The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two-year-old security flaws in TIBCO Software’s JasperReports product thatcited evidence of exploitive use in the CISA Known Exploited Vulnerabilities (KEV) catalog. In April 2018 and March 2019, TIBCO resolved the vulnerabilities tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), respectively. TIBCO JasperReports is
An ambitious success in web security, unfortunately, led to a salutary lesson in which lessons from another inevitably eventful year in infosec were learned. As 2022 draws to a close, let’s revisit some of those prominent web security wins and high-profile infosec fails from the previous year. Today we are going to begin our workshop
LastPass reported that yesterday it learned that attackers stole the data of client vaults after breaking its cloud storage system in August 2022. Last month’s update indicated that this company’s CEO, Karim Toubba, claimed that the perpetrator of criminal activities gained access to “certain elements” of customer info. Toubba added that LastPass stored archived backups
A recent publication demonstrated that several Play ransomware intrusions seem to have been caused by the Microsoft Exchange ProxyNotShell vulnerabilities CVE-2022-41040 and CVE-2022-41082. In each instance, the relevant logs and ruled there was no evidence of the exploitation of CVE-2022-41040 for initial access. Instead, it appears that the PoC was made directly through Outlook Web
