Aggregator

A vulnerability was found in magzter India Today Telugu 3.02. It has been rated as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-7710. Access to the local network is required for this attack to succeed. There is no exploit available.

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla, Remcos, Snake, NjRat, and others, whose primarily spread through archive files containing VBE scripts, which are encoded VBS scripts.  Once executed, these scripts decode and execute the malicious payload, as this new distribution method makes detection and prevention more challenging due […]

The post HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Name: GITEX GLOBAL CTF (an GITEX GLOBAL CTF event.)
Date: Oct. 14, 2024, 7 a.m. — 15 Oct. 2024, 12:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Dubai World Trade Centre
Offical URL: https://gitex.ctf.ae/
Rating weight: 0.00
Event organizers: CTF.ae

Name: Breach Bytes 2.0 (an Breach Bytes 2.0 event.)
Date: Oct. 15, 2024, 2:30 a.m. — 15 Oct. 2024, 13:30 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: India, Mumbai
Offical URL: https://unstop.com/hackathons/breach-bytes-20-shri-vile-parle-kelavani-mandals-dwarkadas-j-sanghvi-college-of-engineering-djsce-mumbai-1171442
Rating weight: 0.00
Event organizers: The dangers of my heart

Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API.

The post Attacking APIs using JSON Injection appeared first on Dana Epp's Blog.

Researchers have discovered a new cyber-attack method called ConfusedPilot that can manipulate AI-generated responses by injecting malicious content into documents referenced by AI systems

微软在其最新的威胁情报报告中披露，威胁行为者正在滥用SharePoint、OneDrive和Dropbox等合法文件托管服务，以发起商业电子邮件入侵（BEC）攻击。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Learn how the right integrations close critical data gaps, helping you gain a more complete view of your organization’s insider risk Cyber Threat Intelligence Systems Human Resources Information Systems Data Loss Prevention Solutions Inventory Management Systems Access Control and Visitor Management Systems License Plate Recognition and Video Management Systems To fully understand and mitigate your…

The post Enhance Your Insider Risk Program with These 6 Systems Integrations appeared first on Ontic.

The post Enhance Your Insider Risk Program with These 6 Systems Integrations appeared first on Security Boulevard.

A vulnerability has been found in XOOPS 2.0.18 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument lang leads to path traversal. This vulnerability was named CVE-2008-0612. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in XOOPS 2.0.18 and classified as critical. This issue affects some unknown processing. The manipulation of the argument xoops_redirect leads to link following. The identification of this vulnerability is CVE-2008-0613. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in MicroTik RouterOS 3.2. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2008-0680. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Com Marketplace 1.1.1/1.1.1-pl1 on Joomla. Affected is an unknown function of the file index.php. The manipulation of the argument catid leads to sql injection. This vulnerability is traded as CVE-2008-0689. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Itechscripts iTechBids 3 Gold/5.0. It has been classified as critical. This affects an unknown part of the file bidhistory.php. The manipulation of the argument item_id leads to sql injection. This vulnerability is uniquely identified as CVE-2008-0692. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in WordPress St Newsletter Plugin. It has been classified as critical. Affected is an unknown function of the file shiftthis-preview.php. The manipulation of the argument newsletter leads to sql injection. This vulnerability is traded as CVE-2008-0683. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to target financial and social media apps, has continued to evolve and spread through various forks and variants.  Recent research has uncovered a new campaign, dubbed ErrorFather, which leverages the Cerberus source code and utilizes a multi-stage dropper mechanism to deploy the […]

The post ErrorFather Hackers Attacking & Control Android Device Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

之前的实验表明，智能手机中的陀螺仪和加速计等惯性测量单元（IMU），可以通过检测声波振动监听对话。这意味着，即使是一个没有开启麦克风权限的应用程序也可以通过 IMU 获得对话内容。为了不让攻击者获得准确信息，Google 将 Android 应用从 IMU 采样数据的频率限制在每秒 200 次，使攻击者无法准确获得对话内容。根据发表在预印本平台 arXiv 上的预印本，研究人员发现了一个漏洞——通过欺骗陀螺仪和运动传感器在时间上稍微偏移地进行测量，将应用实际采样率从每秒 200 次提高到 400 次，可以突破上述保护措施。利用这种方法，攻击者能修复获得的音频量大大提升。与每秒仅采集 200 个样本相比，他们的方法在 AI 转录时单词错误率降低了 83%。这表明，目前的安全保护措施“不足以防止复杂的窃听攻击发生”，应该对其重新评估。

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for