Aggregator

A vulnerability has been found in FydeOS for PC, FydeOS for VMware, FydeOS for You and OpenFyde and classified as very critical. This vulnerability affects unknown code. The manipulation leads to empty password in configuration file. This vulnerability was named CVE-2024-25825. Access to the local network is required for this attack. There is no exploit available.

国家安全局（NSA）与澳大利亚、加拿大、德国、日本、荷兰、新西兰、韩国和英国的网络安全机构合作，发布了一份指南，概述了六个原则，这些原则可以用来指导创建和维护一个安全的关键基础设施操作技术（OT）环境。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

For You Plague: TikTok’s in trouble once more—this time, some states complain it’s breaking laws by harvesting children’s data and keeping them addicted.

The post Digital Crack for Kids: TikTok Sued Again by 14 AGs appeared first on Security Boulevard.

A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). [...]

根据国家信息安全漏洞库（CNNVD）统计，本周（2024年9月23日至2024年9月29日）安全漏洞情况如下。

A vulnerability, which was classified as critical, was found in Kamailio up to 4.3.4. This affects the function encode_msg of the file encode_msg.c of the component SEAS Module. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-2385. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera

On October 10, 2024, Microsoft released its latest round of security updates as part of the monthly Patch Tuesday. This month’s update addresses a total of 118 vulnerabilities, including five zero-days, two of which are actively being exploited. These vulnerabilities impact various Microsoft products, making it crucial for organizations to apply patches promptly and review any mitigations or workarounds.  Let’s ... Read More

The post Microsoft’s October 2024 Patch Tuesday: Addressing 5 Zero-Days and 118 Vulnerabilities appeared first on Nuspire.

The post Microsoft’s October 2024 Patch Tuesday: Addressing 5 Zero-Days and 118 Vulnerabilities appeared first on Security Boulevard.

New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X

A vulnerability was found in OkHttp up to 2.7.3/3.1.1. It has been declared as critical. This vulnerability affects unknown code of the component Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2016-2402. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks. [...]

A vulnerability, which was classified as critical, was found in Progress Telerik Reporting up to 18.2.24.806. This affects an unknown part. The manipulation leads to use of externally-controlled input to select classes or code. This vulnerability is uniquely identified as CVE-2024-8048. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Progress Telerik Reporting up to 18.2.24.806. Affected by this issue is some unknown functionality of the component Hyperlink Handler. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-7840. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

At Seceon’s 2024 Innovation and Certification Days, we had the privilege of hearing from one of our valued partners, Keith Johnson, Executive Vice President of Obviam. Keith shared his journey in cybersecurity and explained why Seceon’s aiXDR platform is the solution of choice for his MSP and MSSP clients. His insights were not only valuable

The post Partner Spotlight: Why Obviam Chose Seceon for AI-Driven XDR appeared first on Seceon Inc.

The post Partner Spotlight: Why Obviam Chose Seceon for AI-Driven XDR appeared first on Security Boulevard.

A vulnerability classified as problematic was found in Progress Telerik Report Server up to 10.2.24.709. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password requirements. This vulnerability is known as CVE-2024-7293. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Progress Telerik Report Server up to 10.2.24.709. Affected is an unknown function. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is traded as CVE-2024-7292. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Telerik Reporting up to 18.2.24.806. It has been rated as very critical. This issue affects some unknown processing. The manipulation leads to use of externally-controlled input to select classes or code. The identification of this vulnerability is CVE-2024-8014. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Telerik Report Server up to 10.2.24.709. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP Handler. The manipulation leads to resource consumption. This vulnerability was named CVE-2024-7294. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.