Aggregator

A vulnerability classified as problematic has been found in Microsoft Word 2003. Affected is an unknown function in the library MSO.dll of the file word_crash_11.8326.8324_poc.doc. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2010-3200. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component LPC Message Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2010-3222. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Microsoft Windows 7/Vista SP2. This vulnerability affects unknown code. The manipulation leads to improper resource management. This vulnerability was named CVE-2010-3225. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Microsoft Windows R2. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2010-3223. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

CISO Sempra Infrastructure | USA | Hybrid – View job details As a CISO, you will develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requirements. Assess and manage cybersecurity risks across the organization’s digital infrastructure, networks, and sensitive data. Implement risk mitigation strategies and ensure regular risk assessments and audits. Cloud Security Engineer UBX | Philippines | On-site – View job details As a Cloud … More →

The post Cybersecurity jobs available right now: January 21, 2025 appeared first on Help Net Security.

A vulnerability was found in Apple QuickTime 7.2 and classified as critical. This issue affects some unknown processing of the component Video File Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2007-4677. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in ssh Tectia Server up to 5.2.2. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2007-5616. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Uber UberEATS: Uber for Food Delivery 1.108.10001 on iOS. This affects an unknown part. The manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2017-13104. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Apple QuickTime and classified as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2007-4676. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple QuickTime 7.2. This affects an unknown part of the component PICT Opcode Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2007-4676. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in MIT Kerberos up to 5-1.2.2. This issue affects the function telrcv of the component Telnet Daemon. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2001-0554. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

2024年期间，各组织向美国政府报告了720起医疗保健数据泄露事件，这些事件共影响1.86亿条用户记录。

主站 分类 漏洞 工具 极客

A vulnerability, which was classified as problematic, was found in Kajona up to 3.4.1. This affects the function getAllPassedParams of the component Downloads Module. The manipulation of the argument archive_path leads to cross site scripting. This vulnerability is uniquely identified as CVE-2012-3805. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

  HackerNews 编译，转载请注明出处： 卡巴斯基日前披露了梅赛德斯-奔驰MBUX车载信息娱乐系统中发现的十多个漏洞，虽然这些漏洞已经被修复，且不易被利用，但梅赛德斯-奔驰仍向用户保证，漏洞已得到修复。 卡巴斯基对梅赛德斯-奔驰MBUX系统的研究基于2021年由中国团队发布的研究成果。卡巴斯基在其博客中发布了相关发现，并开始发布针对每个漏洞的安全建议。此次研究聚焦于第一代MBUX系统。 其中，部分漏洞可被利用发起拒绝服务（DoS）攻击，另一些则可用于获取数据、命令注入和提升权限。 卡巴斯基表示，已经演示了物理访问目标车辆的攻击者如何利用其中一些漏洞禁用车载系统的防盗保护、对车辆进行调校，并解锁付费服务。这些攻击通过USB或定制的UPC连接实施。 这些漏洞已被分配了2023年和2024年的CVE标识符，但梅赛德斯-奔驰向《SecurityWeek》表示，自2022年以来，公司就已知悉卡巴斯基的发现。 梅赛德斯-奔驰发言人在一份电子邮件声明中表示：“2022年8月，一组外部安全研究人员联系了我们，针对第一代MBUX（梅赛德斯-奔驰用户体验）提出了相关问题。” “研究人员提到的问题需要对车辆进行现场物理访问，并进入车辆内部，此外，还需拆卸并打开车载系统。新版本的车载信息娱乐系统不受影响，”发言人补充道。 梅赛德斯-奔驰表示，产品和服务的安全性“高度优先”，并呼吁研究人员通过公司的漏洞披露计划报告发现的问题。 此前，研究人员披露过可被利用的漏洞，声称这些漏洞可被用于远程黑客攻击梅赛德斯-奔驰汽车。 其他与梅赛德斯-奔驰相关的网络安全问题还涉及公司IT基础设施。去年，研究人员报告称，一名梅赛德斯-奔驰员工泄露的GitHub令牌使得外界能够访问公司GitHub Enterprise服务器上存储的所有源代码。   消息来源：Security Week, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

HackerNews 编译，转载请注明出处： 社交媒体安全初创公司Spikerz上周宣布，成功完成700万美元的种子轮融资。 本轮融资由Disruptive AI领投，Horizon Capital、Wix Ventures、Storytime Capital和BDMI等老股东参与。 Spikerz表示，此轮融资将帮助公司加速平台开发、拓展全球市场并加强团队建设。 Spikerz开发了一种解决方案，社交媒体团队和网络红人可以利用该平台跟踪并中和钓鱼攻击、诈骗及其他可能威胁账户安全的风险。 该平台还具备检测和移除虚假账户及恶意机器人功能，并提供工具帮助识别并解决限制账户可见性（如影藏封禁）的问题。 Spikerz首席执行官Naveh Ben Dror表示：“社交媒体平台已成为全球企业、中小型企业和品牌的重要来源。然而，恶意行为者，尤其是利用生成型人工智能（GenAI）的攻击者，日益复杂的手段对这些生计构成了重大威胁。” 他补充道：“在Spikerz，我们致力于通过AI驱动的工具和网络安全专业技术，保持账户的安全。这笔融资体现了问题的紧迫性以及投资者对我们解决这一问题的信任。” 消息来源：Security Week, 编译：zhongx； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

A vulnerability classified as critical has been found in Apple QuickTime 7.2. Affected is an unknown function of the component QT4J Java Applet Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2007-3751. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Fortinet FortiOS up to 5.4.9/6.0.1. Affected by this vulnerability is an unknown functionality of the component RSA PKCS #1. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2018-9192. The attack can be launched remotely. There is no exploit available.