Latest Cyber News

Hackers Turned Visual Studio Code As A Remote Access Tool - After successfully intercepting the exfiltrated data the threat actors exploit unauthorized access through GitHub’s authentication system by navigating to “hxxps://github[.]com/login/device” and utilizing stolen alphanumeric ...
1 month ago Cybersecuritynews.com
Iranian APT Facilitating Remote Access To Target Networks  - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
CentOS vs Ubuntu: Enterprise Linux Comparison - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam - The ransomware encrypts files on the victim’s computer, adding the “.womp” extension, and displays a ransom note demanding payment in Bitcoin for decryption. The attack, known as the “Prince Ransomware,” utilizes a ...
1 month ago Gbhackers.com
SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
1 month ago Securelist.com
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
1 month ago Securityaffairs.com
Cloud Penetration Testing Checklist - 2023 - Check the Service Level Agreement and make sure that proper policy has been covered between the Cloud service provider (CSP) and Client. Cloud penetration testing focuses on identifying and exploiting vulnerabilities in cloud environments, ensuring ...
1 month ago Gbhackers.com
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group - By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace. Between January 2023 and August 2024, Star ...
1 month ago Gbhackers.com
Microsoft Takes Unprecedented Action Against Cyber Threat Actor Star Blizzard - Cybersecurity Insiders - In a historic move that underscores the escalating battle against cybercrime, Microsoft has publicly acknowledged its role in launching a cyber offensive against a Russian-funded threat actor known as Star Blizzard. According to Microsoft’s ...
1 month ago Cybersecurity-insiders.com
Linux Malware perfctl Attacking Millions of Linux Servers - By combining elements from standard Linux tools like “perf” (a performance monitoring tool) and “ctl” (indicating control), the malware authors have crafted a seemingly innocuous name that masks its malicious intent. ...
1 month ago Gbhackers.com
Cybersecurity Today: National Vulnerability Database backlog, update on CIRA study: Cyber Security Today for Friday, October 4, 2024 - Updates on the latest cyber security threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time. Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can ...
1 month ago Cybersecuritytoday.libsyn.com
Black Kite Research Reveals 80% Of Manufacturing Companies Face Critical Cyber Vulnerabilities - Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit, said Ferhat Dikbiyik, Black Kite’s chief research and intelligence officer. Black Kite’s data reveals that manufacturing was the top industry ...
1 month ago Informationsecuritybuzz.com
Strengthening Security Posture Through People-First Engagement - Regular, small doses of security education help combat the “forgetting curve,” a theory developed by Hermann Ebbinghaus that suggests people forget 75% of newly learned information within a couple of days. These statistics underscore a critical ...
1 month ago Informationsecuritybuzz.com
October 2024 Patch Tuesday forecast: Recall can be recalled - Help Net Security - The monthly cumulative updates, or ‘differentials’ from the checkpoint update, as Microsoft calls them, will begin anew in the form of much smaller files. Now available for systems that meet the hardware requirements, it includes many new ...
1 month ago Helpnetsecurity.com
E-Commerce Protection Lags Behind: Insights from the 2024 Global Bot Security Report - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from DataDome authored by Kira Lempereur. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
California's Deepfake Regulation: Navigating the Minefield of AI, Free Speech, and Election Integrity - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from Meet the Tech Entrepreneur, Cybersecurity Author, and Researcher authored by Deepak Gupta - Tech Entrepreneur, Cybersecurity Author. ...
1 month ago Securityboulevard.com
Best practices for implementing threat exposure management, reducing cyber risk exposure - Help Net Security - By identifying misconfigurations in technical security controls and correlating them with asset, vulnerability, and exposure data from integrated assessment sources, organizations gain an understanding of their security landscape. By systematically ...
1 month ago Helpnetsecurity.com
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! - Help Net Security - MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. Complementing this is a PowerShell wrapper, crafted for flexibility and randomization, with pipeline capabilities that allow seamless ...
1 month ago Helpnetsecurity.com
Cybercriminals capitalize on poorly configured cloud environments - Help Net Security - However, mature threat actors are learning how to overcome obstacles — like leveraging inherent vulnerabilities in privileged device drivers for Windows to disable EDR sensors, injecting into privileged processes to delete critical security logs, ...
1 month ago Helpnetsecurity.com
New infosec products of the week: October 4, 2024 - Help Net Security - It also makes it possible to create effective security controls that keep a business’ most sensitive data safe from becoming a data security risk (e.g. revoking public access to files marked ‘confidential’). The Legit Posture Score sets a new, ...
1 month ago Helpnetsecurity.com
New Perfctl Malware Attacking Millions of Linux Servers - The Perfctl malware represents a significant threat to Linux servers worldwide, emphasizing the need for robust security measures and vigilant monitoring. Mitigation strategies include patching vulnerabilities, restricting file execution in writable ...
1 month ago Cybersecuritynews.com
DPRK's APT37 Targets Cambodia in Khmer - The North Korean state-sponsored threat actor known as APT37 has been carefully spreading a novel backdoor, dubbed "VeilShell." Of note is its target: Most North Korean advanced persistent threats (APTs) have a history of targeting ...
1 month ago Darkreading.com
Exposing the Credential Stuffing Ecosystem - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from Kasada authored by Nick Rieniets. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Dutch police breached by a state actor - “The police have been informed by the intelligence services that it is very likely a ‘state actor’, in other words: another country or perpetrators on behalf of another country.” reads the update on the data breach published ...
1 month ago Securityaffairs.com
USENIX NSDI '24 -LiFteR: Unleash Learned Codecs in Video Streaming with Loose Frame Referencing - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Recently patched CUPS flaw can be used to amplify DDoS attacks - As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution on Unix-like systems via a single UDP packet can also be leveraged to ...
1 month ago Bleepingcomputer.com
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
1 month ago Darkreading.com
Understanding the Dependency Injection Lifecycle - DZone - public class ClassD { // other implementation // Below code will update the value of callMeScoped to "I am from ClassA" for the instance of ClassA // But as it is Scoped life cycle so it is holding single instance ScopedImplementation of // Then it ...
1 month ago Feeds.dzone.com
3thix partners with Avalanche on web3 gaming ad data | VentureBeat - Coming up October 28th and 29th, join fellow leaders and amazing speakers like Matthew Bromberg (CEO Unity), Amy Hennig (Co-President of New Media Skydance Games), Laura Naviaux Sturr (GM Operations Amazon Games), Amir Satvat (Business Development ...
1 month ago Venturebeat.com
Make Cybersecurity Awareness Month a Game-Changer for You and Your Career - Cisco Blogs - Whether you’re a seasoned network engineer or just starting out, let Cisco Learning & Certifications help you to become your organization’s cybersecurity superstar starting with our Cisco Cybersecurity Training and Certification Giveaway. ...
1 month ago Feedpress.me
CISA Adds High-Severity Ivanti Vuln to KEV Catalog - "Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems," Eric Schwake, director of cybersecurity strategy at Salt Security, wrote in an ...
1 month ago Darkreading.com
Ukraine-Russia Cyber Battles Have Real-World Impact - "The evolution of cyberattacks and malware, particularly those that have an intersection with the use of generative AI, have lowered the barrier for entry for threat actors, leading to more threats and a greater volume of attacks," he says. ...
1 month ago Darkreading.com
A Leader in 2024 Forrester Enterprise Firewall Solutions Wave - Palo Alto Networks has long recognized these challenges, which is why we’ve built a network security platform that not only protects but also fosters business growth and innovation in today’s complex environment. We believe the recognition of ...
1 month ago Paloaltonetworks.com
‘Pig butchering’ trading apps found on Google Play, App Store - Group-IB also warns that the UniShadow Trade apps can mimick a variety of legitimate cryptocurrency and trading platforms, providing the following extensive list with potential names that could be used in impersonation attempts. Fake trading ...
1 month ago Bleepingcomputer.com
Microsoft SFI progress report elicits cautious optimism | TechTarget - "After a year, it looks like Microsoft has made some smart and substantive initial progress in elevating security across the whole organization: investment in security-focused head count, inclusion of security into performance reports across the ...
1 month ago Techtarget.com
News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by cybernewswire. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by cybernewswire. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Detroit-area government services impacted by cyberattack - Corrections officers within the Wayne County Sheriff’s Office have struggled to process inmates, the Wayne County Treasurer’s Office has had issues collecting taxes online and the Wayne County Register of Deeds Office closed early on Wednesday, ...
1 month ago Therecord.media
Microsoft security overhaul offers blueprint for SecOps | TechTarget - 23, nearly a year after Microsoft kicked off the initiative in response to a scathing report from the U.S. Department of Homeland Security's Cyber Safety Review Board about a "cascade of security failures" that led to a breach of email systems ...
1 month ago Techtarget.com
Dutch Police: ‘State actor’ likely behind recent data breach - Based on the intelligence services' information, the police immediately implemented strong security measures to counter this attack. The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week. ...
1 month ago Bleepingcomputer.com
Tesla Recalls 27,00 Cybertrucks Over Rear Camera | Silicon UK - CNBC reported that Tesla said on Thursday it would recall more than 27,000 Cybertrucks due to delayed rear-view camera images that could impair driver visibility and increase crash risks. CNBC reported that Tesla said on Thursday that the ...
1 month ago Silicon.co.uk
Voting for the first time—4 cybersecurity tips for new voters - Here’s a quick checklist for first-time voters and tips to help them keep their personal information safe this election cycle. Whether you're excited or just trying to get through it, there are a few things you’ll want to know—not just about ...
1 month ago Blog.avast.com
You don't need to pay for antivirus software - here's why | ZDNET - As for Windows? Well, Microsoft Defender Antivirus, which is included with every Windows PC, routinely aced the tests from third-party labs that measure the effectiveness of security software. Older Americans are significantly more likely to use ...
1 month ago Zdnet.com
The Future of AI Safety: What California's Vetoed Bill Means - Although the veto was a setback for the bill, it highlights key debates in the emerging field of AI governance and the potential for California to shape the future of AI regulation. With the rapid advancement of AI technology, California's ...
1 month ago Darkreading.com
Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure - Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. "Between ...
1 month ago Bleepingcomputer.com
Browser Firms Press EU To Reconsider Microsoft Edge | Silicon UK - Reuters reported that the letter to the European Commission was from Vivaldi, Waterfox, Wavebox and the Open Web Advocacy, and it alleges that Microsoft gives its Edge browser an unfair advantage. Reuters noted that the letter could bolster Norwegian ...
1 month ago Silicon.co.uk
New Linux Malware 'Perfctl' Targets Millions by Mimicking System Files - To protect your Linux systems from Perfctl, regularly update your operating system and software with the latest security patches, conduct vulnerability assessments, implement robust network security measures like firewalls and intrusion detection ...
1 month ago Hackread.com
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks - Website security company Sansec has been tracking the attacks since June 2024 and observed 4,275 stores breached in CosmicSting attacks, high-profile victims including Whirlpool, Ray-Ban, National Geographic,  Segway, and Cisco, which ...
1 month ago Bleepingcomputer.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 month ago Esecurityplanet.com
How To Collect Malware Indicators Of Compromise In The ANY.RUN Sandbox - The sandbox captures various types of IOCs like “network communications,” “file system changes,” “registry modifications,” and “process behaviors,” enabling thorough threat assessment. The ANY.RUN ...
1 month ago Cybersecuritynews.com
Microsoft Invests €4.3 Billion In Italy For AI, Cloud | Silicon UK - Microsoft said that it’s data centre expansion in Northern Italy coupled with its commitment to provide extensive AI skills training, supports the rising demand for AI compute and cloud services across Italy as organisations look to boost ...
1 month ago Silicon.co.uk
'Defunct' DOJ ransomware task force raises questions, concerns | TechTarget - "The Office of the Deputy Attorney General (ODAG) memorandum that established the Ransomware Task Force also contained several strategic areas, including directing the Ransomware Task Force to design and implement a strategy to disrupt and dismantle ...
1 month ago Techtarget.com
Celebrating Latin and Hispanic Heritage Month - Cisco Blogs - While LHHM gives us a special opportunity to celebrate our culture, WE should continually uplift our community, honor our traditions, and show respect for other cultures, ensuring that the values of unity and diversity remain at the forefront of our ...
1 month ago Feedpress.me
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
1 month ago Aws.amazon.com
How Analysts Use Telegram API to Intercept Data Exfiltrated by Malware - To start the process of collecting threat actor’s Chat ID and bot token, the analysts found a relevant malware sample related to the domain “api.telegram.org” using ANY.RUN’s Threat Intelligence Lookup. The sandbox also allowed researchers to ...
1 month ago Cybersecuritynews.com
Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps - Typically, threat actors launching DDoS attacks rely on large networks of infected devices (botnets) or look for ways to amplify the delivered data at the target, which requires a smaller number of systems. After scanning the public internet for ...
1 month ago Bleepingcomputer.com
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
1 month ago Wordfence.com
The Secret Weakness Execs Are Overlooking: Non-Human Identities - By shifting our focus to secrets security and adopting a comprehensive approach that includes robust detection, automated remediation, and integration with identity systems, organizations can significantly reduce their attack surface and bolster ...
1 month ago Thehackernews.com
Operation Cronos extension on LockBit Ransomware and FIN7 Deepfake Malware - Cybersecurity Insiders - The European Union Agency for Law Enforcement Cooperation announced that additional arrests are anticipated in the coming weeks, as they have already compiled a list of individuals connected to the group, aiming to disrupt their operations and IT ...
1 month ago Cybersecurity-insiders.com
Celebrating Cisco’s Solutions Engineers in Honor of National Techies Day - Cisco Blogs - The solutions we create at Cisco deliver desired outcomes for partners and customers by providing the most comprehensive suite of products and services that support secure and flexible access to data and applications, optimize performance, and enable ...
1 month ago Feedpress.me
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
1 month ago Securityaffairs.com
The Complete Guide to PAM Tools, Features, And Techniques - Before we can dig into specific PAM tools and techniques – it’s first helpful to discuss what effective privileged access management looks like. Privileged access management can’t exist in a silo, because hackers often rely on network/software ...
1 month ago Heimdalsecurity.com
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security - CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited ...
1 month ago Helpnetsecurity.com
Doppler Launches 'Change Requests' to Strengthen Secrets Management Security with Audited Approvals - Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. ...
1 month ago Cybersecuritynews.com
UWA Innovates: Network Upgrade Transforms Student Experience, Boosts Security, and Drives Sustainability - Cisco Blogs - University of Western Australia (UWA) recognized that investment in its underlying network was a major lever to improve the student experience, automate the management of core functions and ensure university data was protected. Ensuring cybersecurity ...
1 month ago Feedpress.me
Doppler Launches 'Change Requests' to Strengthen Secrets Management Security with Audited Approvals - Cybersecurity Insiders - Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. ...
1 month ago Cybersecurity-insiders.com
Doppler Launches 'Change Requests' to Strengthen Secrets Management Security with Audited Approvals - Cybersecurity Insiders - Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. ...
1 month ago Cybersecurity-insiders.com
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking - To mitigate the risk posed by perfctl, it's recommended to keep systems and all software up-to-date, restrict file execution, disable unused services, enforce network segmentation, and implement Role-Based Access Control (RBAC) to limit access to ...
1 month ago Thehackernews.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
1 month ago Cybersecurity-insiders.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
1 month ago Cybersecurity-insiders.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
1 month ago Cybersecurity-insiders.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
1 month ago Cybersecurity-insiders.com
OpenText report raises awareness for consumer digital life protection as privacy concerns increase with generative AI use - Webroot Blog - Additionally, while consumers have taken steps to protect their personal information, only 27% use privacy tools and settings to protect workplace information when using generative AI. Consumers can better protect their sensitive information from ...
1 month ago Webroot.com

Trending Cyber News (last 7 days)

CVE-2024-44232 - The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video ...
5 days ago
CVE-2024-51066 - An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers. ...
5 days ago
CVE-2024-48359 - Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. ...
5 days ago
CVE-2024-48360 - Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. ...
5 days ago
CVE-2024-10595 - A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql ...
5 days ago
CVE-2024-10619 - A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /pda/reportshop/next_detail.php. The manipulation of the argument repid leads to sql injection. It is possible to ...
5 days ago
CVE-2024-41744 - IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. ...
5 days ago
CVE-2024-41745 - IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ...
5 days ago
CVE-2024-51492 - Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on (raw) image load. With certain payloads, theft of the ...
5 days ago
CVE-2024-44234 - The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video ...
5 days ago
CVE-2024-9191 - The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The ...
5 days ago
CVE-2024-10612 - A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql ...
5 days ago
CVE-2024-48353 - Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. ...
5 days ago
CVE-2024-44233 - The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video ...
5 days ago
CVE-2024-10310 - The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all ...
4 days ago
CVE-2024-8739 - The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible ...
4 days ago
CVE-2024-10699 - A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible ...
4 days ago
CVE-2024-10556 - A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch ...
5 days ago
CVE-2024-10557 - A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site ...
5 days ago
CVE-2024-10559 - A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The ...
5 days ago
CVE-2024-10561 - A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate ...
5 days ago
CVE-2024-21537 - Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through ...
6 days ago
CVE-2024-8553 - A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific ...
5 days ago
CVE-2024-50356 - Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they ...
6 days ago
CVE-2024-42515 - Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly ...
5 days ago
CVE-2024-10596 - A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads ...
6 days ago
CVE-2024-10598 - A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to ...
5 days ago
CVE-2024-10618 - A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.10. This issue affects some unknown processing of the file /pda/reportshop/record_detail.php. The manipulation of the argument repid leads to sql injection. ...
5 days ago
CVE-2024-10659 - A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the ...
5 days ago
CVE-2024-10540 - The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due ...
4 days ago
CVE-2024-48307 - JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. ...
6 days ago
CVE-2024-10392 - The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for ...
6 days ago
CVE-2024-9430 - The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, ...
6 days ago
CVE-2024-9434 - The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes ...
6 days ago
CVE-2024-9446 - The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user ...
6 days ago
CVE-2024-43930 - Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3. ...
6 days ago
CVE-2024-39719 - An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the ...
5 days ago
CVE-2024-10594 - A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql ...
6 days ago
CVE-2024-10597 - A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is ...
6 days ago
CVE-2024-10602 - A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc ...
5 days ago
CVE-2024-10607 - A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. ...
5 days ago
CVE-2024-10232 - The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output ...
5 days ago
CVE-2024-10660 - A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection. It is ...
5 days ago
CVE-2024-10661 - A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. ...
5 days ago
CVE-2024-51774 - qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. ...
4 days ago
CVE-2024-9896 - The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, ...
4 days ago
CVE-2024-10698 - A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer ...
4 days ago
CVE-2024-38415 - Memory corruption while handling session errors from firmware. ...
2 days ago Tenable.com
CVE-2024-51530 - LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. ...
1 day ago Tenable.com
CVE-2024-9867 - The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, ...
1 day ago Tenable.com