108 matches found
EUVD-2023-56108
Malicious code in bioql PyPI...
EUVD-2023-56109
Malicious code in bioql PyPI...
EUVD-2023-56361
Malicious code in bioql PyPI...
Location Tracking App for Foreigners in Moscow
Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones. Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location Fingerprint Face photograph...
CVE-2023-51650
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...
CVE-2024-42361
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/monitorId/metric/metricFull endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection...
CVE-2024-55661
CVE-2024-55661 affects Laravel Pulse prior to 1.3.1. The vulnerability is triggered via the remember(callable $query, string $key = '') method in Laravel\Pulse\Livewire\Concerns\RemembersQueries, which allows an authenticated dashboard user to invoke arbitrary callables (functions or static metho...
Context is King: Using API Sessions for Security Context
There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of...
Rapid7 Recognized in Forrester’s 2024 Attack Surface Management (ASM) Wave Report
This week, Rapid7 was recognized as a Contender in Forrester’s report, The Forrester WaveTM: Attack Surface Management ASM Solutions Q3 2024. We’re proud to have been selected for inclusion in the report, which to us reflects a continued dedication to enabling customers to: Monitor 100% of their...
CVE-2024-42362
CVE-2024-42362 affects Hertzbeat, an open-source real-time monitoring system. It describes an authenticated (user role) remote-code-execution vulnerability via unsafe deserialization in /api/monitors/import. The issue is classified with a high impact (CVSS v3.1: 8.8) affecting confidentiality, in...
From Top Dogs to Unified Pack
Embracing a consolidated security ecosystem Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves...
The Emerging Role of AI in Open-Source Intelligence
Recently the Office of the Director of National Intelligence ODNI unveiled a new strategy for open-source intelligence OSINT and referred to OSINT as the "INT of first resort". Public and private sector organizations are realizing the value that the discipline can provide but are also finding tha...
From Top Dogs to Unified Pack
Embracing a consolidated security ecosystem Authored by Ralph Wascow Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber...
OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log Analyzer
Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your server logs. Stay ahead of potential threats with features that include: Features 1. Attac...
Code Keepers: Mastering Non-Human Identity Management
Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database quer...
CVE-2023-51388
Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...
Design/Logic Flaw
Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...
Deserialization of untrusted data
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2023-51389
CVE-2023-51389 affects Hertzbeat, a real-time monitoring system. The vulnerability resides at the /define/yml interface, where SnakeYAML is used to parse YAML without a security configuration, enabling YAML deserialization. Affects versions prior to 1.4.1; version 1.4.1 fixes the issue. The issue...
CVE-2023-51389 HertzBeat SnakeYAML Deser RCE
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...