Aggregator

Cryptocurrency / Mobile SecurityCybersecurity researchers have discovered a malicious Android app

A vulnerability was found in Index Script up to 2.8. It has been classified as critical. Affected is an unknown function of the file show_cat.php. The manipulation of the argument cat_id leads to sql injection. This vulnerability is traded as CVE-2007-4069. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

This article is based on the public release of Ghidra 11.2.Ghidra’s project base

揭秘文件劫持漏洞：JERRY工具的深度分析与实战应用 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in Backdoor.Win32.Prorat.jz and classified as critical. Affected by this issue is some unknown functionality of the component FTP Service. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability has been found in Backdoor.Win32.Amatu.a and classified as critical. Affected by this vulnerability is an unknown functionality of the file mine.exe of the component Service Port 2121. The manipulation leads to backdoor. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability, which was classified as critical, was found in Backdoor.Win32.Agent.pw. Affected is an unknown function of the component Service Port 21111. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability, which was classified as critical, has been found in Backdoor.Win32.Boiling. This issue affects some unknown processing of the component Service Port 4369. The manipulation leads to backdoor. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

Submit #415150 / VDB-278834

Submit #415149 / VDB-278833

Submit #415145 / VDB-278832

Submit #415144 / VDB-278831

Технология голографического управления светом помогла сохранить кубиты.

Как идеи прошлого помогают современным учёным исследовать космос.

因 Meta 多年时间里以纯文本存储愈 5 亿用户密码，爱尔兰数据保护委员会 (DPC) 对其处以 1.015 亿美元罚款。该问题是在 2019 年发现的，主要影响非美国用户，Facebook/Meta 此前披露受影响的主要是 Facebook Lite 服务。Facebook Lite 是 Meta 为网速较慢地区用户推出的服务。Meta 被指违反了欧盟数字保护法 GDPR，包括未通知 DPC 纯文本存储用户密码的可能个人数据泄露。Meta 的用户密码没有泄露到外界，但允许其工程师内部访问。

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing the passwords of hundreds of millions of users in plaintext, violating data protection regulations. […]

Meta, Spotify e altre grandi aziende tecnologiche hanno di recente criticato, con una lettera aperta