Aggregator

Появились новые подробности расследования громкой кибератаки на США.

A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. This vulnerability was named CVE-2024-11214. The attack can be initiated remotely. Furthermore, there is an exploit available. The initial researcher disclosure contains confusing vulnerability classes.

A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11213. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. This vulnerability is handled as CVE-2024-11212. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #443304 / VDB-284530

Submit #443298 / VDB-284529

Submit #442035 / VDB-284528

直播预约：2024 OWASP中国安全技术论

多款马自达汽车型号的信息娱乐系统存在漏洞，可能允许攻击者以根权限执行任意代码

Submit #442942 / VDB-284526

Here's How Schools, Certification Bodies, Boot Camps and Leaders Can Lend a Hand
Across the security landscape, partnerships are becoming a cornerstone in developing agile, prepared professionals who can not only react to threats but anticipate and neutralize them. Here's how universities, certification bodies, boot camps and industry leaders can drive the industry forward.

Stealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks
Godzilla webshell, a Chinese-language backdoor known for its stealth and ability to execute commands and manipulate files, is publicly available on GitHub, and federal authorities have issued a stern warning to the healthcare sector to prepare for this threat and inevitable cyberattacks.

Multiple Critical Vulnerabilities Expose Industrial Control Risks
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers. The vulnerabilities could allow unauthorized access, data manipulation and system interruptions.

DOJ Accuses Alleged Hackers of Stealing Terabytes of Data From Snowflake Victims
The Justice Department unsealed an indictment against alleged hackers Connor Moucka and John Binns, accusing them of stealing data from the cloud platform Snowflake, extorting millions in bitcoin and stealing sensitive personal information from over 165 organizations and millions of individuals.

CEOs Jeff Shiner, David Faugno Eye Extended Access Management, Enterprise Scale
With a new co-CEO model, 1Password's Jeff Shiner and David Faugno align product and operational leadership to build on the extended access management platform. Focusing on global partnerships and expansion, the company targets enhanced security for diverse workplace environments.

Количество малых закупок Microsoft выросло вдвое.

阿西夫·威廉·拉赫曼 (Asif William Rahman)上周在弗吉尼亚州联邦法院被起诉，罪名是故意保留和传播国防信息，违反了《间谍法》。他于周二在柬埔寨被联邦调查局逮捕，定于周四在关岛联邦法院出庭受审。