181 matches found
SAP S4CORE 安全漏洞
SAP S4CORE is an application for managing procurement contracts from SAP. SAP S4CORE suffers from an information disclosure vulnerability that stems from a lack of authorization checks, which can be exploited by an attacker to cause information disclosure...
CISA: Key Secure by Demand Elements for Operational Technology Fact Sheet
This fact sheet addresses key elements for operational technology OT owners and operators to consider when purchasing digital products that automate physical processes, e.g. programmable logic controllers PLCs, human-machine interfaces HMIs, and remote terminal units RTUs. CISA strongly advises...
SAP S4CORE 安全漏洞
SAP S4CORE is a Managed Procurement Contracts application from SAP, Germany. A security vulnerability exists in SAP S4CORE that originates from data tampering and could result in the modification of entity sets and compromise application integrity...
CISA: Secure by Demand: Priority Considerations
This is CISA's Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. This guide is intended to help owners and operators procure Operational Technology OT products, particularly industrial automation and control system products,...
CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify...
ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies
Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre ASD ACSC, and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologieslink is external. Partners that provided recommendations in this...
SAP S/4HANA 跨站脚本漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A cross-site scripting vulnerability exists in SAP S/4HANA that stems from weak coding of user control inputs and e-procurement on SAP S/4HANA that allows the execution of...
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd Russia and SmartApe Estonia,...
ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies
Today, the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC, together with CISA, the Canadian Centre for Cyber Security CCCS, the United Kingdom’s National Cyber Security Centre NCSC-UK, and the New Zealand National Cyber Security Centre NCSC-NZ are releasing the...
Ecommerce-CodeIgniter-Bootstrap 安全漏洞
Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in Ecommerce-CodeIgniter-Bootstrap that stems from an arbitrary code execution vulnerability in the manageQuantitiesAndProcurement method of...
PT-2024-24229
Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da Description The issue allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders model.php component. This is ...
German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies
German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor aka Generalbundesanwalt, but it includes Herwig F., Ina F., and Thomas R. "The suspects are...
procurementroundtable.org Cross Site Scripting vulnerability OBB-3904851
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
procurement.it Cross Site Scripting vulnerability OBB-3887941
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
healthcareprocurement.com Cross Site Scripting vulnerability OBB-3848700
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in optimize-procurement-and-inventory-with-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1d4a974419b1ab87d44f6d1c5cfd7fac97f037b476328f114d344113cf6bbd6f The OpenSSF Package Analysis project identified 'optimize-procurement-and-inventory-with-ai' @ 6.1.8 npm as malicious. It is considered maliciou...
Add Unique Asset Context with Custom Attributes in CSAM
There is no such thing as “too much context” when it comes to asset management. Continuous discovery and comprehensive, normalized asset data create the foundation for streamlined risk detection and response. The more reliable asset data a security team has, the better it can operationalize an...
Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military
An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. ...
SolarWinds and Market Incentives
In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the...
ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞
ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management modules...