Aggregator

Il nuovo Regolamento Europeo 2024/2847 relativo a requisiti orizzontali (ovvero generali) di cyberse

Il Garante per la protezione dei dati personali ha inflitto una pesante sanzione di 5 milioni di eur

La disinformazione è ormai parte integrante delle campagne elettorali statunitensi. Dalle elezioni “

A Threat Actor is Allegedly Selling Access of Moldovan Football Federation

A vulnerability, which was classified as critical, has been found in Dag Apt Repository mod_gzip 1.3.26.1a. This issue affects the function mod_gzip_printf of the component GET Request Handler. The manipulation of the argument Accept-Encoding with the input gzip leads to memory corruption. The identification of this vulnerability is CVE-2003-0842. The attack may be initiated remotely. Furthermore, there is an exploit available.

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Eu

Bootkitty, the first Linux-targeting UEFI bootkit, bypassed kernel security in a proof-of-concept attack

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stands out as an essential resource for cybersecurity decision-makers to navigate this challenge. Unlike other independent assessments, MITRE ATT&CK Evaluations simulate real-world threats to […]

The post Why the MITRE ATT&CK Evaluation Is Essential for Security Leaders appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

•  從 SQL 到 RCE: 利用 SessionState 反序列化攻擊 ASP.NET 網站應用程式 | DEVCORE 戴夫寇爾From SQL Injection to Remote Cod

A vulnerability classified as critical was found in MariaDB. Affected by this vulnerability is an unknown functionality of the component Error Handling. The manipulation leads to improper access controls. This vulnerability is known as CVE-2016-5617. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A Threat Actor Claims to be Selling Scraped Facebook Data Containing 380 Million Records

Internet security giant Cloudflare announced that it lost 55% of all logs pushed to customers over a 3.5-hour period due to a bug in the log collection service on November 14, 2024. [...]

CyberDataPhantomsTeam Defaced the Website of Gramin Janshakti Seva Sansthan

ESET Research has discovered the first UEFI bootkit designed for Linux systems, named Bootkitty by its creators. Researchers believe this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in the wild. Bootkitty execution overview (Source: ESET) However, it is the first evidence that UEFI bootkits are no longer confined to Windows systems alone. The bootkit’s main goal is to disable the kernel’s signature verification feature … More →

The post ESET researchers analyze first UEFI bootkit for Linux systems appeared first on Help Net Security.

One of the priorities of the newly-approved Von der Leyen Commission II will be to strengthen the healthcare sector’s cyber resilience

ENTHER EROR SYSTEM Targeted the Website of Groovy Graveyard

A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023, was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,

Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded

A vulnerability classified as problematic was found in OpenVidReview 1.0. This vulnerability affects unknown code. The manipulation of the argument review name leads to cross site scripting. This vulnerability was named CVE-2024-46055. The attack can be initiated remotely. There is no exploit available.