Category: Good news
Introduction F5 Labs education articles help you understand basic threat-related security topics. At the most fundamental level, IT security is about protecting things that are of value to an organization. That generally includes people, property, and data—in other words, the organization’s assets. Security controls exist to reduce or mitigate the risk to those assets. They…
Read MoreApply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o…
Read MoreWhat Is SQL Injection? SQL injection is a technique used by attackers to gain unauthorized access to one of an organization’s most critical assets: the database that supports its website. In most cases, it is website vulnerabilities that allow an attacker to insert (or inject) instructions where the application is expecting only data. SQL injection…
Read MoreMS-ISAC ADVISORY NUMBER: 2023-140 DATE(S) ISSUED: 12/12/2023 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or…
Read MoreIntroduction F5 Labs attack series articles help you understand common attacks, how they work, and how to guard against them. What Is Cross-Site Scripting? Cross-site scripting, commonly referred to as XSS, is one of many types of insertion attacks that affect web-based applications and, by extension, their users. It occurs when a vulnerability in an…
Read MoreApply appropriate updates provided by WordPress to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.2:…
Read MoreAPIs Power Applications—and Pose Security Challenges Application programming interfaces (APIs) form the chassis for modern applications. They are interfaces to software components that developers use to integrate valuable information into their applications (like Google Maps in a rideshare app or YouTube videos into a webpage) and they are everywhere—even in security products. APIs are key…
Read MoreApply appropriate patches and workarounds provided by Atlassian to vulnerable systems, immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o Safeguard…
Read More10web_form_builder_team — form_maker_by_10web Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23. 2024-04-17 5.9 CVE-2024-32534audit@patchstack.com activecampaign — activecampaign Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through…
Read MoreFraudulent unemployment claims filed by attackers against residents of the state of Washington and at least six other U.S. states are sending worried consumers into panic. Many are caught completely off guard by letters they’ve received from their states’ employment security departments notifying them that their unemployment claim is being processed. The problem? They didn’t…
Read More