Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Actions to take today to mitigate cyber threats against Ivanti appliances: Limit outbound internet connections from SSL VPN appliances to restrict access to required services. Keep all operating syst ...

Continue Reading
How To Hunt For UEFI Malware Using Velociraptor

UEFI threats have historically been limited in number and mostly implemented by nation state actors as stealthy persistence. However, the recent proliferation of Black Lotus on the dark web, Trickbot ...

Continue Reading
Apache Superset: Improper Neutralization of custom SQL on embedded context

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: befor ...

Continue Reading
Keeping secrets out of public repositories

Accidental leaks of API keys, tokens, and other secrets risk security breaches, reputation damage, and legal liability at a mind-boggling scale. In just the first eight weeks of 2024, GitHub has detec ...

Continue Reading
Security Bulletin: IBM MQ is vulnerable to an issue in follow-redirects due to open redirect (CVE-2023-26159)

Summary IBM MQ has addressed an issue in follow-redirects. Follow-redirects is used by IBM MQ as part of the MQ Console. Vulnerability Details CVEID: CVE-2023-26159 DESCRIPTION: follow-redirects could ...

Continue Reading
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID: CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain cl ...

Continue Reading
Spring into Action! Earn up to $10,000 with our Extended Bug Bounty Program Extravaganza through Memorial Day!

Spring into action and kick-start your spring cleaning with a tech twist! We're excited to announce the extension of our Bug Bounty Extravaganza through Memorial Day, May 27th, 2024. Now, you hav ...

Continue Reading
CVE-2024-1892

Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulne ...

Continue Reading

Back to Main

Subscribe for the latest news: