Enterprise document management system (DMS) vendors, ONLYOFFICE, OpenKM, LogicalDOC, and Mayan, are yet to resolve several severe DMS vulnerabilities, according to cybersecurity firm Rapid7. It warned that stored cross-site scripting (XSS) flaws in the systems pose high risks. No patches or updates have been released, and vendors have not responded to Rapid7’s disclosures.
Qualys uncovers large-scale Murdoc Botnet campaign
The Murdoc Botnet, a new element of the Mirai campaign, is targeting IoT devices worldwide. Uncovered by Qualys, the botnet targets vulnerabilities in AVTECH cameras
