Author: nlqip
OpenText–eDirectory Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. 2024-09-12 6.5 CVE-2021-22533 security@opentext.com n/a–n/a ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object.…
Read More
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. The impacted models are popular in the consumer networking market, especially among users looking for high-end WiFi 6 routers (DIR-X) and mesh networking systems (COVR). The bulletin lists five…
Read More
“This deal is a big accelerant for the NWN platform which is consistent with the approach we have taken over the last five years that has allowed us to quadruple the company from less than $300 million to more than $1 billion,” said NWN Senior Vice President of Corporate Development Matt Curran. NWN Carousel has…
Read More
Unisys, Fusion Connect, Impact Networking, Tenable, Confluent and Thales are among the vendors to list open positions for channel-related roles. This month, Unisys, Fusion Connect and Impact Networking are among the solution providers to list open positions while Tenable, Confluent and Thales are among the vendors to list open positions for channel-related roles. CRN has…
Read More
Sep 16, 2024Ravie LakshmananFinancial Security / Malware Cybersecurity researchers are continuing to warn about North Korean threat actors’ attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social…
Read More
Sep 16, 2024Ravie LakshmananCloud Security / Vulnerability A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. “The vulnerability could have allowed…
Read More
Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool. Tenable Research also found risky guidance in GCP documentation…
Read More
Sep 16, 2024The Hacker NewsPayment Security / Data Protection The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage…
Read More
Sep 16, 2024The Hacker NewsIdentity Protection / Incident Response Imagine this… You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn’t a horror movie, it’s the…
Read More
Perfect Forward Secrecy (PFS) is an important mode of modern encryption that secures the former and future sessions. It remains functional even if the current keys have already been compromised. Its primary function is to safeguard sensitive information, which prevents potential future data breaches. PFS is frequently used in security and privacy protocols across various…
Read More