489 matches found
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
CVE-2020-24928
managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...
Design/Logic Flaw
managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Critical vulnerabilities found in popular Password Managers
By Sudais Asif In a study conducted by researchers from the University of York, 5 password managers were analyzed out of a total sample size of 19 in order to find vulnerabilities. This is a post from HackRead.com Read the original post: Critical vulnerabilities found in popular Password Managers...
Fill your Boots with credential stuffing protections
Yet again another company suffers a ‘hack’ that turns out to be nothing more than a credential stuffing attack. This time Boots have stopped customers using advantage card points to pay for products. This is after 600,000 Tesco accounts were compromised in the same way. No systems at Boots were...
Simplicity is the Key to Enterprise Cybersecurity
Editor’s Note: Sam Bocetta, a guest author on the VMware Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In today’s digital environment, companies are...
Password managers for all staff. Why the resistance?!
I’ve lost count of the number of times I’ve talked about passwords. I mention them in every talk I do. They are used in pretty much every service we test, they are the gatekeepers to our data, they are the protectors of our money and yet we still have not fixed them. As security professionals we...
Dashlane's Super Bowl Ad Proves Password Managers Have Arrived
A company you’ve never heard of is spending millions of dollars to let you know it can make your online life easier...
The vulnerability of the command-line tools for package managers NPM and Yarn allows a attacker to re-record any files in the target directory.
The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to rewrite any files in the target directory remotely...
The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.
The vulnerability of the command-line tools for package managers NPM and Yarn is related to errors in link handling. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module directory thenodemodules, or by manipulating...
Improve cyber supply chain risk management with Microsoft Azure
For years, Microsoft has tracked threat actors exploiting federal cyber supply chain vulnerabilities. Supply chain attacks target software developers, systems integrators, and technology companies. Tactics often include obtaining source code, build processes, or update mechanisms to compromise...
When can we get rid of passwords for good?
Or perhaps I should have asked, "Can we ever get rid of passwords for good?" The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or...
Maximizing Onboarding: Giving managers the skills for success
Managing teams come with challenges as well as rewards. Managers drive individual and team performance, and the best managers drive employee connection and engagement. Akamai believes that employees are our biggest asset; by effectively and efficiently integrating them into the...