Aggregator

Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.

Author/Presenter: Mário Leitão-Teixeira

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Proving Ground – CVSS v4 – A Better Version Of An Imperfect Solution appeared first on Security Boulevard.

Ascension, one of the largest private healthcare systems in the United States, has revealed that the personal and healthcare information of over 430,000 patients was exposed in a data breach disclosed last month. [...]

Get details on the AI risks Legit unearthed in enterprises' software factories.

The post The 2025 State of Application Risk Report: Understanding AI Risk in Software Development appeared first on Security Boulevard.

Sens. Cassidy and Rosen cite the possibility that the use of DeepSeek to carry out contract work may put sensitive federal data in the hands of the Chinese government.

The post Senators move to quash the use of Chinese AI system by federal contractors  appeared first on CyberScoop.

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.

A cyberattack briefly disrupted South African Airways’ website, app, and systems, but core flight operations remained unaffected. South African Airways (SAA) is the national flag carrier of South Africa, the airline is wholly owned by the South African government and has subsidiaries including SAA Technical and Air Chefs. A cyberattack hit South African Airways, briefly […]

The world of cybersecurity is always changing, with rapid evolution in both threat and response creating a continual churn in knowledge, technology, and standards. Frameworks meant to help protect systems and businesses, especially the government, tend to be comparatively slow. It takes a lot of momentum and effort to get a new framework iteration through […]

The post The CMMC Rev 2 to Rev 3 Memo: What’s Changed? appeared first on Security Boulevard.

A vulnerability was found in MH-WikiBot. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2020-5302. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Fortinet FortiADC. This issue affects some unknown processing of the component Dashboard. The manipulation of the argument Name as part of Parameter leads to cross site scripting. The identification of this vulnerability is CVE-2020-6647. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in eWON Flexy and Cosy and classified as problematic. This issue affects some unknown processing of the component Password Change Handler. The manipulation leads to cross site scripting (Reflected). The identification of this vulnerability is CVE-2020-10633. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in EJBCA up to 6.15.2.5/7.3.1.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2020-11626. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in EJBCA up to 6.15.2.5/7.3.1.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component CA UI. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2020-11627. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Quality Manager 6.0.6.1/6.02/6.06. It has been rated as problematic. This issue affects some unknown processing of the component Web UI. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2019-4602. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in IBM DOORS Next Generation 6.0.6.1/6.02/6.06. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2019-4737. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in VMware Reactor Netty up to 1.0.23 on WARN. This affects an unknown part of the component HTTP Server. The manipulation leads to information exposure through server log files. This vulnerability is uniquely identified as CVE-2022-31684. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ikus060 rdiffweb up to 2.5.0a5. This vulnerability affects unknown code. The manipulation leads to missing authentication. This vulnerability was named CVE-2022-3327. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Brocade Fabric OS up to 8.2.3b/9.0.1d/9.1.0. This affects an unknown part of the component Webtools. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2022-28169. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Brocade Fabric OS. This affects an unknown part of the component Statement Handler. The manipulation leads to information exposure through debug log file. This vulnerability is uniquely identified as CVE-2022-28170. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OX Software OX App Suite up to 8.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Attachment Handler. The manipulation of the argument len/off leads to cross site scripting. This vulnerability is handled as CVE-2022-31468. The attack may be launched remotely. There is no exploit available.