Day: November 11, 2021

NETSCOUT integrates its OCI technology with AWS Security Hub to extend cyberthreat visibility

NETSCOUT announced that Amazon Web Services customers will now have added visibility and security when migrating workloads to AWS using NETSCOUT’s Omnis Cyber Intelligence (OCI) integration with AWS Security Hub. NETSCOUT OCI is a network security software solution, built on the foundation of the industry’s most prominent network monitoring and packet recording and analysis technology. …

NETSCOUT integrates its OCI technology with AWS Security Hub to extend cyberthreat visibility Read More »

SecurityGate.io partners with Rokster to help industrial companies bridge the OT security skills gap

SecurityGate.io announced a partnership with Rokster, a technology consulting firm specializing in regulatory compliance, cybersecurity, artificial intelligence, blockchain, and business intelligence for the utility and life sciences spaces. The need for this partnership is more relevant than ever. In fact, The International Information System Security Certification Consortium, or (ISC)², conducted a workforce study that found …

SecurityGate.io partners with Rokster to help industrial companies bridge the OT security skills gap Read More »

Lockheed Martin and Keysight advance 5G solutions for aerospace and defense communications

Lockheed Martin and Keysight Technologies announced a collaboration to advance 5G in support of mission-critical communications for aerospace and defense applications. The companies are actively collaborating on a 5G.MIL testbed that Lockheed Martin teams will use to advance 5G capabilities for multiple applications. “Lockheed Martin is leveraging expertise in the commercial sector to scale, adapt …

Lockheed Martin and Keysight advance 5G solutions for aerospace and defense communications Read More »

5 FAQs about Cyber Risk Quantification Answered by RiskLens CEO Nick Sanna

Nick Sanna, CEO of RiskLens and President of the FAIR Institute, recently spoke at a webinar hosted by Ostendio, the IRM solution provider, and with some expert questioning by Ostendio CEO Grant Elliott gave a short seminar that answers many of the basic questions about cyber risk quantification. Here are excerpts from the Q&A. Read …

5 FAQs about Cyber Risk Quantification Answered by RiskLens CEO Nick Sanna Read More »

Lacework acquires Soluble to strengthen its data-driven cloud security platform

Lacework announced the acquisition of Soluble, a scalable cloud infrastructure management company. The Infrastructure as Code (IaC) remediation capabilities Soluble provides, in addition to several new updates to the Lacework platform announced, combine to help organizations integrate security practices into their software delivery workflows, further extending the value of the platform to customers. The Lacework …

Lacework acquires Soluble to strengthen its data-driven cloud security platform Read More »

Google has become too powerful – it's time for a European search index!

This week Google lost an appeal against a massive EU competition fine for squeezing rival shopping services on its search engine. The fine of € 2.4 billion was issued in 2017 because Google displayed its own price-comparison shopping service at the top of the search results, which led to a huge disadvantage to competitors. Regardless …

Google has become too powerful – it's time for a European search index! Read More »

[webapps] WordPress Plugin AccessPress Social Icons 1.8.2 – 'icon title' Stored Cross-Site Scripting (XSS)

# Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 – ‘icon title’ Stored Cross-Site Scripting (XSS) # Date: 11/12/2021 # Exploit Author: Murat DEMIRCI (@butterflyhunt3r) # Vendor Homepage: https://accesspressthemes.com/ # Software Link: https://wordpress.org/plugins/accesspress-social-icons/ # Version: 1.8.2 # Tested on : Windows 10 #Poc: 1. Install Latest WordPress 2. Install and activate AccessPress Social Icons 1.8.2 …

[webapps] WordPress Plugin AccessPress Social Icons 1.8.2 – 'icon title' Stored Cross-Site Scripting (XSS) Read More »

[webapps] Mumara Classic 2.93 – 'license' SQL Injection (Unauthenticated)

# Exploit Title: Mumara Classic 2.93 – ‘license’ SQL Injection (Unauthenticated) # Date: 2021-11-11 # Exploit Author: (v0yager) Shain Lakin # Vendor Homepage: https://mumara.com # Version: <= 2.93 # Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary …

[webapps] Mumara Classic 2.93 – 'license' SQL Injection (Unauthenticated) Read More »

[local] Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation

# Exploit Title: Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation # Date: 11/11/2021 # Exploit Author: it # Vendor Homepage: https://www.microsoft.com # Software Link: https://www.microsoft.com/pt-br/download/details.aspx?id=8518 # Version: Version 6.1 Compilation 7601 Service Pack 1 # Tested on: Microsoft Windows MultiPoint Server 2011 – English Version Description Service Local Privilege Escalation …

[local] Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation Read More »

[dos] Xlight FTP 3.9.3.1 – Buffer Overflow (PoC)

# Exploit Title: Xlight FTP 3.9.3.1 – ‘Buffer Overflow’ (PoC) # Discovered by: Yehia Elghaly # Discovered Date: 2021-11-12 # Vendor Homepage: https://www.xlightftpd.com/ # Software Link: https://www.xlightftpd.com/download/setup.exe # Tested Version: 3.9.3.1 # Vulnerability Type: Buffer Overflow Local # Tested on OS: Windows XP SP3 – Windows 7 Professional x86 SP1 – Windows 10 x64 # …

[dos] Xlight FTP 3.9.3.1 – Buffer Overflow (PoC) Read More »

[webapps] WordPress Plugin WP Symposium Pro 2021.10 – 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)

# Exploit Title: WordPress Plugin WP Symposium Pro 2021.10 – ‘wps_admin_forum_add_name’ Stored Cross-Site Scripting (XSS) # Date: 11/11/2021 # Exploit Author: Murat DEMIRCI (@butterflyhunt3r) # Vendor Homepage: http://www.wpsymposiumpro.com/ # Software Link: https://wordpress.org/plugins/wp-symposium-pro/ # Version: 2021.10 # Tested on : Windows 10 #Description: WP Symposium Pro version 2021.10 plugin was exposed to stored cross site scripting …

[webapps] WordPress Plugin WP Symposium Pro 2021.10 – 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS) Read More »

Update: cs-decrypt-metadata.py Version 0.0.2

Update: cs-decrypt-metadata.py Version 0.0.2 This new version of my tool to decrypt Cobalt Strike metadata, now supports transformations. By default, encrypted metadata in Cobalt Strike traffic is encoded with BASE64 and then transmitted via the Cookie header in HTTP(S) requests. This metadata is encrypted with a public RSA key, and can be decrypted if the private …

Update: cs-decrypt-metadata.py Version 0.0.2 Read More »

Philippines gov takes down passport application website amid privacy leak fears

The Philippines’ Department of Foreign Affairs (DFA) has disabled its online passport application tracker, citing a “data privacy issue” and hinting that information could have leaked. “The DFA’s IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed,” states a notice …

Philippines gov takes down passport application website amid privacy leak fears Read More »

Christine Alpers joins Appfire as General Counsel

Appfire announced that Christine Alpers joined the company as General Counsel to lead and scale the company’s global legal strategy and function. “Christine’s legal and strategic acumen, combined with her depth of experience in the software industry, align with the largest growth opportunity in Appfire’s history,” said Bob Nicholson, President and COO of Appfire. “We’re …

Christine Alpers joins Appfire as General Counsel Read More »

Egress hires Matt Biggin as VP of Engineering

Egress announced that it has hired Matt Biggin as its new VP of Engineering to scale and deliver its product roadmap. Biggin joins Egress from Mimecast, where he played a key role in delivering their email security product roadmap and recently facilitated the acquisition of Chicago-based startup MessageControl. Biggin’s appointment at Egress follows the recent …

Egress hires Matt Biggin as VP of Engineering Read More »

IntelePeer appoints Brian Gilman as CMO

IntelePeer announces the appointment of Brian Gilman to Chief Marketing Officer (CMO). A transformational marketing leader with a record of success in developing and implementing strategic B2B marketing campaigns and engaging in high-touch sales activities within the communications and collaboration markets, Brian will oversee IntelePeer’s CPaaS marketing strategy to facilitate continued growth and brand evolution. …

IntelePeer appoints Brian Gilman as CMO Read More »

Threat actors penetrate Australian Sunwater water supply systems

One of Australia leading water supply platforms confirmed that its systems were compromised by threat actors for nine long months. Apparently, threat actors left malicious files on a web server to redirect legitimate traffic to a video platform as early as 2020. Sunwater acknowledged the computer intrusion after filing a notification with local authorities, who …

Threat actors penetrate Australian Sunwater water supply systems Read More »

Exterro hires Jenny Hamilton as General Counsel

Exterro announced the addition of legal discovery expert and technologist Jenny Hamilton as its new General Counsel. Her strategic hire furthers Exterro’s commitment to building a world-class executive team and solidifies Exterro’s position in the legal GRC market as the company continues its strong momentum and advances towards a potential future IPO. Hamilton previously led …

Exterro hires Jenny Hamilton as General Counsel Read More »

The new Microsoft Store is now rolling out to Windows 10 PCs

Microsoft has started rolling out Windows 11’s new Microsoft Store to Windows 10, allowing users a greater option of apps for users to install. With Windows 11, Microsoft introduced a redesigned Microsoft Store with a modern design and a more open ecosystem. This open ecosystem provides greater flexibility to developers, even allowing competing platforms like …

The new Microsoft Store is now rolling out to Windows 10 PCs Read More »

Juniper Support Insights:AIドリブンサポートによるネットワーク運用の変革

Official Juniper Networks Blogs Juniper Support Insights:AIドリブンサポートによるネットワーク運用の変革 これは、3部シリーズの最後のブログです。第1部の「Experience-First Networking: Delivering a Modern Customer Experience」と第2部の「 The Cloud Connected Network: A Win-Win for Customers and Vendors」では、お客様のネットワークをクラウドに接続し、自動化とAI(人工知能)を使用してインサイトを導き出すことで、ネットワークベンダーがサポートエクスペリエンスをどのように変革できるのかについて説明しました。 本日、ジュニパーネットワークスは、新しいAIドリブンサポートソリューションであるJuniper Support Insightsを発表しました。ジュニパーは、カスタマーエクスペリエンスを事後対応型から事前対応型へと移行するプロセスを進めています。お客様の多くは、ジュニパーのVNA(仮想ネットワークアシスタント)のMarvisとMist Assuranceを活用して運用を自動化できる実績のあるソリューションをすでに活用しています。Juniper Support Insightsは、これらの機能を拡張したもので、エクスペリエンスファーストネットワーキングのビジョンを実現する重要なマイルストーンになります。 Juniper Support Insightsとは? Juniper Support Insightsは、ACXシリーズ、EXシリーズ、MXシリーズ、PTXシリーズ、QFXシリーズ、SRXシリーズを含むJunosポートフォリオ全体でAIドリブンのサポートを拡張するソリューションです。このソリューションを導入すれば、サービスプロバイダと企業は、運用全体の可視化と実用的なインテリジェンスを活用してネットワークを最適化できます。また、ネットワークインベントリに対応できるだけでなく、サービス契約、サポート/サービス終了、リリースやセキュリティアップデートに関する詳細をレポートで提供することもできます。Juniper Support Insightsは、製品固有の構成およびトラブルシューティング機能を提供するジュニパーのApstraやParagonなど、運用自動化ソフトウェアポートフォリオの他のソリューションを補完します。 Juniper Support Insightsはどのように運用効率を向上させるか? Juniper Support Insightsにより、ITチームとネットワーク運用チームは自社のネットワークについて詳しく理解できるようになるため、問題の発生頻度が減り、その結果、運用効率が向上します。このソリューションには、次のような特長があります。 使いやすさ:Junosデバイスをクラウドに直接接続するか、オンプレミスのLightweight Collector経由で接続するかを選択できます。Lightweight Collectorは、ジュニパーの自動プロビジョニングによって完全に管理およびサポートされます。コレクター、ネットワークデバイスのいずれにも追加のソフトウェアは必要ありません。 セキュリティ: データのプライバシーと保護は、必要最小限のデバイスファクトデータ収集の原則に従って維持されます。ZRF(Zero-Residual Footprint)を採用しているため、データがどこかに永続的に保存されることはなく、データの漏えいを防止できます。さらに、PII(個人識別情報)は一切使用せず、データフローはすべてTLS(トランスポート層セキュリティ)で暗号化されます。 拡張性:Lightweight Collectorは、それぞれが大規模な導入に対応できるよう設計されており、最大2万台のネットワークデバイスをサポートします。さらに、ジュニパークラウドアーキテクチャは、自動拡張機能を備えているため、ネットワークのサイズとデータ収集の対象範囲に合わせてスケールアップとスケールダウンができます。 時間や場所に関係なくアクセスできるポータルで実用的なインテリジェンスを得られます Juniper Support Insightsには、セキュアポータルへのアクセス機能が含まれています。ITチームとネットワーク運用チームは、このセキュアポータルを利用して、デバイスのオンボーディングと検出を管理し、運用ダッシュボードとレポートを可視化できます。ダッシュボードとレポートには、ネットワーク全体の運用の健全性を示す指標とインサイトを包括した情報が表示されます。 標準的なレポートへのアクセスが自由にできるようになり、ビジネスニーズに基づいて拡張されたカスタムレポートを受け取ることもできます。 …

Juniper Support Insights:AIドリブンサポートによるネットワーク運用の変革 Read More »

Women In Cybersecurity Documentary Premieres On YouTube

Help Wanted: Female cybercrime fighters globally – Produced by Cybersecurity Ventures Northport, N.Y. – Nov. 11, 2021 “WOMEN KNOW CYBER: THE DOCUMENTARY,” a Cybersecurity Ventures production, premiered on the Cybercrime Magazine YouTube Channel today. The 41-minute, 52-second documentary features women in cybersecurity from across the globe sharing their stories in an effort to recruit more …

Women In Cybersecurity Documentary Premieres On YouTube Read More »