π NYDFS Tasks New Cybersecurity Division to Enforce Cybersecurity Regulation π
π Read
via "Subscriber Blog RSS Feed ".
With a new cybersecurity team dedicated to enforcing the departmentβs regulations under its wing, the New York Department of Financial Services (NYDFS) will grow even more vigilant of violations.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NYDFS Tasks New Cybersecurity Division to Enforce Cybersecurity Regulation
With a new cybersecurity team dedicated to enforcing the departmentβs regulations under its wing, the New York Department of Financial Services (NYDFS) will grow even more vigilant of violations.
ATENTIONβΌ New - CVE-2017-13668
π Read
via "National Vulnerability Database".
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11740
π Read
via "National Vulnerability Database".
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11739
π Read
via "National Vulnerability Database".
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11738
π Read
via "National Vulnerability Database".
In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11561
π Read
via "National Vulnerability Database".
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.π Read
via "National Vulnerability Database".
π΄ Google's Origin & the Danger of Link Sharing π΄
π Read
via "Dark Reading: ".
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.π Read
via "Dark Reading: ".
Darkreading
Google's Origin & the Danger of Link Sharing
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.
π΄ Mobile Exploit Fingerprints Devices with Sensor Calibration Data π΄
π Read
via "Dark Reading: ".
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.π Read
via "Dark Reading: ".
Dark Reading
Mobile Exploit Fingerprints Devices with Sensor Calibration Data
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
β Calibration Attack Drills Down on iPhone, Pixel Users β
π Read
via "Threatpost".
A new way of tracking mobile users creates a globally unique device fingerprint that browsers and other protections can't stop.π Read
via "Threatpost".
Threat Post
Calibration Attack Drills Down on iPhone, Pixel Users
A new way of tracking mobile users creates a globally unique device fingerprint that browsers and other protections can't stop.
β Shade Ransomware Expands to U.S. Targets β
π Read
via "Threatpost".
Coming to America: The Shade ransomware, which has historically targeted Russian victims, was recently spotted expanding its sights.π Read
via "Threatpost".
Threat Post
Shade Ransomware Expands to U.S. Targets
The Shade ransomware, which has historically targeted Russian victims, was recently spotted expanding into the U.S. and Japan.
π΄ FEC Gives Green Light for Free Cybersecurity Help in Federal Elections π΄
π Read
via "Dark Reading: ".
Official opinion issued by the Federal Election Commission to nonprofit Defending Digital Campaigns is good news for free and reduced-cost security offerings to political candidates and committees.π Read
via "Dark Reading: ".
Dark Reading
Application Security recent news | Dark Reading
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading
β Goodbye Passwords: Hello Identity Management β
π Read
via "Threatpost".
As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.π Read
via "Threatpost".
Threat Post
Goodbye Passwords: Hello Identity Management
As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.
ATENTIONβΌ New - CVE-2017-13667
π Read
via "National Vulnerability Database".
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11560
π Read
via "National Vulnerability Database".
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11559
π Read
via "National Vulnerability Database".
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11557
π Read
via "National Vulnerability Database".
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11365
π Read
via "National Vulnerability Database".
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-9969
π Read
via "National Vulnerability Database".
In libwebp 0.5.1, there is a double free bug in libwebpmux.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-8901
π Read
via "National Vulnerability Database".
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-8899
π Read
via "National Vulnerability Database".
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-8897
π Read
via "National Vulnerability Database".
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.π Read
via "National Vulnerability Database".