Aggregator

A vulnerability was found in Freedesktop spice-gtk and classified as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2012-4425. An attack has to be approached locally. Furthermore, there is an exploit available.

Brazil’s Polícia Federal has arrested hacker USDoD, the hacker behind the National Public Data and InfraGard breaches. Brazil’s Polícia Federal (PF) announced the arrest in Belo Horizonte/MG of the notorious hacker USDoD. In August, a CrowdStrike investigation revealed that the hacker USDoD (aka EquationCorp), who is known for high-profile data leaks, is a man from Brazil. The […]

A vulnerability was found in McAfee Cloud Single Sign On. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2014-2586. The attack can be launched remotely. Furthermore, there is an exploit available.

Security Teams Need Support, Mental Health Resources and a Focus on Resilience
Managing the aftermath of a cybersecurity incident can be grueling, and the intense pressure placed on these individuals can take a toll. Stress in the cybersecurity field, particularly post-incident, is a well-documented issue that many professionals quietly struggle with.

New Features From Structure101 Simplify Code Structure, Future-Proof Development
Sonar has integrated Structure 101's design expertise into its platform, enhancing code architecture and reducing dependency issues. This update helps developers streamline workflows and minimize long-term software evolution costs, ensuring good code management across multiple programming languages.

FBI Disrupted DDoS Group in March
Two Sudanese brothers are under criminal indictment in the United States for their role in distributed denial-of-service attacks launched under the moniker of Anonymous Sudan. Among the group's targets were a major Los Angeles hospital and Microsoft.

Most IT Restored, But UHG Is Still Catching Up and Aiming to Win Back Clients
UnitedHealth Group has raised its estimates to nearly $2.9 billion for the total costs this fiscal year of the cyberattack on its Change Healthcare IT services unit. UHG said it is also working to catch up with claims processing and to win back clients disenfranchised by the attack.

New NCSC Chief Also Warns of Threefold Increase in Severe Cyberattacks
The U.K. experienced a 50% spike in cybersecurity incidents posing national security risks this year, according to NCSC CEO Richard Horne. Growing advancements in emerging tech are widening the gap between offensive and defensive cyber capabilities, he warned.

A vulnerability has been found in Deceiver Anahi A Adopter FR 0.1 and classified as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7739. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in FMAC Federation Culinaire 1. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7737. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in 2rv Dr. Sheikh Adnan Ibrahim 1. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7735. Access to the local network is required for this attack to succeed. There is no exploit available.

Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. [...]

A vulnerability, which was classified as critical, was found in Tu-braunschweig libsmi 0.4.8. This affects the function smiGetNode in the library lib/smi.c. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2010-2891. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Adobe Flash Player. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4160. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in "Operation Data Breach". [...]

But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.

A vulnerability, which was classified as critical, was found in Adobe Flash Player up to 21.0.0.242. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2016-4120. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Forminator Forms Plugin up to 1.35.1 on WordPress. Affected is an unknown function of the component Draft Quiz Creation. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-9351. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Forminator Forms Plugin up to 1.35.1 on WordPress. This issue affects some unknown processing of the component Draft Custom Forms Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-9352. The attack may be initiated remotely. There is no exploit available.