Aggregator

Сети компании стали очередным вектором атаки на ключевые IT-системы.

暴雪最近通过其 Battle.net 商店分别以 10 美元和 15 美元出售经典即时战略游戏《魔兽争霸》和《魔兽争霸 II》的重制版，它要求 GOG（Good Old Games）商店从 12 月 13 起起下架这两款有 30 年历史的游戏。此前 GOG 宣布了经典游戏的保存计划，而《魔兽争霸》系列游戏列入了保存计划中。然而现在游戏都要下架了，它如何保存？GOG 表示玩家在购买游戏之后可以继续使用，或使用离线安装包安装，它将会继续维护和更新游戏，确保其与现在和未来的操作系统兼容。

A vulnerability has been found in Oracle Primavera Gateway up to 16.2.11/17.12.7/18.8.9/19.12.4 and classified as critical. This vulnerability affects unknown code of the component Admin. The manipulation leads to cross site scripting. This vulnerability was named CVE-2020-11022. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

How AI will Transform Product Management

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million […]

Airports already are ramping up for the holiday travel season—or if they aren’t, they should be. CNN reported that summer air travel in the United States reached new record-setting levels in 2024, particularly around Memorial Day, Fourth of July, and Labor Day holidays. This pattern is anticipated to hold true for the...

Last Week in Security (LWiS) - 2024-12-02

A vulnerability was found in Red Hat Linux 6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Single User Mode. The manipulation with the input ^C leads to improper access controls. This vulnerability is known as CVE-2000-0219. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The EU in the middle of MiCA tunnel: any light?

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack

DragonBridge: Streaming IQ Data Over 802.11ah HaLow via Two Relay Drones

A vulnerability classified as problematic has been found in IdeaPush Plugin up to 8.71 on WordPress. Affected is an unknown function of the component Board Term Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-11844. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Charity Addon for Elementor Plugin up to 1.3.2 on WordPress. Affected is an unknown function of the component Post Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-12062. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in BP Profile Shortcodes Extra Plugin up to 2.6.0 on WordPress. It has been declared as critical. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation of the argument tab leads to sql injection. This vulnerability was named CVE-2024-11732. The attack can be initiated remotely. There is no exploit available.

Исследователи создали чип для глубокого обучения на основе света.

Новый доклад показывает, почему китайские технологии заставляют США переживать за нацбезопасность.

Access Control in Paxton Net2 software

A vulnerability was found in Samsung Smart Touch Call 1.0.0.5. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of implicit intent for sensitive communication. This vulnerability is uniquely identified as CVE-2024-49417. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been declared as critical. This vulnerability affects unknown code in the library libsaped.so. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-49415. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.