Aggregator

Convoy CMS SQL injection 24.5

10 Tips to Enhance Data Center Sustainability with DCIM Software

Обсуждается новая инициатива Минцифры.

The Global Research and Analysis Team (GReAT) has announced the release of hrtng, a cutting-edge plugin for IDA Pro, one of the most prominent tools for reverse engineering. Designed specifically to enhance the efficiency of malware analysis, hrtng provides analysts with powerful features that automate and simplify the otherwise intricate tasks involved in dissecting malicious binaries. The […]

The post Researchers Released hrtng IDA Pro Plugin for Malware Analyst to Make Reverse Engineering Easy appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Patchwork组织近期针对国内的攻击活动分析；APT35 对多个国家的航空航天和半导体行业发动攻击；APT-C-53（Gamaredon）组织广泛攻击活动分析

奇安信威胁情报中心发现由Ultralytics团队开发的YOLO11模型框架项目ultralytics 遭恶意投毒，用户在使用pypi安装最新的v8.3.41版本时，机器将被植入挖矿木马，我们建议使用了该项目的用户尽快进行自查。

U.S. org suffered four month intrusion by Chinese hackers

A vulnerability has been found in BrowserCRM up to 4.604.01 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument contact_id leads to sql injection. This vulnerability is known as CVE-2011-5213. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Linux Kernel 2.6.16.9. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2009-3621. An attack has to be approached locally. Furthermore, there is an exploit available.

It seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it has been a busy year with continued Windows 11 releases, the new Server 2025 release, and all the patches we’ve needed to deal with on Patch Tuesdays (and in between). Looking back to my blog from November of 2023, I had a single line referencing Microsoft’s Secure Future Initiative and just mentioned it in passing … More →

The post December 2024 Patch Tuesday forecast: The secure future initiative impact appeared first on Help Net Security.

AutomationDirectが提供するC-More EA9 Programming Softwareには、複数の脆弱性が存在します。

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici of Trend Micro Research' was reported to the affected vendor on: 2024-12-06, 84 days ago. The vendor is given until 2025-04-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kevin Salapatek of Trend Micro Security Research' was reported to the affected vendor on: 2024-12-06, 44 days ago. The vendor is given until 2025-04-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-12-06, 44 days ago. The vendor is given until 2025-04-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici of Trend Micro Research' was reported to the affected vendor on: 2024-12-06, 84 days ago. The vendor is given until 2025-04-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-12-06, 44 days ago. The vendor is given until 2025-04-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici of Trend Micro Research' was reported to the affected vendor on: 2024-12-06, 84 days ago. The vendor is given until 2025-04-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-12-06, 44 days ago. The vendor is given until 2025-04-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

The holiday season is a time of joy and relaxation, but it often brings an influx of corporate emails ranging from leave approvals to scheduling paid time off. The Cofense Phishing Defense Center (PDC) has recently intercepted a malicious phishing email masquerading as a legitimate end-of-year leave approval notice. Disguised as a formal HR communication, this email leverages the urgency and importance of year-end leave scheduling in order to trick the recipients into clicking a malicious link. This enables the threat actor to steal sensitive information via FormBook malware. 

The post End-of-Year PTO: Days Off and Data Exfiltration with Formbook appeared first on Security Boulevard.

The holiday season is a time of joy and relaxation, but it often brings an influx of corporate emails ranging from leave approvals to scheduling paid time off. The Cofense Phishing Defense Center (PDC) has recently intercepted a malicious phishing email masquerading as a legitimate end-of-year leave approval notice. Disguised as a formal HR communication, this email leverages the urgency and importance of year-end leave scheduling in order to trick the recipients into clicking a malicious link. This enables the threat actor to steal sensitive information via FormBook malware. 

The post End-of-Year PTO: Days Off and Data Exfiltration with Formbook appeared first on Security Boulevard.