β New Microsoft Excel Attack Vector Surfaces β
π Read
via "Threatpost".
Researchers have identified security hole in Microsoft Officeβs Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems.π Read
via "Threatpost".
Threat Post
New Microsoft Excel Attack Vector Surfaces
Researchers have identified security hole in Microsoft Officeβs Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems.
ATENTIONβΌ New - CVE-2018-1893
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1892
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1828
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1827
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1826
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1760
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1758
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1734
π Read
via "National Vulnerability Database".
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-15747 (glot-www)
π Read
via "National Vulnerability Database".
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.π Read
via "National Vulnerability Database".
π How does the CVE scoring system work? π
π Read
via "Security on TechRepublic".
Have you ever wondered how vulnerabilities are scored? Here's a simplified explanation for an overly complex system.π Read
via "Security on TechRepublic".
TechRepublic
How does the CVE scoring system work?
Have you ever wondered how vulnerabilities are scored? Here's a simplified explanation for an overly complex system.
π΄ More Supply, More Demand: Cybersecurity Skills Gap Remains π΄
π Read
via "Dark Reading: ".
Although the number of programs for training workers in cybersecurity skills has increased, as well as the number of graduates, the gap in supply and demand for cybersecurity-skilled workers is essentially unchanged, leaving companies to struggle.π Read
via "Dark Reading: ".
Dark Reading
More Supply, More Demand: Cybersecurity Skills Gap Remains
Although the number of programs for training workers in cybersecurity skills has increased, as well as the number of graduates, the gap in supply and demand for cybersecurity-skilled workers is essentially unchanged, leaving companies to struggle.
π΄ Understanding & Defending Against Polymorphic Attacks π΄
π Read
via "Dark Reading: ".
Polymorphic malware is far from a new thing. But today, what is good for attackers is also good for defenders. Here's why.π Read
via "Dark Reading: ".
Darkreading
Understanding & Defending Against Polymorphic Attacks
Polymorphic malware is far from a new thing. But today, what is good for attackers is also good for defenders. Here's why.
ATENTIONβΌ New - CVE-2018-17478
π Read
via "National Vulnerability Database".
Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17460
π Read
via "National Vulnerability Database".
Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16086
π Read
via "National Vulnerability Database".
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16077
π Read
via "National Vulnerability Database".
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16075
π Read
via "National Vulnerability Database".
Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16074
π Read
via "National Vulnerability Database".
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16073
π Read
via "National Vulnerability Database".
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16070
π Read
via "National Vulnerability Database".
Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".