Top 16 cloud security experts you should follow in 2023

Handpicked by our research team: The annual list of 16 thought leaders you need on your feed...

Malicious Package

Overview pino-deploy is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Trellix · July 19, 2022 This blog was also written by Chintan Shah Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned...

Elasticsearch Database Mess Up Exposed Login, PII Data of 30,000 Students

By Deeba Ahmed The misconfigured Elasticsearch database apparently belonged to the US-based software solution provider Transact Campus. SafetyDetectives’ cybersecurity research team… This is a post from HackRead.com Read the original post: Elasticsearch Database Mess Up Exposed Login, PII Data of...

Qualys Research Wins Two 2021 Pwnie Awards

The Qualys Research team won two Pwnie Awards today at Black Hat USA 2021 for discovering and responsibly disclosing these new vulnerabilities: Best Privilege Escalation Bug and Most Under-Hyped Research. The Qualys Research team received these awards: Best Privilege Escalation Bug Heap-based...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350

Today, we are excited to release the second report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500

Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not...

Related vulnerabilities have now been patched: the Orvibo smart home devices disclosure of user information-bug warning-the black bar safety net

From Orvibo aspect to understand, this relates to the information disclosure of the security vulnerability has now been fixed, and the user information of the protection level, at the same time they also want and professional information security research team into cooperation with the protection...

Security Bulletin: Official Statement On Spectre and Meltdown

Summary IBM Security statement on the Spectre and Meltdown vulnerabilities Vulnerability Details As many clients are likely aware of by now, 2 major security flaws impacting chipsets across the PC and mobile spectrums have unfolded over the last day or so. Meltdown Intel only and Spectre...

Security Glitch in IoT Camera Enabled Remote Monitoring

Swann has patched a flaw in its connected cameras that would allow a remote attacker to access their video feeds. A research team, consisting of Andrew Tierney, Chris Wade and Ken Munro from Pen Test Partners, as well as security researchers Alan Woodward, Scott Helme and Vangelis Stykas, develop...

WordPress Advance Search for WooCommerce plugin <= 1.0.9 - Stored Cross-site scripting (XSS) vulnerability

Stored Cross-site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Advance Search for WooCommerce plugin versions = 1.0.9. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

Bitdefender - Cross Site Request Forgery Vulnerability

Document Title: =============== Bitdefender - Cross Site Request Forgery Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2040 Video: https://www.youtube.com/watch?v=jnNa4i01aok Release Date: ============= 2017-02-28 Vulnerability Laboratory ID VL-ID:...

NVV Ticket Krauth ATM - (NaN) Devide by Zero Vulnerability

Document Title: =============== NVV Ticket Krauth ATM - NaN Devide by Zero Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1837 View Video: https://www.youtube.com/watch?v=iIT4gcboKjk Release Date: ============= 2016-04-25 Vulnerability Laboratory ID VL-ID...

PayPal Bug Bounty #121 - Bypass & Persistent Vulnerability

Document Title: =============== PayPal Bug Bounty 121 - Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1696 Video: https://www.youtube.com/watch?v=ilLmbVC7RVY Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1627 Release...

PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.030420222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015...

Ebay Inc Magento #10 - Persistent Filename Vulnerability

Document Title: =============== Ebay Inc Magento 10 - Persistent Filename Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1458 Video: https://www.youtube.com/watch?v=WffsHd8pibE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1457 EIBBP-31603...

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...

FastStone Image Viewer 5.3 - .tga Crash (PoC)

FastStone Image Viewer 5.3 - .tga Crash PoC Exploit Title : FastStoneImage Viewer Corrupted tga IMAGESPECIFICATION.Width Crash POC Product : FastStoneImage Viewer Date : 25.02.2015 Exploit Author : ITDefensor Vulnerability Research Team http://itdefensor.ru/ Software Link :...

Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC)

Winamp 5.666 build 3516 - Corrupted .flv Crash PoC Exploit Title : Winamp 5.666 build 3516 'f263.w5s' Corrupted flv Crash POC Product : Winamp 5.666 build 3516 Date : 12.12.2014 Exploit Author : ITDefensor Vulnerability Research Team http://itdefensor.ru/ Software Link :...