scuba-tw.com Cross Site Scripting vulnerability OBB-4043327

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

The U.S. Cybersecurity and Infrastructure Security Agency CISA has issued Binding Operational Directive BOD 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications SCuBA secure configuration baselines. "Recent cybersecurity...

CISA Publishes SCuBA Hybrid Identity Solutions Guidance

CISA has published Secure Cloud Business Applications SCuBA Hybrid Identity Solutions Guidance HISG to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions. This initial publication reflec...

CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

Today, CISA released the draft Secure Cloud Business Applications SCuBA Google Workspace GWS Secure Configuration Baselines and the associated assessment tool ScubaGoggleslink is external for public comment. The draft baselines offer minimum viable security configurations for nine GWS services:...

scuba-pag.com Improper Access Control vulnerability OBB-3810383

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

scuba-adventures.eu Cross Site Scripting vulnerability OBB-3048440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CISA Requests for Comment on Microsoft 365 Security Configuration Baselines

CISA has issued requests for comment RFCs on eight Microsoft 365 security configuration baselines as part of the Secure Cloud Business Application SCuBA project to secure federal civilian executive branch agencies’ FCEB cloud environments. The baselines: • Build on and integrate previous security...

A Bootiful Podcast: Spring and Java community legend Marten Deinum

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to longtime Spring community member and legend Marten Deinum @mdeinum about scuba diving, software, Spring, community, and more. Also: I fixed the odd silence in the middle of the last few episodes! thanks for suffering through it...

CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment

CISA has released draft versions of two guidance documents—along with a request for comment RFC—that are a part of the recently launched Secure Cloud Business Applications SCuBA project: Secure Cloud Business Applications SCuBA Technical Reference Architecture TRA Extensible Visibility Reference...

Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had

Identifying and taking action to stop policy-violating behavior is hard enough when you have complete insight into the risks affecting your data repositories. It is virtually impossible to achieve security, however, when you cannot even see these risks to your data repositories. Unfortunately, to...

scuba-blue.it Cross Site Scripting vulnerability OBB-2380190

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

scuba-diving.focus.tv Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1031814 Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting scuba-diving.focus.tv...

scuba-training.net XSS vulnerability

Open Bug Bounty ID: OBB-601730 Description| Value ---|--- Affected Website:| scuba-training.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...

Diving Log 6.0 - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Exploit Title: Diving Log 6.0 XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version...

Diving Log 6.0 XML External Entity Injection

Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...

Diving Log 6.0 - XML External Entity Injection

Diving Log 6.0 - XML External Entity Injection + Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt...

Five Tips for Getting Started with Scuba Database Vulnerability Scanner

Scuba is a free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels, that allows you to uncover potential database security risks. It includes more than 2,300 assessment tests for Oracle, Microsoft SQL Server, SAP Sybase, IBM D...

scuba-aquatec.com XSS vulnerability

Open Bug Bounty ID: OBB-206700 Description| Value ---|--- Affected Website:| scuba-aquatec.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Security the Facebook Way

Protecting the internal network as well as the users of Facebook is an unenviable task. Facebook users constantly are the target of all manner of phishing, malware and other attacks, and the company’s own network is a major prize for attackers, as well. To help better defend those assets,...