Lucene search
K

784 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/08/16 1:0 p.m.11 views

Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture

Building a resilient cybersecurity culture is crucial in today's digital landscape. The recent Rapid7 Take Command Summit session titled "Commander in Chief: Enhancing Cybersecurity Culture" offered valuable insights into fostering a strong security mindset within organizations. Here are three ke...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/08/14 1:43 p.m.7 views

Increasing transparency in cloud security: Wiz is now a CVE Numbering Authority (CNA)

Our next steps and hope for the industry...

7.3AI score
Exploits0
HackRead
HackRead
added 2024/08/07 8:21 p.m.5 views

Atari Asteroids Hack Sparks Debate on Blockchain Gaming Transparency

Ataris Asteroids game was exposed as a fake "on-chain" experience. Stackr Labs reveals how the games leaderboard was…...

7.3AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2024/08/05 1:0 a.m.9 views

Video with alpha transparency on the web

I've been helping some teams at Shopify improve page load performance, and the issue of 'videos with an alpha channel' kept coming up, where videos of UI mocks needed to be composited on top of inconsistent backgrounds, such as larger CSS backgrounds. Often a good solution here is to create the...

6.4AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2024/08/05 1:0 a.m.12 views

Video with alpha transparency on the web

I've been helping some teams at Shopify improve page load performance, and the issue of 'videos with an alpha channel' kept coming up, where videos of UI mocks needed to be composited on top of inconsistent backgrounds, such as larger CSS backgrounds. Often a good solution here is to create the...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/24 12:1 p.m.23 views

How a Trust Center Solves Your Security Questionnaire Problem

Security questionnaires aren't just an inconvenience — they're a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate securi...

6.4AI score
Exploits0
HackRead
HackRead
added 2024/07/16 12:38 p.m.9 views

ZDI Slams Microsoft for Not Crediting It in Last Week’s Patch Tuesday

Microsoft faces backlash from Zero Day Initiative ZDI and security researchers over lack of transparency in vulnerability disclosure…...

7.4AI score
Exploits0
MSRC
MSRC
added 2024/06/27 7:0 a.m.26 views

Toward greater transparency: Unveiling Cloud Service CVEs

Welcome to the second installment in our series on transparency at the Microsoft Security Response Center MSRC. In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities,...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/07 4:26 p.m.14 views

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places theyve been ...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2024/06/01 1:55 p.m.41 views

HackerOne: [ Spot Check ] Team members can edit a user's write-up

Team members could edit a user's spot check write-up. The write-up could be modified through a GraphQL request, even though there was no option to edit the write-up in the user interface. This was considered unintended functionality, as HackerOne had previously fixed vulnerabilities where team...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/24 11:7 a.m.14 views

On the Zero-Day Market

New paper: "Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market": Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike an...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/15 1:0 p.m.14 views

AI Trust Risk and Security Management: Why Tackle Them Now?

Co-authored by Sabeen Malik and Laura Ellis In the evolving world of artificial intelligence AI, keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges tha...

7.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/14 3:32 p.m.8 views

com.appmattus.certificatetransparency:certificatetransparency (>=0.3.0 <=1.1.1), com.appmattus.certificatetransparency:certificatetransparency-android (>=0.3.0 <=1.1.1) +27 more potentially affected by CVE-2024-30171 via org.bouncycastle:bctls-jdk15to18 (>=1.66 <=1.70)

org.bouncycastle:bctls-jdk15to18 MAVEN version =1.66, =0.3.0, =0.3.0, =2.0.0, =1.0.0, =1.0.0, =5.23.1, =3.8.1, =1.9.1, =1.0.0-LOCAL, =1.0.0, =2.15.1, =1.0.2, =1.8.1, =1.8.6 and more Source cves: CVE-2024-30171 Source advisory: OSV:GHSA-V435-XC8X-WVR9...

5.9CVSS6.5AI score0.00901EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/08 1:0 p.m.17 views

Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council

The effort aims to help close gender and racial pay gaps Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council BWWC. The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial wage...

7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 7:15 a.m.39 views

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...

7.8CVSS7.8AI score0.09905EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2024/04/24 9:24 a.m.45 views

CISO Perspectives on Complying with Cybersecurity Regulations

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance i...

7.3AI score
Exploits0
OSV
OSV
added 2024/04/12 7:17 a.m.19 views

BIT-COSIGN-2024-29903 Cosign vulnerable to machine-wide denial of service via malicious artifacts

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

7.5CVSS5.7AI score0.00851EPSS
Exploits1References6
NVD
NVD
added 2024/04/10 11:15 p.m.18 views

CVE-2024-29902

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

5.9CVSS4.7AI score0.00658EPSS
Exploits0References5
OSV
OSV
added 2024/04/10 10:30 p.m.13 views

CVE-2024-29903 Cosign vulnerable to machine-wide denial of service via malicious artifacts

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

4.2CVSS5.5AI score0.00851EPSS
Exploits1References7
OSV
OSV
added 2024/04/10 10:28 p.m.22 views

CVE-2024-29902 Cosign vulnerable to system-wide denial of service via malicious attachments

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

4.2CVSS5.3AI score0.00658EPSS
Exploits0References7
Rows per page
Query Builder