Lucene search
K

157 matches found

The Coalfire Blog
The Coalfire Blog
added 2020/04/03 7:30 p.m.61 views

The HITRUST shared responsibility matrix – the assessor’s point of view

HITRUST® announced the availability of the new Shared Responsibility Program and MatrixTM Version 1.0 to help communicate and assign security and privacy responsibilities between cloud service providers CSPs and their customers. Coalfire is proud that we helped develop the Matrix as part of the...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/03/26 3:0 p.m.30 views

How to Do More with Less — a CISO’s Perspective

I’ve learned a ton of lessons over my years in the InfoSec world. I’ve made a lot of the right calls, but also a bunch of wrong ones. One of the lessons I have learned is how to operate in an environment of scarcity. This lesson started long before my career did. Growing up, I was the child of a...

7.4AI score
Exploits0
NVD
NVD
added 2020/02/07 11:15 p.m.18 views

CVE-2020-8812

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...

5.4CVSS5.5AI score0.00606EPSS
Exploits1References1
OSV
OSV
added 2020/02/07 11:15 p.m.7 views

CVE-2020-8812

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...

5.4CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2020/02/07 11:15 p.m.12 views

Code injection

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...

3.5CVSS5.5AI score0.00606EPSS
Exploits1References1Affected Software1
Schneier on Security
Schneier on Security
added 2019/09/20 2:34 p.m.37 views

A Feminist Take on Information Privacy

Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us...

7.3AI score
Exploits0
MSRC
MSRC
added 2019/09/18 10:54 p.m.86 views

Meet the BlueHat Content Advisory Board

We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their industry and speaker experience to create the BlueHat agenda that’s the right mix of topics and...

1.7AI score
Exploits0
Penetration Testing Lab
Penetration Testing Lab
added 2019/09/04 10:43 a.m.77 views

Microsoft Exchange – Domain Escalation

Microsoft Exchange servers are a high valuable target for red teams as they are the main entry point for the majority of the external attacks. From the internal perspective and if initial foothold to the network has been already achieved can allow a user to obtain privileges that would allow him ...

4.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/07/22 8:36 a.m.57 views

Let's Destroy Democracy

Election security through an adversary's eyes By Matt Olney. Executive summary Over the past few years, Cisco Talos has increasingly been involved in election security research and support, most recently supporting the Security Service of Ukraine in their efforts to secure the two Ukrainian...

6.9AI score
Exploits0
Citrix
Citrix
added 2019/05/14 12:0 a.m.13 views

XenServer Hardware Compatibility List Explained

This article provides an understanding of the Hardware Compatibility List HCL for Citrix Hypervisor and XenServer. This article also contains information about how products get qualified for inclusion in the HCL and what listing in the HCL represents from a support perspective. Background The...

6.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/05/09 8:25 p.m.131 views

Carbon Black Leaders Share the Best Advice They’ve Ever Received From Their Moms

Mother’s Day is on May 12 and right around the corner! In honor of all mothers and mother-figures, members of Carbon Black's leadership team shared advice and personal stories about the impact their mothers made on their own lives and careers. Victor Baez, VP of Worldwide Channel “Troubles come a...

Exploits0
ThreatPost
ThreatPost
added 2019/04/10 8:11 p.m.80 views

SAS 2019: Joe FitzPatrick Warns of the '$5 Supply Chain Attack'

SINGAPORE – At the Security Analyst Summit this year in Singapore, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, who led a session during the conference titled “A Measured Response to a Grain of Rice: An Implant in the Shell.” After a 2018...

7.1AI score
Exploits0References5
exploitpack
exploitpack
added 2019/03/25 12:0 a.m.38 views

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...

0.9AI score
Exploits0
Securelist
Securelist
added 2018/04/12 10:0 a.m.1162 views

APT Trends report Q1 2018

In the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on...

10CVSS0.4AI score0.99945EPSS
Exploits58
Imperva Blog
Imperva Blog
added 2017/12/20 4:30 p.m.16 views

Women in Tech and Career Spotlight: Inna Shalom

The latest in our series featuring women in tech at Imperva is my interview with Inna Shalom, the data insight team lead at Imperva. She spoke about her professional journey and experience working in the cybersecurity industry. Tell us how you got into cybersecurity. IS: I spent the first six yea...

6.7AI score
Exploits0
NVD
NVD
added 2017/12/11 5:29 p.m.24 views

CVE-2017-11319

Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...

8.8CVSS8.5AI score0.05564EPSS
Exploits4References2
Prion
Prion
added 2017/12/11 5:29 p.m.16 views

Input validation

Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...

6.5CVSS8.5AI score0.05564EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2017/12/11 5:0 p.m.64 views

CVE-2017-11319

CVE-2017-11319 applies to Perspective ICM Investigation & Case version 5.1.1.16, where an authenticated remote user can elevate privileges by abusing insufficient input validation and missing cross-server side checks. The root cause is described as inadequate validation in access-control pathways...

8.8CVSS8.4AI score0.05564EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2017/12/11 5:0 p.m.25 views

CVE-2017-11319

Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...

8.5AI score0.05564EPSS
Exploits4References2
CNVD
CNVD
added 2017/12/08 12:0 a.m.3 views

Perspective ICM Investigation Elevation of Privilege Vulnerability

Resolver Perspective ICM Investigation&Case is a suite of risk management software from Resolver Canada. A privilege extraction vulnerability exists in Resolver Perspective ICM Investigation&Case version 5.1.1.16. A remote attacker can exploit this vulnerability to change access rights and thereb...

8.8CVSS7.2AI score0.05564EPSS
Exploits4References1
Rows per page
Query Builder