Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Search the Community

Showing results for tags 'security'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Support
    • Open Forum
  • Professional
    • Management
    • Requirements
    • Design
    • Development
    • Test / QA
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-commerce
    • Invision Community
  • Jobs
    • Looking for employee / consultant
    • Looking for Job / Assignment
  • Building The Site's Forums
  • Destiny 2's Discussions
  • The Journey's Discussions
  • Cinephilia's Topics
  • Cinephilia's Movie Database
  • Diablo 4's Diablo 4 Topics
  • Shadownessence's Topics
  • sensory hyperreactivity's Topics
  • Wolcen's Wolcen Topics
  • Quality Assurance Heroes's QA Topics
  • Visual Studio Code's Forum
  • Adobe Illustrator's Adobe Illustrator Forum
  • Sketch Guru's's Topics
  • Requirements & test management in Jira's Topics

Calendars

  • Community Calendar
  • Professional Events
  • Management Events
  • Requirement Events
  • Design Events
  • Development Events
  • Test Events
  • Atlassian Events
  • Operations Events
  • E-commerce Events
  • Destiny 2's Events
  • The Journey's Events
  • Cinephilia's premieres
  • Diablo 4's Diablo 4 Events

Categories

  • Jimi's Files
    • Curriculum vitae
    • Presentations
    • Certificates
  • Management
  • Requirements
  • Design
    • Fonts
  • Code
  • Test
  • Operations
  • Atlassian
    • Certificates of Excellence
  • Security
  • Ecommerce
  • Shadownessence's Files

Categories

  • Management
  • Design
  • Requirements
  • Development
  • Test & QA
  • Atlassian

Categories

  • Personal
  • Professional
    • Management
    • Requirements
    • Design
    • Development
    • Testing
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-Commerce

Categories

  • System Science Program
  • Graphic Design Program
  • Single Courses
  • Certifications

Categories

  • Management
  • Design
  • Requirements
  • Atlassian

Categories

  • Management
  • Design
  • Requirements
  • Development
  • Test
  • Operations
  • Atlassian
  • Security
  • E-commerce
  • Sales

Categories

  • Author database

Categories

  • Personligt
    • Jimis profiler
    • Åsikter
    • Humor
    • Spel
    • Träning
  • Allmänt
    • Internet
    • Program & tjänster
  • Intressant
    • Prylar
  • Professionellt
    • Management
    • Krav
    • Design
    • Webbutveckling
    • Test
    • Atlassian
    • säkerhet
    • Förvaltning
    • Ehandel
    • Wordpress
  • Personligt_

Product Groups

  • Test

Blogs

There are no results to display.

There are no results to display.

Categories

  • Personal
    • Humor
    • Music
  • Professional
    • Management
    • Requirements
    • Design
    • Development
    • Testing
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-commerce
  • Destiny 2's Videos
  • Destiny 2's Streamers
  • The Journey's Videos
  • Cinephilia's Trailers
  • Cinephilia's Full Movies
  • Diablo 4's Diablo 4 Videos
  • Wolcen's Wolcen Videos
  • Visual Studio Code's Videos
  • Adobe Illustrator's Adobe Illustrator Videos
  • Requirements & test management in Jira's Videos

Categories

  • Just for fun
  • TV & Movies
    • Lord of the Rings
    • Star Wars
    • Marvel
  • Atlassian

Categories

  • Games
    • White Wolf
    • Drakar & Demoner
    • Mutant
  • Books
    • Management Books
    • Design Books
    • Development Books
  • Comics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 3 results

  1. Two WordPress plugins, InfiniteWP Client and WP Time Capsule have been found to suffer from a critical authorization bypass bug that allows people to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in. Both plugins are designed to allow users to authenticate to multiple WordPress installations from one central server. That allows site owners to “perform maintenance such as one-click updates for core, plugins, and themes across all sites, backup and site restores, and activating/deactivating plugins and themes on multiple sites simultaneously". This was reported on January 7th and on January 8th a new release for InfiniteWP Client and WP Time Capsule was released. WebArx publicly disclosed the bugs on January 14th. Based on the WordPress plugin library, the InfiniteWP Client plugin is active on 300,000+ websites. The InfiniteWP site claims they have 513,520 sites active. Link to WPScan Vulnerability Database: https://wpvulndb.com/vulnerabilities/10011
  2. On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: The updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States The flaw, dubbed 'NSACrypt' and tracked as CVE-2020-0601, resides in the Crypt32.dll module that contains various 'Certificate and Cryptographic Messaging functions' used by the Windows Crypto API for handling encryption and decryption of data. A cyber attacker could exploit CVE-2020-0601 to obtain sensitive information, such as financial information, or run malware on a targeted system; for example: A maliciously crafted certificate could appear to be issued for a hostname that did not authorize it, preventing a browser that relies on Windows CryptoAPI from validating its authenticity and issuing warnings. If the certificate impersonates a user’s bank website, their financial information could be exposed. Signed malware can bypass protections (e.g., antivirus) that only run applications with valid signatures. Malicious files, emails, and executables can appear legitimate to unpatched users. Besides Windows CryptoAPI spoofing vulnerability that has been rated 'important' in severity, Microsoft has also patched 48 other vulnerabilities, 8 of which are critical and rest all 40 are important. It is strongly suggested that you patch this as soon as possible by heading on to your Windows Settings → Update & Security → Windows Update → clicking 'Check for updates on your PC.
×
×
  • Create New...