Aggregator

Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An

A vulnerability was found in Century Systems FutureNet NXR-G110, FutureNet NXR-G060 and FutureNet NXR-G050 up to firmware versions 21.15.7/later but 21.15.8. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component REST-API. The manipulation leads to incorrect provision of specified functionality. This vulnerability is known as CVE-2024-50357. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

我们在日常威胁狩猎中观察到该组织持续活动，其模仿官方网站制作钓鱼网页进行定向钓鱼，当受害者访问这类网站时会自动下恶意载荷，该载荷会进一步加载Sliver RAT进行窃密和远程控制行动

我们在日常威胁狩猎中观察到该组织持续活动，其模仿官方网站制作钓鱼网页进行定向钓鱼，当受害者访问这类网站时会自动下恶意载荷，该载荷会进一步加载Sliver RAT进行窃密和远程控制行动

Mozilla 宣布，Firefox 的 Linux 二进制版本打包格式从 .tar.bz2 切换到 .tar.xz。这一改变将减少下载的文件容量缩短解压缩时间。Firefox 的 .tar.xz 包平均比 .tar.bz2 包小 25%，意味着能更快完成下载，节省时间和带宽。此外 tar.xz 包解压所需时间只需要 .tar.bz2 的二分之一。Mozilla 解释说，选择.tar.xz 而不是 Zstandard (.zst)的原因是虽然 Zstandard 解压更快，但压缩率低于 .tar.xz，而且 Linux 发行版基本都支持 .tar.xz，兼容性更胜一筹。

A report from the charity the Cyber Helpline found that 98% of cyber enabled crimes result in no further action from the police or justice system

Детективы и утечки данных помогли компании победить в суде.

Роскомнадзор усиливает давление на платформу.

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack, leading to the declaration of a major incident. The cyberattack has affected the hospital’s IT systems, necessitating a shift from digital to paper-based processes in certain areas. A spokesperson for the hospital stated, “We expect the major incident that was declared […]

The post UK Healthcare Provider Hit by Cyberattack, Services Affected appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in msg Suisse AG EasyTax up to 2021/2022 1.3/2023 1.2. It has been classified as critical. Affected is an unknown function. The manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2024-9044. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in NEC UNIVERGE IX up to 10.8.27/10.9.14/10.10.21 and classified as problematic. This issue affects some unknown processing of the component Management Interface. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-11014. The attack may be initiated remotely. There is no exploit available.

为了更加真实、全面、客观地展现国内网络安全厂商的现状，发现其中真正有能力、可落地、引领创新的安全品牌，同时也帮 […]

A vulnerability has been found in Billion Electric M100, M150, M120N and M500 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-11981. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Trellix Enterprise Security Manager 11.6.12. This affects an unknown part of the component Snowservice API. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-11482. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in NEC UNIVERGE IX, UNIVERGE IX-R and IX-V. Affected by this issue is some unknown functionality of the component Management Interface. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-11013. The attack may be launched remotely. There is no exploit available.