13 matches found
[SECURITY] Fedora 43 Update: python-ezdxf-1.4.3-3.fc43
This Python package is designed to facilitate the creation and manipulation of DXF documents, with compatibility across various DXF versions. It empowers users to seamlessly load and edit DXF files while preserving all content, except for comments. Any unfamiliar DXF tags encountered in the...
Enhance the Machine Learning Algorithm Performance in Phishing Detection with Keyword Features
Recently, we can observe a significant increase of the phishing attacks in the Internet. In a typical phishing attack, the attacker sets up a malicious website that looks similar to the legitimate website in order to obtain the end-users' information. This may cause the leakage of the sensitive...
Chainlink's latestRoundData might return stale or incorrect results
Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...
UBUNTU-CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
CVE-2022-1726 Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory
Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2022-29972, has been codenamed "SynLapse" by researchers from Orca Security, who...
CVE-2020-36126
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment...
SCANdalous! (External Detection Using Network Scan Data and Automation)
Real Quick In case you’re thrown by that fantastic title, our lawyers made us change the name of this project so we wouldn’t get sued. SCANdalous—a.k.a. Scannah Montana a.k.a. Scanny McScanface a.k.a. “Scan I Kick It? Yes You Scan”—had another name before today that, for legal reasons, we’re...
Explained: data enrichment
How do your favorite brands know to use your first name in the subject line of their emails? Why do you seem to get discounts and special offers on products you've recently purchased? Businesses are able to personalize their marketing messages thanks to data enrichment. Data enrichment applies to...
Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution
Data governance has relied on transferring data to a third-party for hosting an archive service. Emails, documents, chat logs, and third-party data Bloomberg, Facebook, LinkedIn, etc. must be saved in a way that it can’t be changed and won’t be lost. Data governance is part of IT at the enterpris...
Top 5 Cybersecurity and Cybercrime Predictions for 2020
We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the...
Podcast: Chris Vickery on UpGuard's Discovery of Millions of Facebook Records
Data collection and security was thrust to the forefront this week after researchers with UpGuard disclosed that hundreds of millions of Facebook records were found in two separate publicly-exposed app datasets. The two publicly-exposed datasets included one controlled by Mexican media company...
Exploring the virtual worlds of advergaming
Games and analytics services ran into one another headfirst recently, in a spat related to the game Conan Exiles. Developers had to remove a tracking service, which allowed game developers to track where Steam players had come from. By generating an API key and integrating it into the game,...