Lucene search
K

119 matches found

OSV
OSV
added 2020/06/22 6:15 p.m.2 views

CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...

9.8CVSS7.5AI score0.05392EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2020/06/03 5:0 p.m.26 views

Teaching from home might become part of every teachers’ job description

“Hey Joe, I wanted to remind you that starting next Monday you will be expected to teach from home. The lesson material is in your inbox along with the list of pupils that are expected to follow them. We are sure it will take some adjustments, but we trust that by working together we can make the...

6.6AI score
Exploits0
Kitploit
Kitploit
added 2020/05/13 12:33 a.m.74 views

Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce the second release of 2020, Kali Linux 2020.1.2 A quick overview of what’s new since January: KDE Plasma Makeover & Login PowerShell by Default. Kind of. Kali on ARM Improvements Lessons From The Installer Changes New Key Packages & Icons Behind the Scenes,...

7.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/03/26 9:49 a.m.82 views

Tokyo Olympics Postponed, But 5G Security Lessons Shine

The 2020 Summer Olympics in Tokyo were officially postponed this week amid the ongoing, pandemic spread of the coronavirus that causes COVID-19. The Games will be moved to 2021, but in the meantime, technological innovation around the event will continue. More specifically, postponed or not, the...

6.5AI score
Exploits0References13
Malwarebytes
Malwarebytes
added 2020/02/14 5:32 p.m.64 views

Misleading cybersecurity lessons from pop culture: how Hollywood teaches to hack

In pop culture, cybercrimes are often portrayed as mysterious and unrealistic. Hackers are enigmatic and have extraordinary tech abilities. They can discover top secrets in a short time and type at breakneck speed to hack into a database. In real life, though, hacking is not that straightforward...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/02/12 2:0 p.m.37 views

Report to Your Management with the Definitive ‘IR Management and Reporting’ presentation Template

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...

0.2AI score
Exploits0References4
The Hacker News
The Hacker News
added 2020/02/12 1:30 p.m.69 views

Download: Definitive 'IR Management and Reporting' Presentation Template

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/10 8:25 a.m.27 views

Introducing Cisco Talos Incident Response: Stories from the Field

By Jon Munshaw. As another way of bringing our boots-on-the-ground intelligence to defenders, customers and users, we are introducing a new video series called "Cisco Talos Incident Response: Stories from the Field." In each entry, a CTIR team member will cover one specific incident or lesson tha...

1.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/12/23 2:0 p.m.42 views

Podcast: What We've Learned from the Year of the Breach

This podcast is sponsored by Arctic Wolf. Large-scale data breaches hitting organizations like Capital One and Georgia Tech in 2019 show that companies continue to be targeted in malicious cyberattacks that expose customers’ personal data and valuable records. Threatpost host Cody Hackett sat dow...

0.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/11/08 6:31 p.m.55 views

Art Imitates Life: Lessons from the Final Season of Mr. Robot

Fair warning: if you aren’t caught up, there are spoilers for the first episode of the final season of Mr. Robot below. It’s an alien sensation to be watching the fourth and final season of Mr. Robot as a civilian: having worked as a technical consultant for the first three seasons of the show,...

Exploits0References8
Wallarm Lab
Wallarm Lab
added 2019/10/18 9:8 p.m.14 views

WAF-Based Attacks & The Future of Security

Understand WAFs and cybersecurity. Recent WAF-based breaches with CapitalOne, Imperva, and Cloudflare offer essential lessons we can learn from where WAF technology is failing us and what can we do to improve our security. The post WAF-Based Attacks & The Future of Security appeared first on...

3.7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/10/16 1:0 p.m.53 views

New Presentation Template: Incident Response Reporting for Management

Every security professional knows it’s only a matter of time before their organization is breached. And even though most security-conscious organizations have implemented procedures and products to facilitate the incident response process, many security decision-makers find much more of a challen...

Exploits0References4
The Coalfire Blog
The Coalfire Blog
added 2019/08/21 7:13 p.m.92 views

When Checking the Box Results in Two Zero Days and Root (CVE-2019-14257 and CVE-2019-14258)

Finding new bugs and exploiting them can be exciting and fun for a penetration tester. I was ecstatic to find my first two zero-days, and I used them to break a system from no access to root. This was a good day for me - but the story behind the story provides some real lessons enterprises can...

2.4AI score0.01729EPSS
Exploits2
Schneier on Security
Schneier on Security
added 2019/02/15 12:33 p.m.65 views

Reconstructing SIGSALY

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/19 12:0 p.m.57 views

Congressional Report on the 2017 Equifax Data Breach

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my...

1.2AI score
Exploits0
MSRC
MSRC
added 2018/09/07 7:0 a.m.8 views

Inside MSRC: Sharing Our Story & Customer Tips

For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2018/08/02 3:44 p.m.19 views

Podcast: Breaking Down the COSCO Ransomware Attack

Last week, shipping giant COSCO China Ocean Shipping Company announced it was hit with a ransomware attack that crippled its U.S. operations. The company’s phone and email for its U.S. branch were down for five days, and have now been restored. Threatpost talks to Matt Tyrer with Commvault about...

0.2AI score
Exploits0References4
Schneier on Security
Schneier on Security
added 2018/06/04 11:33 a.m.41 views

E-Mail Vulnerabilities and Disclosure

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/03/19 12:16 p.m.14 views

A Mirai Botnet Postscript: Lessons Learned

The fall 2016 Mirai botnet compromised more than 300,000 IoT devices as part of a massive DDoS attack. After the crippling attack, Flashpoint and Akamai worked together with law enforcement to help bring those behind the botnet attack to justice. Threatpost’s Tom Spring sits down with Flashpoint’...

7.3AI score
Exploits0References1
Information Security Automation
Information Security Automation
added 2018/02/21 10:16 a.m.193 views

Tenable University: Nessus Certificate of Proficiency

Yesterday I finished "Nessus Certificate of Proficiency" learning plan at Tenable University and passed the final test. Here I would like to share my impressions. First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already...

6.9AI score
Exploits0
Rows per page
Query Builder