Aggregator

A vulnerability has been found in Novell Netware 4.1/4.11 and classified as critical. This vulnerability affects unknown code of the file CX.EXE/NLIST.EXE of the component NDS Handler. The manipulation leads to improper privilege management. This vulnerability was named CVE-1999-1020. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. [...]

Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. [...]

A vulnerability classified as critical has been found in WiTango Application Server 2000. This affects an unknown part of the component Cookie Handler. The manipulation of the argument Witango_UserReference leads to memory corruption. This vulnerability is uniquely identified as CVE-2003-0595. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Новое открытие приближает к разгадке тайн земного ядра.

A vulnerability was found in Oracle JDeveloper 10.1.3.5/11.1.1.7/11.1.2.4/12.1.2.0/12.1.3.0. It has been classified as problematic. Affected is an unknown function in the library lib/commons-beanutils-1.8.0.jar of the component ADF Controller. The manipulation of the argument this leads to improper input validation. This vulnerability is traded as CVE-2014-0114. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

THE ANONYMOUS BANGLADESH Defaced the Website of Tourist Police Mymensingh

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Linear Sort’ appeared first on Security Boulevard.

A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument searchdata leads to sql injection. The identification of this vulnerability is CVE-2023-46024. Access to the local network is required for this attack. Furthermore, there is an exploit available.

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Роскомнадзор готов применить дополнительные меры контроля.

Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.

Microsoft has added another Windows 11 24H2 upgrade block for systems with Dirac audio improvement software due to compatibility issues breaking sound output. [...]

Одна из главных проблем в экстренной ветеринарии решена.

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. [...]

Shodan Dorks for Advanced OSINT

An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.

The post CVE-2024-50379: A Critical Race Condition in Apache Tomcat appeared first on Security Boulevard.

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Recent research has uncovered a concerning vulnerability in modern Trusted Execution Environments (TEEs) that challenges fundamental assumptions about memory security. The BadRAM attack, detailed in a paper by De Meulemeester et al., demonstrates how a low-cost hardware manipulation can compromise the integrity guarantees of systems like AMD SEV-SNP (Secure Encrypted Virtualization and Secure Nested Paging). […]

The post BadRAM-ifications: A Low-Cost Attack on Trusted Execution Environments appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post BadRAM-ifications: A Low-Cost Attack on Trusted Execution Environments appeared first on Security Boulevard.