Share

RSS

More Articles…

• From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company
• NIS: what it is and how it protects cybersecurity
• Advanced persistent threats (APTs): what they are and how to defend yourself
• Penetration Testing and MFA: A Dual Strategy to Maximize Security
• Penetration Testing: Where to Strike to Protect Your IT Network
• Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.
• Why IT audit and log management are important for Cybersecurity
• Red Team, Blue Team and Purple Team: what are the differences?

Categories …

• Backup as a Service (18)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (22)
• Conferenza Cloud (4)
• Cyberfero (15)
• ICT Monitoring (5)
• Log Management (2)
• News (25)
• ownCloud (4)
• Privacy (7)
• Security (203)
  • Cyber Threat Intelligence (CTI) (8)
  • Deception (4)
  • Ethical Phishing (11)
  • Netwrix Auditor (2)
  • Penetration Test (11)
  • Posture Guard (3)
  • SOCaaS (65)
    • EDR (3)
    • SIEM (13)
    • SOAR (5)
    • UEBA (10)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

darkreading

• Cybersecurity Community Celebrates Documentary Premiere at Tampa Theatre September 14, 2024
• South Korea Digital Forensics Market to Hit US $3.52B by 2031 September 14, 2024
• Fortinet Confirms Customer Data Breach via Third Party September 13, 2024
  The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.
• Compliance Automation Pays Off for a Growing Company September 13, 2024
  In this case study, a CISO helps a B2B marketing automation company straighten out its manual compliance process by automating it.
• Over a Third of Cyberattacks Result in Job Losses September 13, 2024
• Malicious Actors Sow Discord With False Election Compromise Claims September 13, 2024
  The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn't been.)
• 99% of Business Leaders Have Concerns About the Trustworthiness of Internal Data September 13, 2024
• Cloud-Native Network Security Up 17%, Hardware Down 2% September 13, 2024
• NFL Teams Block & Tackle Cyberattacks in a Digital World September 13, 2024
  As the 104th season of the National Football League kicks off, expect cyberattacks aimed at its customers, players, and arenas.
• Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure September 13, 2024
  To prevent this, organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate hardware and firmware security.

Full Disclosure

• CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0 September 12, 2024
  Posted by RUBEN LOPEZ HERRERA on Sep 11Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Authorization Method Tested Version(s): 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Request Forgery (CSRF) Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution Date: N/A Public Disclosure: 2024-09-17 CVE Reference: CVE-2024-25286 Overview: A Cross-Site […]
• CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking September 12, 2024
  Posted by RUBEN LOPEZ HERRERA on Sep 11Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Method Authentication Tested Version(s): 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting (XSS) Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution Date: N/A Public Disclosure: 2024-09-17 CVE Reference: CVE-2024-25285 Overview: 3DSecure 2.0 is […]
• CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0 September 12, 2024
  Posted by RUBEN LOPEZ HERRERA on Sep 11Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Authorization Method Tested Version(s): 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Scripting (XSS) Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution Date: N/A Public Disclosure: 2024-09-17 CVE Reference: CVE-2024-25284 Overview: Multiple reflected Cross-Site […]
• CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0 September 12, 2024
  Posted by RUBEN LOPEZ HERRERA on Sep 11Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Authorization Challenge Tested Version(s): 3DSecure 2.0 3DS Authorization Challenge Vulnerability Type: Cross-Site Scripting (XSS) Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution Date: N/A Public Disclosure: 2024-09-17 CVE Reference: CVE-2024-25283 Overview: Multiple reflected Cross-Site […]
• CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication September 12, 2024
  Posted by RUBEN LOPEZ HERRERA on Sep 11Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Method Authentication Tested Version(s): 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting (XSS) Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution Date: N/A Public Disclosure: 2024-09-17 CVE Reference: CVE-2024-25282 Overview: 3DSecure 2.0 is […]
• KL-001-2024-012: VICIdial Authenticated Remote Code Execution September 10, 2024
  Posted by KoreLogic Disclosures via Fulldisclosure on Sep 10KL-001-2024-012: VICIdial Authenticated Remote Code Execution Title: VICIdial Authenticated Remote Code Execution Advisory ID: KL-001-2024-012 Publication Date: 2024-09-10 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt 1. Vulnerability Details      Affected Vendor: VICIdial      Affected Product: VICIdial      Affected Version: 2.14-917a      Platform: GNU/Linux      CWE Classification:...
• KL-001-2024-011: VICIdial Unauthenticated SQL Injection September 10, 2024
  Posted by KoreLogic Disclosures via Fulldisclosure on Sep 10KL-001-2024-011: VICIdial Unauthenticated SQL Injection Title: VICIdial Unauthenticated SQL Injection Advisory ID: KL-001-2024-011 Publication Date: 2024-09-10 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt 1. Vulnerability Details      Affected Vendor: VICIdial      Affected Product: VICIdial      Affected Version: 2.14-917a      Platform: GNU/Linux      CWE Classification: CWE-89:...
• OXAS-ADV-2024-0005: OX App Suite Security Advisory September 10, 2024
  Posted by Martin Heiland via Fulldisclosure on Sep 09Dear subscribers, We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0005.html. […]
• [SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78) September 6, 2024
  Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-030 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401, 6.00PL01 Tested Version(s): 5.2401, 6.00PL01 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: - Public Disclosure: 2024-09-04...
• [SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395) September 6, 2024
  Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-029 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401 Tested Version(s): 5.2401 Vulnerability Type: Dependency on Vulnerable Third-Party Component (CWE-1395) Use of Unmaintained Third Party Components (CWE-1104) Risk Level: High Solution Status: Fixed...