157 matches found
The HITRUST shared responsibility matrix – the assessor’s point of view
HITRUST® announced the availability of the new Shared Responsibility Program and MatrixTM Version 1.0 to help communicate and assign security and privacy responsibilities between cloud service providers CSPs and their customers. Coalfire is proud that we helped develop the Matrix as part of the...
How to Do More with Less — a CISO’s Perspective
I’ve learned a ton of lessons over my years in the InfoSec world. I’ve made a lot of the right calls, but also a bunch of wrong ones. One of the lessons I have learned is how to operate in an environment of scarcity. This lesson started long before my career did. Growing up, I was the child of a...
CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...
CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...
Code injection
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...
A Feminist Take on Information Privacy
Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us...
Meet the BlueHat Content Advisory Board
We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their industry and speaker experience to create the BlueHat agenda that’s the right mix of topics and...
Microsoft Exchange – Domain Escalation
Microsoft Exchange servers are a high valuable target for red teams as they are the main entry point for the majority of the external attacks. From the internal perspective and if initial foothold to the network has been already achieved can allow a user to obtain privileges that would allow him ...
Let's Destroy Democracy
Election security through an adversary's eyes By Matt Olney. Executive summary Over the past few years, Cisco Talos has increasingly been involved in election security research and support, most recently supporting the Security Service of Ukraine in their efforts to secure the two Ukrainian...
XenServer Hardware Compatibility List Explained
This article provides an understanding of the Hardware Compatibility List HCL for Citrix Hypervisor and XenServer. This article also contains information about how products get qualified for inclusion in the HCL and what listing in the HCL represents from a support perspective. Background The...
Carbon Black Leaders Share the Best Advice They’ve Ever Received From Their Moms
Mother’s Day is on May 12 and right around the corner! In honor of all mothers and mother-figures, members of Carbon Black's leadership team shared advice and personal stories about the impact their mothers made on their own lives and careers. Victor Baez, VP of Worldwide Channel “Troubles come a...
SAS 2019: Joe FitzPatrick Warns of the '$5 Supply Chain Attack'
SINGAPORE – At the Security Analyst Summit this year in Singapore, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, who led a session during the conference titled “A Measured Response to a Grain of Rice: An Implant in the Shell.” After a 2018...
VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...
APT Trends report Q1 2018
In the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on...
Women in Tech and Career Spotlight: Inna Shalom
The latest in our series featuring women in tech at Imperva is my interview with Inna Shalom, the data insight team lead at Imperva. She spoke about her professional journey and experience working in the cybersecurity industry. Tell us how you got into cybersecurity. IS: I spent the first six yea...
CVE-2017-11319
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...
Input validation
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...
CVE-2017-11319
CVE-2017-11319 applies to Perspective ICM Investigation & Case version 5.1.1.16, where an authenticated remote user can elevate privileges by abusing insufficient input validation and missing cross-server side checks. The root cause is described as inadequate validation in access-control pathways...
CVE-2017-11319
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...
Perspective ICM Investigation Elevation of Privilege Vulnerability
Resolver Perspective ICM Investigation&Case is a suite of risk management software from Resolver Canada. A privilege extraction vulnerability exists in Resolver Perspective ICM Investigation&Case version 5.1.1.16. A remote attacker can exploit this vulnerability to change access rights and thereb...