Aggregator

A vulnerability was found in Oracle Communications Network Analytics Data Director 23.1.0. It has been classified as critical. This affects an unknown part of the component Install/Upgrade. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2022-42898. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Oracle MySQL Cluster up to 8.0.34/8.1.0. This vulnerability affects unknown code of the component Cluster. The manipulation leads to integer overflow. This vulnerability was named CVE-2022-42898. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Squid Web Proxy up to 4.17/5.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Internal URL Handler. The manipulation leads to exposure of sensitive information due to incompatible policies. This vulnerability is known as CVE-2022-41317. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Enlightenment up to 0.25.3. It has been declared as critical. This vulnerability affects unknown code of the component enlightenment_sys. The manipulation leads to path traversal: '/../filedir'. This vulnerability was named CVE-2022-37706. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. [...]

本期周报简介：1、在甲方安全中，如何实施主动防御措施以提升整体安全防护水平？ 2、发现生产服务器配置代理上网时，应采取哪些步骤进行处理，以确保数据安全与合规性？ 3、面对项目组或运维方对安全整改的抵触情绪，哪些有效策略可以帮助推进整改工作？

本期周报简介：1、在甲方安全中，如何实施主动防御措施以提升整体安全防护水平？ 2、发现生产服务器配置代理上网时，应采取哪些步骤进行处理，以确保数据安全与合规性？ 3、面对项目组或运维方对安全整改的抵触情绪，哪些有效策略可以帮助推进整改工作？

Educational institutions worldwide are facing an unprecedented wave of sophisticated cyber attacks, with the education sector ranked as the third-most targeted industry in Q2 2024, according to Microsoft. This alarming trend reveals a strategic shift in threat actors’ focus, as they increasingly exploit the unique vulnerabilities inherent to academic environments. Between April and September 2024, […]

The post Schools and Colleges Emerges as a Prime Target for Threat Actors appeared first on Cyber Security News.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A sophisticated backdoor malware known as BPFDoor has been actively targeting organizations across Asia, the Middle East, and Africa, leveraging advanced stealth techniques to evade detection. This Linux backdoor utilizes Berkeley Packet Filtering (BPF) technology to monitor network traffic at the kernel level, allowing it to remain hidden from conventional security scans while maintaining persistent […]

The post Stealthy Rootkit-Like Malware Known as BPFDoor Using Reverse Shell to Dig Deeper into Compromised Networks appeared first on Cyber Security News.

Threat Attack Daily - 14th of April 2025

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Unified Data Repository 23.3.1. Affected by this issue is some unknown functionality of the component Signaling. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-44487. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Oracle Communications Cloud Native Core Unified Data Repository 23.3.1. This affects an unknown part of the component Signaling. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-44487. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Communications Network Analytics Data Director 23.2.0.0.2/23.3.0.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component General. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-44487. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Communications Network Analytics Data Director 23.2.0.0.2/23.3.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Install/Upgrade. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-44487. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Oracle Communications Network Analytics Data Director 23.2.0.0.2/23.3.0.0.0. This affects an unknown part of the component Third Party. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-44487. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Coherence 12.2.1.4.0/14.1.1.0.0. It has been rated as critical. This issue affects some unknown processing of the component Third Party. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-44487. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Oracle Coherence 12.2.1.4.0/14.1.1.0.0. Affected is an unknown function of the component Third Party. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-44487. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Managed File Transfer 12.2.1.4.0. Affected by this issue is some unknown functionality of the component Runtime Server. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-44487. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Oracle GraalVM for JDK Oracle GraalVM for JDK 21.0.1. Affected by this issue is some unknown functionality of the component Node. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-44487. The attack may be launched remotely. Furthermore, there is an exploit available.