The art of being ungovernable

Welcome to this week's edition of the Threat Source newsletter. " It takes very little to govern good people. Very little. And bad people can't be governed at all. Or if they could, I never heard of it." ― Cormac McCarthy, No Country for Old Men Most of my career has been built on dichotomy:...

EUVD-2023-27047

Malicious code in bioql PyPI...

Getting a career in cybersecurity isn’t easy, but this can help

Welcome to this week's edition of the Threat Source newsletter. Happy summer, friends! I hope everyone is staying cool and/or warm. I am fresh back from an exhaustive but great time in San Diego at Cisco Live U.S. It was so good to see colleagues, meet new friends and pet many therapy dogs in the...

Cultivating Growth and Development at Rapid7

At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be as we work to build a more secure digital future. In a field where the threat landscape continues to evolve, continuous learning and the development of our people becomes an engine for company success and innovation...

Paying It Forward: Giving and Receiving Mentorship in Tech

I’ve never actually seen the 2000 romantic drama Pay It Forward , but the movie’s core idea has stayed with me since I first heard of it: The best way to repay a favor or good deed is to do one for someone else. You ‘pay it forward,’ and ask that person to do likewise, creating an expanding web o...

Find the helpers

Welcome to this week's edition of the Threat Source newsletter. "When I was a boy and I would see scary things in the news, my mother would say to me, 'Look for the helpers. You will always find people who are helping.'" ― Fred Rogers There's no world where following Mr. Roger's advice is wrong...

Cathal O’Neill - Taking Command of Your Career in Tech

Cathal O’Neill joined Rapid7 in 2023 as a Senior Engineering Manager, and he has since advanced to the role of Engineering Director. Reflecting on his career path, he says,“My journey into senior management has been a continual evolution, driven by both personal development and the desire to lead...

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...

BIT-MEDIAWIKI-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

Paving a Path to Systems Administration: Naeem Jones’ Journey with Rapid7

Prior to becoming a Systems Administrator at Rapid7, Naeem Jones entered his career in cybersecurity through the Hack. Diversity program. Hack.Diversity is a program that connects talented Black and Latin/x students and early-career professionals with organizations that are looking to build...

International Women’s Day: The power of diversity to build stronger cybersecurity teams

Women’s History Month is a special time for me as I reflect on all the great innovations women have made over the years. Women have driven technology forward throughout history. Notable women in cybersecurity like cryptologists Agnes Meyer Driscoll and Genevieve Grotjan Feinstein worked behind th...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

Sql injection

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

PT-2023-18788 · Mediawiki +1 · Growthexperiments +1

Name of the Vulnerable Software and Affected Versions: GrowthExperiments extension for MediaWiki versions 1.39 and earlier Description: The issue allows blocked users to enroll as mentors or edit their mentorship-related properties through the "growthmanagementorlist" API endpoint. This affects...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

CVE-2023-22945

The CVE-2023-22945 entry concerns MediaWiki’s GrowthExperiments extension (through version 1.39) where the growthmanagementorlist API permits blocked users (blocked via ApiManageMentorList) to enroll as mentors or edit any mentorship-related properties. This indicates an authorization check flaw ...

Talking to our Team about Cybersecurity Careers, on Ada Lovelace Day

Today’s Ada Lovelace Day, and this is a time to highlight the achievements of women in technology, engineering, science, and mathematics, and to encourage girls and women to pursue careers in STEM. Imperva Enterprise Account Managers, Leanora Weaver and Rebecca Kelly, both members of the Imperva...

Increasing Representation of Women in Security Research

Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Women's History Month we intentionally sought opportunities to engage with wome...

Increasing Representation of Women in Security Research

Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Womens History Month we intentionally sought opportunities to engage with women...