Aggregator

A vulnerability was found in Brian Cabunac Browser To Email Phone Message System 1.0 and classified as critical. This issue affects some unknown processing of the file verify-user.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2012-6626. The attack may be initiated remotely. Furthermore, there is an exploit available.

Slea AI是什么Slea AI是一款免费AI Logo生成器，利用人工智能轻松设计专业定制Logo，使用Slea.ai的免费AI Logo生成器，企业和个人可以在几分钟内将创意转化为精美的Log

Slea AI是什么Slea AI是一款免费AI Logo生成器，利用人工智能轻松设计专业定制Logo，使用Slea.ai的免费AI Logo生成器，企业和个人可以在几分钟内将创意转化为精美的L...

A vulnerability, which was classified as critical, has been found in Net-SNMP 5.1.4/5.2.4/5.4.1. This issue affects the function __snprint_value. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2008-2292. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. “Back in 2017, I was experimenting with extracting cookies from one browser and importing them into another. I realized this technique could effectively take over accounts, bypassing the need for credentials or even MFA authorization. This discovery led me to consider the possibility of executing such an attack remotely by proxying HTTP traffic between … More →

The post Evilginx: Open-source man-in-the-middle attack framework appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in Linux Kernel 2.6. Affected is the function cleanup_journal_tail. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2011-4132. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Cisco IOS XE up to 3.3.0s and classified as critical. Affected by this issue is some unknown functionality of the component RSVP Feature. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2012-1311. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Novell iManager up to 2.7.4 and classified as critical. Affected by this vulnerability is the function jclient Create Attribute of the component Web Interface. The manipulation of the argument EnteredAttrName leads to memory corruption. This vulnerability is known as CVE-2011-4188. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Microsoft Windows. Affected is an unknown function in the library ATMFD.dll of the component Adobe Type Manager Font Driver. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2017-0192. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2017-0189. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Win32k. The manipulation leads to information disclosure. This vulnerability is known as CVE-2017-0188. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as problematic. Affected by this issue is some unknown functionality of the component Win32k. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2017-0191. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Hyper-V up to 2016. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper input validation. This vulnerability is known as CVE-2017-0185. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Microsoft Hyper-V. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2017-0184. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Hyper-V. This issue affects some unknown processing of the component Network Switch. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2017-0186. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

error code: 521

近日，网络安全研究员Jeremiah Fowler透露，一家总部位于英国伦敦的人工智能开发平台Builder.ai，由于数据库配置错误，该平台遭遇了重大数据泄露事件，共计泄露数据超过300万条，1.29TB。 Builder.ai是Microsoft Power Platform的一部分，在全球多个地区设有分支机构，它允许企业通过自动执行流程和预测结果来提高业务绩效。Builder.ai可以与Microsoft Dataverse以及各种云数据源（如SharePoint、OneDrive或Azure）集成，方便用户访问和管理业务数据。Builder.ai提供了多种预生成的AI模型，用户可以直接使用这些模型，而无需从头开始构建，用户可以根据业务需求创建自定义的AI模型，用于分析文本、图像、结构化数据等。 根据Fowler在Website Planet的报告，泄露的敏感信息包括客户成本提案、保密协议、发票、税务文件、内部沟通记录、秘密访问密钥、客户个人信息以及电子邮件往来截图。数据库中约有337434个发票（18GB）和32,810个文件（4GB），标记为主服务协议。 “将文档和访问密钥以明文形式存储在同一数据库中，可能造成严重的安全漏洞。如果数据库意外曝光或被未经授权访问，恶意攻击者可能利用这些密钥访问链接系统、云存储或其他敏感资源，无需额外身份验证。” 数据库配置错误是常见问题，但最新报告显示，即使是ShinyHunters和Nemesis这样的黑客组织也在积极入侵暴露的数据库，这表明如果数据库落入恶意威胁攻击者手中，可能会危及公司声誉和用户隐私。 泄露的文档对黑客来说是宝贵的资源，可以用于社交工程攻击。例如制作含有恶意软件的虚假发票，以欺骗Builder.ai的客户。此外数据中的内部信息可能被用来对Builder.ai员工发起有针对性的钓鱼攻击，泄露的云存储访问密钥还可能允许未经授权访问其他位置存储的更敏感数据。 更糟糕的是，Builder.ai 应急响应流程十分迟缓。在研究人员通知后，Builder.ai花了整整一个月才保护数据库，并称“复杂的系统依赖”是延迟的原因。尽管解释不够明确，但这表明数据库曝光可能涉及第三方承包商。 研究人员强调，在构建系统时减少依赖性的重要性，以避免妨碍应急响应。为了最小化风险，Fowler建议组织应安全存储管理凭据和访问密钥，对其进行加密，存储在专用系统中，并与其他敏感数据隔离，以防止被利用。   转自FreeBuf，原文链接：https://www.freebuf.com/news/418279.html 封面来源于网络，如有侵权请联系删除

In this Help Net Security interview, Jason Passwaters, CEO of Intel 471, discusses how integrating cybercrime intelligence into an organization’s security strategy enables proactive threat management and how measuring intelligence efforts can help mitigate risks before they escalate. Passwaters also shares best practices for building a robust intelligence program, focusing on data sources, adversary identification, and collaboration between the private sector and law enforcement.

The post Maximizing the impact of cybercrime intelligence on business resilience appeared first on Help Net Security.