Latest Cyber News

Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs - Simply parsing through the logs may not always give you a complete picture either. This blog post will walk through the steps I have taken to build a bigger picture to make an attack observation, briefly going over various attacks such as malicious ...
6 hours ago Isc.sans.edu
Using Scary but Fun Stories to Aid Cybersecurity Training - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
7 hours ago Securityboulevard.com
What Is Security Service Edge: All You Need to Know - Security service edge is a security technology that secures access to assets outside of the corporate network. Security service edge introduces a control that connects to remote users and assets before they connect to each other. All SSE tools borrow ...
7 hours ago Esecurityplanet.com
Top Cloud Security Issues: Threats, Risks, Challenges & Solutions - Cloud security issues refer to the threats, risks, and challenges in the cloud environment. To combat these cloud security issues, develop a robust cloud security strategy that addresses all three to provide comprehensive protection. Cloud security ...
7 hours ago Esecurityplanet.com
Hackers Claim Ticketmaster Data Breach: 560 Million Users' Info Up for Sale - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
8 hours ago Hackread.com
Christie disclosed a data breach after RansomHub attack - MUST READ. Christie disclosed a data breach after a RansomHub attack. OmniVision disclosed a data breach after the 2023 Cactus ransomware attack. City of Wichita disclosed a data breach after the recent ransomware attack. Australian Firstmac Limited ...
8 hours ago Securityaffairs.com
2.8M US folks' personal info swiped in Sav-Rx IT heist The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
8 hours ago Go.theregister.com
First American December data breach impacts 44,000 people - First American Financial Corporation, the second-largest title insurance company in the United States, revealed Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. Founded in 1889, it provides financial and settlement ...
9 hours ago Bleepingcomputer.com
Over 90 malicious Android apps with 5.5M installs found on Google Play - Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa is a banking trojan that targets over 650 ...
9 hours ago Bleepingcomputer.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
10 hours ago Techcrunch.com
pcTattleTale spyware leaks database containing victim screenshots, gets website defaced - When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken ...
10 hours ago Malwarebytes.com
CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks - Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service botnet variant called CatDDoS. The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, ...
10 hours ago Darkreading.com
Treasury Sanctions Creators of 911 S5 Proxy Botnet - The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through ...
10 hours ago Krebsonsecurity.com
Experts released PoC exploit code for RCE in Fortinet SIEM - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Crowdfense is offering a larger 30M USD exploit acquisition program. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. PoC ...
11 hours ago Securityaffairs.com
OpenAI Launches Security Committee Amid Ongoing Criticism - The new committee comes in the wake of two key members of the Superalignment team - OpenAI co-founder Ilya Sutskever and AI researcher Jan Leike - left the company. The shutting down of the superalignment team and the departure of Sutskever and Leike ...
11 hours ago Securityboulevard.com
Attackers Target Check Point VPNs to Access Corporate Networks - In recent months, researchers have observed an increase in attackers using remote access virtual private networks as a golden ticket for initial network access. Multiple cybersecurity vendors' solutions have been compromised, according to a recent ...
12 hours ago Darkreading.com
Ransomware attack on Seattle Public Library knocks out online systems - A ransomware attack on the Seattle Public Library has brought services to a halt - knocking out the wireless network, computers for staff and patrons, and the entire online catalog. The incident began on Saturday, the organization said in a statement ...
12 hours ago Therecord.media
How AI could bolster software supply chain security - SAN FRANCISCO - While supply chain risks remain prevalent across enterprises of all sizes, Synopsys' Tim Mackey said AI tools will enable developers more than attackers - at least for now. Supply chain security was a significant topic that speakers ...
12 hours ago Techtarget.com
Check Point warns of threat actors targeting VPNs - Check Point Software Technologies warned of attempted attacks against its VPNs by targeting accounts that use passwords as the only means of authentication. The warning came via a Monday blog post urging readers to improve their VPN security ...
12 hours ago Techtarget.com
BreachForums returns, just weeks after FBI-led takedown The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
12 hours ago Go.theregister.com
US govt sanctions cybercrime gang behind massive 911 S5 botnet - Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP ...
12 hours ago Bleepingcomputer.com
US govt sanctions cybercrime gang behind massive 911 S5 botnet - Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP ...
12 hours ago Bleepingcomputer.com
US govt sanctions cybercrime gang behind massive 911 S5 botnet - Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP ...
12 hours ago Bleepingcomputer.com
Russian indicted for selling access to US corporate networks - An initial access broker is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks. The indictment mentions an incident from January ...
13 hours ago Bleepingcomputer.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
13 hours ago Techcrunch.com
OpenAI Forms Another Safety Committee After Dismantling Prior Team - Open AI is forming a safety and security committee led by company directors Bret Taylor, Adam D'Angelo, Nicole Seligman, and CEO Sam Altman. The committee is being formed to make recommendations to the full board on safety measures and security ...
13 hours ago Darkreading.com
Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
13 hours ago Bleepingcomputer.com
Major Russian delivery company down for three days due to cyberattack - A little-known hacker group claimed responsibility for an attack that has disrupted service for days at CDEK, one of Russia's largest delivery companies. The Russian-speaking hackers, who call themselves Head Mare, said they encrypted the company's ...
13 hours ago Therecord.media
Why cellular-first SASE is defining the future of distributed enterprises - Startups seeing double-digit growth rates tell VentureBeat that combining networking and security in the same platform is essential for protecting every identity, endpoint, and threat surface that gets exposed as their companies quickly grow. ...
13 hours ago Venturebeat.com
Randall Munroe's XKCD 'Room Code' - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
13 hours ago Securityboulevard.com
Upcoming Webinar: Getting Started With QUIC and OpenSSL - We are pleased to announce our upcoming webinar, Getting Started with QUIC and OpenSSL. In this brief yet comprehensive session, we'll dive into the basics of QUIC and guide you through implementing a simple client using the QUIC OpenSSL API. By the ...
13 hours ago Openssl.org
Hackers Target Check Point VPNs, Security Fix Released - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
14 hours ago Hackread.com
Ongoing enterprise hacking campaign targets Check Point VPNs - Intrusions infiltrating enterprise networks through Check Point Remote Access VPN instances are underway, according to BleepingComputer. Attackers have conducted three attempts to compromise Check Point VPN solutions through old VPN local accounts ...
14 hours ago Packetstormsecurity.com
The satellites using radar to peer at earth in minute detail - Synthetic aperture radar allows satellites to bounce radar signals off the ground and interpret the echo - and it can even peer through clouds. Clouds cover around two-thirds of the world at any one time, preventing conventional satellites from ...
14 hours ago Packetstormsecurity.com
Christie's Confirms Data Breach After Ransomware Group Claims Attack - Auction house Christie's has confirmed suffering a data breach after a ransomware group on Monday threatened to leak information stolen from the company. The cyberattack was launched just as the auction house was attempting to sell high-value items ...
14 hours ago Packetstormsecurity.com
SpiderOak's datacenter upgrade is still borking backups The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
14 hours ago Go.theregister.com
Nearly 3 million affected by Sav-Rx data breach - Nearly three million people had sensitive information leaked during an October cyberattack on the prescriptions management company Sav-Rx. In filings to regulators last week and a notice on its website, the company said names, addresses, eligibility ...
14 hours ago Therecord.media
UAC Bypass: 3 Methods Used Malware In Windows 11 in 2024 - User Account Control is one of the security measures introduced by Microsoft to prevent malicious software from executing without the user's knowledge. Modern malware has found effective ways to bypass this barrier and ensure silent deployment on the ...
14 hours ago Cybersecuritynews.com
GDPR Turns Six: Reflecting on a Global Privacy Benchmark - The EU's flagship data protection law, the General Data Protection Regulation, celebrated its sixth anniversary on 25th May '24. Since coming into effect in 2018, its stringent requirements for enhanced security controls and data privacy have ...
14 hours ago Itsecurityguru.org
Threats of the Week: Black Basta, Scattered Spider, and FIN7 Malvertising - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
14 hours ago Securityboulevard.com
HP Report Surfaces Shifts in Cyber Attack Tactics - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
14 hours ago Securityboulevard.com
Exploit released for maximum severity Fortinet RCE bug, patch now - Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet's security information and event management solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a ...
15 hours ago Bleepingcomputer.com
Christie's confirms breach after RansomHub threatens to leak data - Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. Christie's is a prominent auction house with a history spanning 2.5 centuries. ...
15 hours ago Bleepingcomputer.com
ABN AMRO bank hit by Ransomware - A prominent ransomware group has reportedly targeted the databases of ABN AMRO bank, resulting in the theft of data belonging to a subset of customers. The financial institution has swiftly responded by implementing measures to mitigate risks and is ...
15 hours ago Cybersecurity-insiders.com
Congresswomen Advocate for Cybersecurity Jobs for Formerly Incarcerated - Shontel Brown and Haley Stevens introduced the new Diverse Cybersecurity Workforce Act, which is currently supported by 32 other cosponsors. Under the initiative, the US cybersecurity agency will be tasked with expanding education and outreach ...
15 hours ago Securityweek.com
CISA Releases One Industrial Control Systems Advisory - These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. This ...
15 hours ago Cisa.gov
CISA Adds One Known Exploited Vulnerability to Catalog - CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the ...
15 hours ago Cisa.gov
Shared Responsibility: How We Can All Ensure Election Security - In 2024, voters in more than 60 countries-representing 4 billion people-will cast ballots. Some of the elections are far-reaching-such as the upcoming European Parliamentary elections, which will span 27 countries from June 6 to 9. In an era where ...
15 hours ago Feedpress.me
Social Distortion: The Threat of Fear, Uncertainty and Deception in Creating Security Risk - In offensive security, there are a range of organization specific vulnerabilities that create risk, from software/hardware vulnerabilities, to processes and people. While Red Teams can expose and root out organization specific weaknesses, there is ...
15 hours ago Securityweek.com
ABN Amro Client Data Possibly Stolen in AddComm Ransomware Attack - Dutch bank ABN Amro says client data may have been compromised in a ransomware attack at third-party services provider AddComm. The third-party provider announced that the incident has been contained and that the attackers no longer have access to ...
15 hours ago Securityweek.com
Best Practices for Cloud Computing Security - Given that business data is often sensitive and confidential, cloud computing environments require necessary security measures. As you navigate cloud computing platforms, here are essential security tips to remember. Look for cloud computing services ...
1 day ago Hackread.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
1 day ago Securityaffairs.com
Jumpstart your studies for ENNA with Network Assurance Prep - It's no secret that today's networks span across a vast, decentralized web of services, where anything can-and will-happen to your data. When your network's not under your direct control, it's hard to see issues. Not knowing what's going on in and ...
1 day ago Feedpress.me
TP-Link fixes critical RCE bug in popular C5400X gaming router - The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. The TP-Link Archer C5400X is a high-end tri-band gaming router designed to provide robust ...
1 day ago Bleepingcomputer.com
Analysis of BloodAlchemy Malware: A New Evolution of Deed RAT - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 day ago Hackersonlineclub.com
Hackers target Check Point VPNs to breach enterprise networks - Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. Remote Access is integrated into all Check Point network firewalls. It can be configured ...
1 day ago Bleepingcomputer.com
Microsoft to roll out AI powered PCs concerningly in coming years - Microsoft is poised to revolutionize the landscape of personal computing with its upcoming line of AI-powered PCs, signaling a significant shift in user experience and productivity. These cutting-edge devices, akin to the already unveiled Copilot, ...
1 day ago Cybersecurity-insiders.com
Fake Antivirus websites now delivering malware - In recent times, the landscape of cyber threats has taken a new turn, with cybercriminals employing sophisticated tactics to disseminate malware through counterfeit antivirus websites. This revelation comes from researchers at Trellix, shedding light ...
1 day ago Cybersecurity-insiders.com
Securing Cloud Environments: Safeguarding Against Cyber Threats - Cloud computing has revolutionized the way businesses operate, offering scalability, flexibility, and cost-efficiency. As organizations increasingly rely on cloud environments to store and process sensitive data, ensuring robust security measures is ...
1 day ago Cybersecurity-insiders.com
US govt agencies get onboard with Biden's AI exec order The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 day ago Go.theregister.com
Ascension Cyber Attack Leaves Healthcare Sector Reeling - On May 9, Ascension, the largest nonprofit and Catholic health system in the United States, announced that it fell victim to a major cyber attack. The attack on Ascension is different since it directly impacts clinical operations across multiple ...
1 day ago Securityboulevard.com
Hackers use Greatness PaaS tool to Steal Microsoft 365 credential - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 day ago Cybersecuritynews.com
Major drug companies caught up in Cencora data loss The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 day ago Packetstormsecurity.com
Best Buy, Geek Squad most impersonated for scams in 2023 The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 day ago Packetstormsecurity.com
Man behind deepfake Biden robocall indicted, faces $6M fine The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 day ago Packetstormsecurity.com
Beyond Code: Harnessing AI for Advanced Cybersecurity Solutions - Cybersecurity defenses are shifting, aiming to predict and block cyber threats in advance, acting as digital guardians attempting to stay one step ahead. This transition toward a future where cybersecurity systems are not only reactive but ...
1 day ago Cyberdefensemagazine.com
Rising Like A Phoenix, ShowMeCon 2024 Resurrects A Security Community In The Midwest - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 day ago Securityboulevard.com
Continuous Threat Exposure Management - This shift towards consolidation paves the way for a powerful new approach: Continuous Threat Exposure Management. Continuous Threat Exposure Management, or CTEM is a proactive security methodology that employs ongoing monitoring, evaluation, and ...
1 day ago Securityboulevard.com
Sav-Rx discloses data breach impacting 2.8 million Americans - Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. A&A Services, doing business as Sav-RX, is a pharmacy ...
1 day ago Bleepingcomputer.com
GNOME Remote Desktop Flaw Let Attackers Read Login Credentials - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 day ago Gbhackers.com
Get 9 Courses on Ethical Hacking for Just $50 - TL;DR: Kickstart a lucrative ethical hacking career or protect your own business with The Complete 2024 Penetration Testing & Ethical Hacking Certification Training Bundle, now just $49.99. Ethical hackers are in high demand all over the world, in ...
1 day ago Techrepublic.com
SentinelOne vs Palo Alto Cortex XDR: Which Tool is Best? - SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. SentinelOne's Singularity platform offers four subscription tiers that include their ...
1 day ago Techrepublic.com
Elon Musk's xAI In $6bn Funding Round Valuing It At $24bn - Elon Musk artificial intelligence start-up xAI concludes $6bn funding round valuing it at $24bn in coming weeks amidst heavy competition. Elon Musk artificial intelligence start-up xAI has raised funds from major venture capital firms Lightspeed ...
1 day ago Silicon.co.uk
Boeing Starliner Set For 1 June Crewed Launch - Crewed flight of Boeing's Starliner planned to be final test to certify long-delayed vehicle for NASA flights to International Space Station. Boeing and NASA have scheduled the new date of Saturday, 1 June for the first manned test flight of Boeing's ...
1 day ago Silicon.co.uk
Google Invests $350m In India's Flipkart - Google becomes minority shareholder in Walmart-owned Amazon competitor Flipkart as it progresses investment plans in India. Google is to buy a minority stake worth $350 million in Indian e-commerce company Flipkart, which is majority-owned by ...
1 day ago Silicon.co.uk

Trending Cyber News (last 7 days)

CVE-2024-29853 - An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. ...
6 days ago
CVE-2023-6487 - The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it ...
6 days ago
CVE-2021-47490 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47476 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47480 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47493 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2024-36241 - Mattermost versions 9.5.x < 9.5.3, 9.6.x < 9.6.1 and 8.1.x < 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command ...
2 days ago
CVE-2024-5364 - A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id ...
2 days ago
CVE-2024-5272 - Mattermost versions 9.5.x < 9.5.3, 9.6.x < 9.6.1, 8.1.x < 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the ...
2 days ago
CVE-2024-34152 - Mattermost versions 9.5.x < 9.5.3, 9.6.x < 9.6.1 and 8.1.x < 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns ...
2 days ago
CVE-2021-47489 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2024-5363 - A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql ...
2 days ago
CVE-2024-5351 - A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack ...
2 days ago
CVE-2021-47475 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2024-4153 - A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to bypass user creation limits and potentially evade payment requirements. The issue arises from an undefined behavior when handling input to the API, specifically through a POST ...
6 days ago
CVE-2024-5350 - A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack ...
3 days ago
CVE-2024-5352 - A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component ...
3 days ago
CVE-2024-5357 - A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql ...
2 days ago
CVE-2024-5358 - A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql ...
2 days ago
CVE-2024-29215 - Mattermost versions 9.5.x < 9.5.3, 9.7.x < 9.7.1, 9.6.x < 9.6.1, 8.1.x < 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that ...
2 days ago
CVE-2024-5340 - A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command ...
3 days ago
CVE-2024-5361 - A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql ...
2 days ago
CVE-2024-5362 - A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is ...
2 days ago
CVE-2024-5365 - A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It ...
2 days ago
CVE-2024-5270 - Mattermost versions 9.5.x < 9.5.3, 9.7.x < 9.7.1, 9.6.x < 9.6.1 and 8.1.x < 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their ...
2 days ago
CVE-2024-34029 - Mattermost versions 9.5.x < 9.5.3, 9.7.x < 9.7.1 and 8.1.x < 8.1.12 fail to perform a proper authorization check in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint which allows a user to learn the members ...
2 days ago
CVE-2022-48681 - Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail. ...
18 hours ago
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
1 day ago Securelist.com
CVE-2024-2953 - The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for ...
6 days ago
CVE-2021-47491 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2024-34995 - svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST ...
4 days ago
CVE-2024-36079 - An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, ...
4 days ago
CVE-2024-5360 - A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to ...
2 days ago
CVE-2024-36255 - Mattermost versions 9.5.x < 9.5.3, 9.6.x < 9.6.1 and 8.1.x < 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a ...
2 days ago
CVE-2024-5359 - A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is ...
2 days ago
CVE-2024-5366 - A vulnerability has been found in SourceCodester Best House Rental Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file edit-cate.php. The manipulation of the argument id leads to sql injection. ...
2 days ago
Windows 10 PLUGScheduler Flaw Allows Privilege Escalation - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 days ago Cybersecuritynews.com
CVE-2024-3666 - The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input ...
6 days ago
CVE-2024-4157 - The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the ...
6 days ago
CVE-2021-47487 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
12 hours ago
CVE-2024-36049 - Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a ...
4 days ago
CVE-2024-5355 - A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has ...
3 days ago
CVE-2024-36037 - Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. ...
18 hours ago
CVE-2024-35395 - TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. ...
4 days ago
Truecaller Introduces AI Voice Feature for Personalized Call Responses - The Caller ID company Truecaller will now allow users to create an AI version of their voice to answer calls. Truecaller, known for identifying and blocking spam calls, is introducing a new feature for users with access to its AI Assistant. By ...
2 days ago Cysecurity.news
Files with TXZ extension used as malspam attachments - Malicious e-mail attachments come in all shapes and sizes. These container files, especially, can sometimes be quite unusual Which is where today's diary comes in. While going over messages that were caught in my malspam traps over the course of May, ...
2 days ago Isc.sans.edu
Hackers target Check Point VPNs to breach enterprise networks - Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. Remote Access is integrated into all Check Point network firewalls. It can be configured ...
1 day ago Bleepingcomputer.com
TP-Link fixes critical RCE bug in popular C5400X gaming router - The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. The TP-Link Archer C5400X is a high-end tri-band gaming router designed to provide robust ...
1 day ago Bleepingcomputer.com
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
2 days ago Securityaffairs.com
Jumpstart your studies for ENNA with Network Assurance Prep - It's no secret that today's networks span across a vast, decentralized web of services, where anything can-and will-happen to your data. When your network's not under your direct control, it's hard to see issues. Not knowing what's going on in and ...
1 day ago Feedpress.me