Aggregator

A vulnerability was found in GNU Recutils 1.8. It has been rated as problematic. This issue affects the function rec_rset_get_props of the file rec-rset.c. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2019-11637. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in GNU Recutils 1.8.90 and classified as problematic. Affected by this issue is the function rec_db_destroy of the file rec-db.c. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2021-46019. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in GNU Recutils 1.8.90. It has been classified as critical. This affects the function rec_record_destroy of the file rec-record.c. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2021-46021. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in GNU Recutils 1.8.90. It has been declared as critical. This vulnerability affects the function rec_mset_elem_destroy of the file rec-mset.c. The manipulation leads to use after free. This vulnerability was named CVE-2021-46022. The attack needs to be initiated within the local network. There is no exploit available.

The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks

トレンドマイクロ株式会社から、Deep Security Agent（Windows版）およびDeep Security Notifier向けのアップデートが公開されました。

Как мошенники используют знаменитостей для продажи сомнительных препаратов.

A vulnerability classified as critical has been found in SuSE Linux up to 7.0. This affects an unknown part of the component fdmount. The manipulation of the argument mountpoint leads to memory corruption. This vulnerability is uniquely identified as CVE-2000-0438. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turning point—when quantum machines can break traditional encryption with ease—has the potential to upend cybersecurity, rendering current encryption ineffective.

The post Preparing for Q-day: The essential role of cloud migration in securing enterprise data appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in Pensacola Web Designs Xtremeasp Photogallery 2.0. This affects an unknown part of the file displaypic.asp. The manipulation of the argument sortorder leads to sql injection. This vulnerability is uniquely identified as CVE-2006-6937. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel and classified as critical. This issue affects some unknown processing of the file arch/x86/entry/entry_64.S of the component NMI Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2015-3290. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ISC DHCP 2.0/3.0/3.1/4.0/4.1.0. It has been rated as very critical. Affected by this issue is the function script_write_params of the file client/dhclient.c of the component DHCP Server. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2009-0692. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions

A vulnerability has been found in Red Hat Linux 6.0/6.1/6.2 and classified as critical. This vulnerability affects unknown code of the file pam_console of the component PAM Module. The manipulation leads to improper privilege management. This vulnerability was named CVE-2000-0378. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Police records show ShotSpotter is wildly inaccurate in New York City

In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and disrupt cybercrime, while providing support to law enforcement and offering capacity-building services globally. Could you provide an overview of the Shadowserver Foundation’s mission and approach to securing the internet? The Shadowserver Foundation’s mission is to make the … More →

The post How the Shadowserver Foundation helps network defenders with free intelligence feeds appeared first on Help Net Security.

Tips for Finding and Getting Security Jobs in a Global Market
Organizations ranging from multinational corporations to government agencies and international nonprofits require cybersecurity expertise. These roles often include exciting opportunities for travel or relocation, making them an attractive path for professionals ready to take their careers global.

Hackers can potentially use AI to manipulate data that's generated and shared by some health apps, diminishing the data's accuracy and integrity, said Sina Yazdanmehr and Lucian Ciobotaru of cybersecurity firm Aplite, describing a recent research project involving Google Health Connect.

Crimenetwork Served as a Platform for Illegal Goods and Services
German police arrested the suspected administrator of the largest German-speaking underground markets for illegal goods and services. Crimenetwork, online since 2012, was used to sell stolen data, drugs and forged documents. The platform had more than 100,000 users and 100 sellers.

Gravy Analytics and Mobilewalla Ordered to Implement Stronger Consent Measures
Two data brokers pledged to stop using geolocation data gleaned from smartphones to sell services that provide a window to the intimate lives of Americans. "Surreptitious surveillance by data brokers undermines our civil liberties," an U.S. Federal Trade Commission official said.