Aggregator

A vulnerability, which was classified as critical, was found in Alice Gate2 Plus Wi-Fi. Affected is an unknown function of the file cp06_wifi_m_nocifr.cgi. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2008-7165. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

北上广深高频骑手月入过万。

1688 发布贴牌业务品牌「1688 源选」；理想汽车宣布年底限时 0 息政策；Uber 进军数据标注

存在较大网络数据泄露的安全风险

The HackerNoon Newsletter: The Unexpected Weight of Immortality (11/29/2024)

工信部提醒防范Remcos RAT恶意软件新变种，星巴克供应链商遭攻击……

Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say
Cybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first uploaded to VirusTotal this month, appears to be more "proof of concept" than full-fledged threat, they said.

European Commission Opens Infringement Procedures Against 23 EU Member States
The European Commission on Thursday opened infringement procedures against 23 EU member states that missed a mid-October deadline for implementing the NIS2 Directive, as well 24 EU members that missed a Critical Entities Resilience Directive deadline.

Researchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of Ways
Researchers identified 20 critical vulnerabilities in a type of Advantech industrial-grade wireless access points that is widely deployed across critical infrastructure environments. Attackers could exploit the flaws to remotely executive code and create denials of service.

A vulnerability, which was classified as problematic, was found in Clementine 1.3.1. This affects an unknown part of the component DLL File Handler. The manipulation leads to uncontrolled search path. This vulnerability is uniquely identified as CVE-2024-50986. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in DedeBIZ 6.3.0. This issue affects some unknown processing of the file /admin/friendlink_edit of the component File Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-52769. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Foxit PDF Reader and classified as critical. Affected by this issue is some unknown functionality of the component Update Service. The manipulation leads to permission issues. This vulnerability is handled as CVE-2024-9244. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Foxit PDF Reader. It has been classified as critical. This affects an unknown part of the component Update Service. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-9245. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

一个平平无奇的登录接口竟能引发账号密码泄露。。。

Announcing the Reverse Engineering Task Force

[Report] Exercising workers’ rights in algorithmic management systems

The coverage of the report and the immediate aftermath

Mobile reverse engineering to empower the gig economy workers and labor unions

Using reverse engineering and GDPR to support workers in the gig economy