1561 matches found
HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites
An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...
Managing Cyber Risk in 2023: The People Element
Explore the latest findings from Trend Micro’s Cyber Risk Index 1H’2022 and discover how to enhance cybersecurity risk management across the digital attack surface...
Introducing PEACH, a tenant isolation framework for cloud applications
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface...
UBUNTU-CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set...
Protect Your Network with Zero-Day Threat Protection
Explore the world of zero-day threats and gain valuable insight into the importance of proactive detection and remediation. Learn how Trend Micro™ Research mitigates risk by providing global cybersecurity intelligence to continuously discover the ever-changing attack surface, understand and...
When Being Attractive Gets Risky - How Does Your Attack Surface Look to an Attacker?
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This...
Top 3 Non-Technical Cybersecurity Trends for 2023
A strong cybersecurity strategy isn’t just about choosing the right tools. Cybersecurity experts Greg Young and William Malik discuss three non-technical cybersecurity trends for 2023 to help security leaders reduce cyber risk across the enterprise attack surface...
How a Unified Security Platform Protects the Cloud
Massive growth in cloud use has increased the enterprise attack surface. Addressing the risks with specialized point solutions is unwieldy, complex and can leave vulnerability gaps—driving many companies to seek a unified cyber security platform...
Siemens Parasolid out-of-bounds write vulnerability
Parasolid is a 3D geometric modeling tool that supports multiple techniques, including solid modeling, direct editing, and free-form surface/table modeling.An out-of-bounds write vulnerability exists in Siemens Parasolid, which can be exploited by attackers to execute code in the context of the...
A Secure Access Service Edge (SASE) Guide for Leaders
Discover the benefits of SASE in adopting modern security architectures to reduce cyber risk across the attack surface...
The Company You Keep – Preparing for supply chain attacks with Talos IR
Given the increasing frequency of supply chain attacks, the sophistication of those attacks, and the expansion of the attack surface beyond an organizations direct control, incident preparedness and response activities must be considered in the overall supply chain risk mitigation strategy. Suppl...
Attack Surface Management 2022 Midyear Review Part 3
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year...
Attack Surface Management 2022 Midyear Review Part 2
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year...
Hardening of TypedArrays with non-canonical numeric property names in SES
Impact What kind of vulnerability is it? Who is impacted? In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guarantee that objects are pure or immutable, so ...
GHSA-WHPX-Q3RQ-W8JC Hardening of TypedArrays with non-canonical numeric property names in SES
Impact What kind of vulnerability is it? Who is impacted? In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guarantee that objects are pure or immutable, so ...
CISA BOD 23-01: Meeting and Exceeding CISA Requirements with Qualys
The latest Binding Operational Directive from the Cybersecurity and Infrastructure Security Agency CISA BOD 23-01 requires agencies to implement an essential cybersecurity practice within the next 6 months. While this new mandate impacts agencies directly, it also impacts their supply chain...
Addressing the Evolving Attack Surface Part 1: Modern Challenges
Lately, we’ve been hearing a lot from our customers requesting help on how to manage their evolving attack surface. As new 0days appear, new applications are spun up, and cloud instances change hourly, it can be hard for our customers to get a full view of risk into their environments. We put...
Microsoft Windows Print Spooler Elevation of Privilege Vulnerability
Print Spooler is a print background processing service that manages all local and network print queues and controls all print jobs.An elevation of privilege vulnerability exists in Microsoft Windows Print Spooler, which stems from improper privilege assignment in the application and can be...
Secure Web Gateway (SWG) Security - SASE Part 3
Explore why secure web gateway SWG is important to effectively secure cloud resources and reduce cyber risk across the attack surface...
Detecting and preventing LSASS credential dumping attacks
Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...