10web_form_builder_team — form_maker_by_10web Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23. 2024-04-17 5.9 CVE-2024-32534audit@patchstack.com activecampaign — activecampaign Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through…
Read More
Frequently asked questions about CVE-2024-3094, a supply-chain attack responsible for a backdoor in XZ Utils, a widely used library found in multiple Linux distributions. Update April 1: The “What Linux distributions are affected?” section has been updated to include additional affected and not affected distributions. In addition, updates to the “Has Tenable released any product…
Read More
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022…
Read More
Another month has passed, which means more sensor telemetry to analyze for attacker targeting trends. October’s data is notable primarily because we detected attackers looking for a handful of interesting vulnerabilities that were recently released or discovered, most notably CVE-2022-41040, one of the Microsoft Exchange zero day vulnerabilities that attackers began to exploit in August…
Read MoreWhat Is Cybersecurity, Anyway? Another issue in our field is that many organizations seem to build security staffing requirements around a bachelor’s degree in computer science. It is possible that this was a good strategy once, but computer science degrees and security are increasingly mismatched, for several reasons. Most people in computer science programs want…
Read MoreF5 Labs was honored to host two Howard University undergraduate students, Malaya Moon and Akosua Wordie, as part of a Summer Security Practicum program. These two students assisted F5 Labs staff with analyzing and classifying web sensor data, and they dived deep into attacks against South Africa from the first part of 2021. By doing…
Read MoreFraudulent unemployment claims filed by attackers against residents of the state of Washington and at least six other U.S. states are sending worried consumers into panic. Many are caught completely off guard by letters they’ve received from their states’ employment security departments notifying them that their unemployment claim is being processed. The problem? They didn’t…
Read MoreIt’s that special time of year again! In perhaps the most festive of all end-of-the-year traditions, the cyber security community tries to predict the next big scary incident which will make headlines in the new year. At the risk of sounding cynical, building strategies to respond to cyber security threats are a bit like New…
Read MoreFive Key Cybersecurity Skills In part one, we explained why it’s better to grow your own cybersecurity experts than shop on the open market. If CISOs can find people who are inspired by security, and who are willing and humble enough to go the distance, they should hold on to them—these are the people to…
Read More
Creating an encrypted HTTPS website depends on a lot more than simply throwing a digital certificate at it and hoping for the best. In fact, Transport Layer Security (TLS) and HTTPS misconfigurations are now so commonplace that in the 2021 OWASP Top 10, Cryptographic Failures now comes in second place…. Source link lol
Read More