Aggregator

ЕС ужесточает санкции против военных и мошенников в Мьянме.

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024

A vulnerability was found in Cisco Data Center Network Manager 12.1.2e/12.1.2p/12.1.3b. It has been rated as critical. This issue affects some unknown processing of the component Web-based Management Interface/REST API Endpoint. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-20536. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN's Q3 2024 report on malware trends, complete with real-world examples. Disabling of Windows Event Logging

CIISec report reveals the average wage for UK security professionals is now over £87,000

A vulnerability classified as critical was found in Zoho ManageEngine EndPoint Central up to 11.3.2416.21/11.3.2428.9. Affected by this vulnerability is an unknown functionality of the component Agent. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-10203. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in HCL BigFix Compliance 2.0.11. Affected is an unknown function. The manipulation leads to information exposure through error message. This vulnerability is traded as CVE-2024-30141. It is possible to launch the attack remotely. There is no exploit available.

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRh(ight)adamantys. Targeted regions include the United States, Europe, East Asia, and South America. "The campaign

Новое открытие о сверхтвердом состоянии материи.

A vulnerability was found in HCL BigFix Compliance 2.0.11. It has been rated as problematic. This issue affects some unknown processing of the component Session Cookie Handler. The manipulation leads to sensitive cookie without secure attribute. The identification of this vulnerability is CVE-2024-30142. The attack may be initiated remotely. There is no exploit available.

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be held in 2025 in Osaka, Japan," ESET said in its APT Activity Report for the period April to

A vulnerability was found in HCL BigFix Compliance 2.0.11. It has been declared as problematic. This vulnerability affects unknown code of the component Web Page Cache Handler. The manipulation leads to open redirect. This vulnerability was named CVE-2024-30140. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Peoplesoft And Jdedwards Product Suite up to 8.98.4.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2011-0836. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

哥白尼气候变化服务机构(CCCS)宣布，2024 年几乎肯定是平均气温比工业化前水平高出 1.5 摄氏度的第一年，这将是全球气温记录的一个新里程碑。而随着特朗普的当选，美国的减排努力将会逆转，他已经表示将会再次退出《巴黎气候协定》。根据 CCCS 的数据，2024 年 10 月的平均气温比工业化前水平高出 1.65 °C。2024 年 10 月是第二温暖的 10 月，仅次于 2023 年 10 月，过去 16 个月有 15 个月比工业化前水平高出 1.5 °C。过去 12 个月（2023 年 11 月 - 2024 年 10 月）的全球平均气温比 1991-2020 年高 0.74°C，比 1850-1900 年工业化前平均气温高 1.62°C。2024 年前 10 个月全球平均气温比 2023 年同期高 0.16°C，几乎可以肯定 2024 年将成为有记录以来最热的一年。

Американская технология подрывает безопасность интернета в РФ.

Editor’s note: The current article is authored by RacWatchin8872, who is a threat intelligence analyst. You can find him on X.  This article covers two distinct methods used to infect systems with AsyncRAT via open directories. These techniques show how attackers are constantly adapting, finding new ways to use publicly accessible files to broaden AsyncRAT’s […]

The post AsyncRAT’s Infection Tactics <br>via Open Directories: Technical Analysis  appeared first on ANY.RUN's Cybersecurity Blog.

Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this flaw, though vulnerable access points can be protected by switching off URWB mode, the company shared in the advisory. The good news is that the vulnerability was discovered by a Cisco employee during internal security testing … More →

The post Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) appeared first on Help Net Security.

A vulnerability classified as problematic was found in Apple Mac OS X up to 10.11.4. This vulnerability affects unknown code of the component Screen Lock. The manipulation leads to improper authentication. This vulnerability was named CVE-2016-1851. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Агентство опровергает заявления о массовых фальсификациях на выборах.

A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. This vulnerability is traded as CVE-2024-10927. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.