π Richsploit RichFaces Exploitation Toolkit π
π Go!
via "Security Tool Files β Packet Storm".
This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Richsploit RichFaces Exploitation Toolkit β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Microsoft Exchange Server Flaw Exploited in APT Attacks β
π Read
via "Threatpost".
A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.π Read
via "Threatpost".
Threat Post
Microsoft Exchange Server Flaw Exploited in APT Attacks
A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.
β Itβs not a breachβ¦ itβs just that someone else has your data β
π Read
via "Naked Security".
If you lose someone's data because of a configuration blunder that lets crooks in without any actual hacking... is that a "breach" or not?π Read
via "Naked Security".
Naked Security
Itβs not a breachβ¦ itβs just that someone else has your data
If you lose someoneβs data because of a configuration blunder that lets crooks in without any actual hackingβ¦ is that a βbreachβ or not?
ATENTIONβΌ New - CVE-2016-6918
π Read
via "National Vulnerability Database".
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-1159
π Read
via "National Vulnerability Database".
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-7342
π Read
via "National Vulnerability Database".
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.π Read
via "National Vulnerability Database".
π΄ Cyber Resiliency, Cloud & the Evolving Role of the Firewall π΄
π Read
via "Dark Reading: ".
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.π Read
via "Dark Reading: ".
Darkreading
Cyber Resiliency, Cloud & the Evolving Role of the Firewall
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.
π Federal Employees Worked to Defraud Govt Through Stolen Data π
π Read
via "Subscriber Blog RSS Feed ".
A one-time inspector general at the Department of Homeland Security was indicted on Friday on charges he conspired to steal the U.S. government's proprietary software and databases.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Federal Employees Worked to Defraud Govt Through Stolen Data
A one-time inspector general at the Department of Homeland Security was indicted on Friday on charges he conspired to steal the U.S. government's proprietary software and databases.
ATENTIONβΌ New - CVE-2015-7341
π Read
via "National Vulnerability Database".
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-7340
π Read
via "National Vulnerability Database".
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-7339
π Read
via "National Vulnerability Database".
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-7338
π Read
via "National Vulnerability Database".
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-1634
π Read
via "National Vulnerability Database".
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-1487
π Read
via "National Vulnerability Database".
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-4538
π Read
via "National Vulnerability Database".
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-3269
π Read
via "National Vulnerability Database".
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.π Read
via "National Vulnerability Database".
π΄ How Microsoft Disabled Legacy Authentication Across the Company π΄
π Read
via "Dark Reading: ".
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Operations recent news | Dark Reading
Explore the latest news and expert commentary on Cybersecurity Operations, brought to you by the editors of Dark Reading
β Spear-Phishing Attack Lures Victims With βHIV Resultsβ β
π Read
via "Threatpost".
Attackers are purporting to send victims HIV test results - but in reality are convincing them to download the Koadic RAT.π Read
via "Threatpost".
Threat Post
Spear-Phishing Attack Lures Victims With βHIV Resultsβ
Attackers are purporting to send victims HIV test results - but in reality are convincing them to download the Koadic RAT.
β Phone carriers may soon be forced to adopt anti-robocall tech β
π Read
via "Naked Security".
US carriers haven't been doing enough to block robocalls voluntarily. The Federal Communications Commission's response? Fine - we'll make you.π Read
via "Naked Security".
Naked Security
Phone carriers may soon be forced to adopt anti-robocall tech
US carriers havenβt been doing enough to block robocalls voluntarily. The Federal Communications Commissionβs response? Fine β weβll make you.
π΄ Keys to Hiring Cybersecurity Pros When Certification Can't Help π΄
π Read
via "Dark Reading: ".
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.π Read
via "Dark Reading: ".
Dark Reading
Keys to Hiring Cybersecurity Pros When Certification Can't Help
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.