Tag
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.
On Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.
Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.
Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving — or have moved — to requiring more secure authentication as well. Is your company ready?
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. It seems like there’s at least one major password breach every month — if not more. Most recently, there was an incident at Plex where all users had to reset their passwords. Many users pay for a password management service — which is something I’ve talked about a ton for Talos. But even those aren’t a one-size-fits-all solution. LastPass, one of the most popular password management services, recently suffered a breach of their own internal development environment, though as of right now, it doesn’t appear like any users’ primary passwords were compromised. This got me curious about how people prefer to manage their passwords, so I threw up a poll on our Twitter asking our readers how they managed their passwords. Paid password management services like LastPass and 1Password were the most popular response, followed by web browser-based managers like the ones Chrome and Safari offer. Several o...
The initial access broker (IAB) for ransomware gangs known as UAC-0098 has targeted Ukrainian organizations in five separate phishing campaigns spanning April to August.