Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2022-2890: Cross-site Scripting (XSS) - Stored in yetiforcecrm

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

CVE
Open in Source
#xss#web#google#git#java#php
CVE-2022-1340: YetiForce CRM ver. 6.4.0 (#16359) · YetiForceCompany/YetiForceCRM@2c14baa

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

Expiring Root Certificates Threaten IoT in the Enterprise

What happens when businesses' smart devices break? CSOs have things to fix beyond security holes.

CVE-2022-36198: Bus Pass Management System in Php | Bus Pass Management Project Using PHP

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php

Mimecast: Mitigating Risk Across a Complex Threat Landscape

Garret O’Hara of Mimecast discusses how companies can bolster security of their Microsoft 365 and Google Workspace environments, since cloud services often add complexity.

CVE-2022-30036: Pwning a $60,000 Lighting Console in a Few Minutes

MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability.

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch

Threat Roundup for August 12 to August 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 12 and Aug. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 2...

Google Fended Off Largest Ever Layer 7 DDoS Attack

By Waqas According to Google, the geographic distribution of the DDoS attack suggests that it might have been launched through… This is a post from HackRead.com Read the original post: Google Fended Off Largest Ever Layer 7 DDoS Attack

State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims

APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA.