Aggregator

A vulnerability, which was classified as critical, has been found in Oracle Secure Global Desktop 5.4/5.5. This issue affects some unknown processing of the component Web Services. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2019-0227. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Как дипфейки устроили санкциям выходной.

A hacker collective known as R00TK1T claims to have breached TikTok’s user database, allegedly leaking login information for over 900,000 users. The group, which has previously made waves in the hacking community with bold claims—often with little substantiated evidence—has taken to underground forums to boast about their latest exploit. Alleged Account Deletions and Data Leak […]

The post Hackers Claim TikTok Breach, Leak Over 900,000 Usernames and Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As cloud environments become more complex, ensuring robust security for your cloud infrastructure is no longer an option, but a necessity. 

The post Cloud Infrastructure Security: Threats, Challenges & How to Protect Your Data  appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in POS Codekop 2.0. This affects an unknown part of the file print.php. The manipulation of the argument nm_member leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-36346. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in PHPGurukul Student Study Center Management System 1.0. Affected is an unknown function of the component Admin Profile Page. The manipulation of the argument Admin Name leads to cross site scripting. This vulnerability is traded as CVE-2023-33580. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in actionpack Gem on Ruby and classified as problematic. This issue affects the function redirect_to. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-28362. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft says it will soon fix a known issue causing CPU spikes when typing messages in recent versions of its classic Outlook email client. [...]

A vulnerability, which was classified as problematic, has been found in LibTIFF. Affected by this issue is some unknown functionality of the file tif_dir.c. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2023-2908. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in LibTIFF 4.5.0. It has been rated as critical. Affected by this issue is the function rotateImage of the file /tools/tiffcrop.c. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2023-25433. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in LibTIFF 4.5.0. This issue affects the function uv_encode. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2023-26966. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Western Digital My Cloud OS up to 5.26.202 and classified as critical. This issue affects some unknown processing of the component CGI File Handler. The manipulation leads to command injection. The identification of this vulnerability is CVE-2023-22815. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Detectify announced new Asset Classification and Scan Recommendations capabilities. This innovation directly addresses a critical challenge for security teams: knowing what else, beyond their core applications, requires in-depth testing. The new features automatically classify discovered web assets based on attacker reconnaissance techniques and deliver recommendations on where to run DAST, helping organizations bridge the gap between broad and deep vulnerability testing across their entire attack surface. Security teams know they must test their main applications, … More →

The post Detectify Asset Classification and Scan Recommendations improves vulnerability testing appeared first on Help Net Security.

俄罗斯安全公司 Dr.Web 披露了针对前线军人的新 Android 间谍软件。该间谍软件会窃取感染设备的联系人信息并跟踪他们的位置。间谍软件隐藏在修改版的地图软件 Alpine Quest 中，该软件的用户包括了在乌克兰前线作战的俄罗斯军人。软件可以显示各种地形图，可以离线或在线使用。植入了间谍软件的 Alpine Quest 通过 Telegram 频道和非官方的 Android 应用库推广。Dr.Web 的研究人员将其恶意模块命名为 Android.Spy.1292.origin 中，它窃取的信息包括：手机号码及其账户、通讯录、当前日期、当前地理位置、存储文件相关信息——如果存在攻击者感兴趣的文件他们会进行窃取。

The Federal Bureau of Investigation (FBI), in partnership with the U.S. Department of State, has announced a reward of up to $10 million for information leading to the identification or location of individuals connected to the recent “Salt Typhoon” cyberattacks. The campaign, which is believed to be linked to actors affiliated with the People’s Republic […]

The post FBI Offers $10 Million Reward for information on Salt Typhoon Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.