners to learn hacking and gives more experienced users a customisable plug and play hacking tools so they can add their...

7.3AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2020/07/06 4:18 p.m.8 views

santinlivigno.it Cross Site Scripting vulnerability OBB-1217536

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rows per page
Query Builder