Aggregator

A vulnerability was found in Docker Engine up to 1.8.2. It has been classified as critical. This affects an unknown part of the component Image Layer Handler. The manipulation leads to improper input validation (Cache Poisoning). This vulnerability is uniquely identified as CVE-2014-8178. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Docker Engine up to 1.8.2. It has been declared as critical. This vulnerability affects unknown code of the component Manifest Handler. The manipulation leads to improper input validation. This vulnerability was named CVE-2014-8179. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in BMC Track-It! 11.3.0. This issue affects some unknown processing of the component Password Reset. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2014-8270. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Calender Base up to 1.5.3 and classified as critical. Affected by this issue is some unknown functionality of the component PCRE Library. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2014-8325. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Smarty up to 2.6.8. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation of the argument language=php> leads to code injection. This vulnerability is handled as CVE-2014-8350. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

从勒索软件到APT：揭开制造业面临的8大网络安全威胁

劫持其他APT组织基础设施实施攻击，APT组织新战术曝光；罗克韦尔自动化软件曝多个严重漏洞，可被利用执行远程代码 | 牛览

В этот день более полувека назад было представлено устройство, без которого невозможно представить современный компьютер. История, эволюция и интересные факты о мыши, которая изменила всё.

Hornetsecurity unveiled an upgraded version of its 365 Total Backup solution, introducing self-service recovery for end users while also offering full backup and recovery support for Microsoft OneNote. This new functionality is also available with 365 Total Protection Plans 3 and 4. Enabling end users to independently recover their own data Hornetsecurity has added a new self-service functionality to its backup solution. This allows end users to independently recover their mailbox, OneDrive and OneNote data … More →

The post Hornetsecurity boosts 365 Total Backup with self-service recovery for end users appeared first on Help Net Security.

A vulnerability classified as very critical was found in Adobe Flash Player 11.2.202.491/18.0.0.209. Affected by this vulnerability is an unknown functionality. The manipulation leads to type confusion. This vulnerability is known as CVE-2015-5558. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Composr 10.0.36. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component XML Script Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2021-30150. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Simple Task Managing System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username/password leads to information disclosure. This vulnerability is known as CVE-2022-40032. The attack needs to be done within the local network. Furthermore, there is an exploit available.

Google 延长了 Pixel 6 和 7 的软件更新两年。Google 去年宣布为 Pixel 8 和 9 系列智能手机提供七年的软件更新和安全更新，对于之前发布的 Pixel 6 和 7 则是三年的软件更新和五年的安全更新。现在 Google 将软件更新和安全更新时间保持了一致，都延长到五年更新。同时获得延长的还有折叠手机 Pixel Fold。

Amazon Web Services (AWS) is reporting that since last April more than 750,000 root user accounts on its AWS Organizations console for managing access to cloud services have enabled multifactor authentication (MFA).

The post AWS Makes Significant Progress on Driving MFA Adoption appeared first on Security Boulevard.

Nearly 50% of observed traffic is looking for accidentally exposed data.

Nearly 50% of observed traffic is looking for accidentally exposed data.

Nearly 50% of observed traffic is looking for accidentally exposed data.

This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to

逆向工程包教包会，上古游戏点石成金