🕴 Twitter, Facebook, NSA Discuss Fight Against Misinformation 🕴
📖 Read
via "Dark Reading: ".
RSA panelists address the delicate technical challenges of combating information warfare online without causing First Amendment freedoms to take collateral damage.📖 Read
via "Dark Reading: ".
Dark Reading
Twitter, Facebook, NSA Discuss Fight Against Misinformation
RSA panelists address the delicate technical challenges of combating information warfare online without causing First Amendment freedoms to take collateral damage.
ATENTION‼ New - CVE-2019-0192
📖 Read
via "National Vulnerability Database".
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-18816
📖 Read
via "National Vulnerability Database".
The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-18815
📖 Read
via "National Vulnerability Database".
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-18809
📖 Read
via "National Vulnerability Database".
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-18808
📖 Read
via "National Vulnerability Database".
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.📖 Read
via "National Vulnerability Database".
🕴 Phishing Attacks Evolve as Detection & Response Capabilities Improve 🕴
📖 Read
via "Dark Reading: ".
Social engineering scam continued to be preferred attack vector last year, but attackers were forced to adapt and change.📖 Read
via "Dark Reading: ".
Darkreading
Phishing Attacks Evolve as Detection & Response Capabilities Improve
Social engineering scam continued to be preferred attack vector last year, but attackers were forced to adapt and change.
🕴 Companies Having Trouble Translating Security to Mobile Devices 🕴
📖 Read
via "Dark Reading: ".
As more enterprise work takes place on mobile devices, more companies are feeling insecure about the security of their mobile fleet, according to a new Verizon report.📖 Read
via "Dark Reading: ".
Dark Reading
Companies Having Trouble Translating Security to Mobile Devices
As more enterprise work takes place on mobile devices, more companies are feeling insecure about the security of their mobile fleet, according to a new Verizon report.
🔐 How digital transformation affects the people of New York City 🔐
📖 Read
via "Security on TechRepublic".
Dan Patterson spoke with the deputy CTO for the NYC mayor's office about taking a community-centered approach to digital transformation and cybersecurity, as well as its Moonshot Challenge.📖 Read
via "Security on TechRepublic".
TechRepublic
How digital transformation affects the people of New York City
Dan Patterson spoke with the deputy CTO for the NYC mayor's office about taking a community-centered approach to digital transformation and cybersecurity, as well as its Moonshot Challenge.
🔐 Why the NYCx Cybersecurity Moonshot Challenge is relatable to small businesses and entrepreneurs 🔐
📖 Read
via "Security on TechRepublic".
The deputy CTO for the New York City mayor's office explains why a people-centered approach is key to smart cities, STEM programs, and any technology, and ultimately to a better society.📖 Read
via "Security on TechRepublic".
TechRepublic
Why the NYCx Cybersecurity Moonshot Challenge is relatable to small businesses and entrepreneurs
The deputy CTO for the New York City mayor's office explains why a people-centered approach is key to smart cities, STEM programs, and any technology, and ultimately to a better society.
🔐 Why the NYCx Cybersecurity Moonshot Challenge is relatable to small businesses and entrepreneurs 🔐
📖 Read
via "Security on TechRepublic".
The deputy CTO for the New York City mayor's office explains why a people-centered approach is key to smart cities, STEM programs, and any technology, and ultimately to a better society.📖 Read
via "Security on TechRepublic".
TechRepublic
Why the NYCx Cybersecurity Moonshot Challenge is relatable to small businesses and entrepreneurs
The deputy CTO for the New York City mayor's office explains why a people-centered approach is key to smart cities, STEM programs, and any technology, and ultimately to a better society.
🔐 Why security is the top barrier in enterprise cloud adoption 🔐
📖 Read
via "Security on TechRepublic".
At RSA 2019, Richard Bird of Ping Identity discussed identity-related security issues and solutions for enterprises.📖 Read
via "Security on TechRepublic".
TechRepublic
Why security is the top barrier in enterprise cloud adoption
At RSA 2019, Richard Bird of Ping Identity discussed identity-related security issues and solutions for enterprises.
🔐 Blockchain implementation: Top security risks for the enterprise 🔐
📖 Read
via "Security on TechRepublic".
At RSA 2019, Charles Henderson of IBM X-Force Red explained the cybersecurity challenges involved in bringing blockchain to the enterprise.📖 Read
via "Security on TechRepublic".
TechRepublic
Blockchain implementation: Top security risks for the enterprise
At RSA 2019, Charles Henderson of IBM X-Force Red explained the cybersecurity challenges involved in bringing blockchain to the enterprise.
🔐 Why companies ignore cybersecurity in digital transformations 🔐
📖 Read
via "Security on TechRepublic".
At RSA 2019, Emily Mossburg of Deloitte explained the challenges companies face when it comes to cybersecurity.📖 Read
via "Security on TechRepublic".
TechRepublic
Why companies ignore cybersecurity in digital transformations
At RSA 2019, Emily Mossburg of Deloitte explained the challenges companies face when it comes to cybersecurity.
ATENTION‼ New - CVE-2018-18449
📖 Read
via "National Vulnerability Database".
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17988
📖 Read
via "National Vulnerability Database".
LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17429
📖 Read
via "National Vulnerability Database".
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17426
📖 Read
via "National Vulnerability Database".
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17425
📖 Read
via "National Vulnerability Database".
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17422
📖 Read
via "National Vulnerability Database".
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17421
📖 Read
via "National Vulnerability Database".
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.📖 Read
via "National Vulnerability Database".