119 matches found
GHSA-X8JH-XJ3X-GX3C vulnerabilities
Vulnerabilities for packages: nushell...
CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...
CVE-2024-47883
CVE-2024-47883 affects the OpenRefine fork of the MIT Simile Butterfly server. The Butterfly framework uses java.net.URL to load local resources (images/templates). Before version 1.2.6, if a file:/ URL is supplied where a relative resource name is expected, some code paths accept it and fetch th...
Microsoft SQL Server Masked Data Exposure
Title: SQL Server Masked Data Exposure Through Brute Force Attack Product: Database Manufacturer: Microsoft Affected Versions: SQL Server 2014, 2016,2017,2019,2022 Tested Versions: SQL Server 2014, 2016,2017,2019,2022 Risk Level: Low Security Feature: Dynamic Data Masking Author of Advisory: Emad...
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control SAC is a cloud-powered security feature introduced by...
What is an Infosec Audit and Why Does Your Company Need One?
By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need One?...
What is an Infosec Audit and Why Does Your Company Need One?
By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need One?...
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM
It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for...
Improper Certificate Validation
meshcentral is vulnerable to Improper Certificate Validation. The vulnerability is due to the disabling of certificate verification in HTTPS connections by setting rejectUnauthorized to false, and utilizing outdated and insecure TLS versions known for security weaknesses; also use of algorithms...
Ransomware reinfections on the rise from improper remediation
Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware--the most dangerous malware in the world--and theyll be blunt: Theyd do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe, forcin...
Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?
Active Directory AD is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measure...
Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered
Two new security weaknesses discovered in several electric vehicle EV charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing th...
VMware tackles security flaws in ESXi and vRealize
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware addressed security weaknesses to address a critical-severity vulnerability affecting ESXi, Workstation, Fusion, and Cloud Foundation, as well as a critical-severity command injection flaw...
The vulnerability of the Microsoft Advertising Universal Event Tracking (UET) plugin in the WordPress content management system allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Microsoft Advertising Universal Event Tracking UET plugin for WordPress content management systems exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...
Hackers Using Malicious OAuth Apps to Take Over Email Servers
Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't...
Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program
A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. There are...
Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core...
Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
The popular protocol for radio controlled RC aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. ExpressLRS is an open-source long range radio link for RC applications, such as first-person view FPV drones. “Designed to be the best FPV Racing...
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...