Aggregator

一种名为RustyAttr的新恶意软件针对macOS用户，通过滥用文件的扩展属性进行传播。

A vulnerability, which was classified as critical, was found in Python up to 3.10.4. This affects an unknown part of the component mailcap Module. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2015-20107. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in aio-libs aiohttp up to 3.9.3 and classified as problematic. This vulnerability affects unknown code of the component Index Pages. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-27306. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ISC DHCP up to 4.1-ESV-R16-P1/4.4.3. It has been declared as problematic. This vulnerability affects unknown code of the component fqdn Label Handler. The manipulation leads to resource consumption. This vulnerability was named CVE-2022-2929. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Когда вредоносный код приходит не через интернет, а в почтовом конверте.

因泄露用户个人信息，知名律所赔偿超5700万元

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2023-0962. The attack can be initiated remotely. Furthermore, there is an exploit available.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following Palo Alto Networks Expedition vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Last week, Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack […]

是漏洞还是设计选择？

速修复

1、摘要       这篇文章旨在介绍施耐德EcoStruxure Power […]

A report from the Five Eyes cybersecurity alliance, released by the CISA, highlights the majority of the most exploited vulnerabilities last year were initially zero-day flaws, a significant increase compared to 2022 when less than half of the top vulnerabilities were zero-day exploits.

The post Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted appeared first on Security Boulevard.

学SYN扫描实现，看这儿就够了

Поправки в закон ужесточают контроль и увеличивают штрафы.

Bitsight announced it has signed a definitive agreement to acquire Cybersixgill, a global cyber threat intelligence (CTI) data provider. Together, Bitsight and Cybersixgill will provide visibility into an organization’s external attack surface, supply chain, and the threats targeting it. As a result, security leaders can proactively identify, prioritize, and mitigate risk across their first and third party environments. With cyber attacks on the rise, CTI data is increasingly vital. However, applying threat intelligence findings to … More →

The post Bitsight acquires Cybersixgill to help organizations manage cyber exposure appeared first on Help Net Security.

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building web applications. The vulnerability allows unauthorized access by exploiting improperly validated inputs, potentially leading to privilege escalation, data tampering, or full system compromise. Given Laravel’s widespread adoption across industries, the discovery is a cause for concern, as it could leave […]

The post Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новая уязвимость ставит под удар инфраструктуру Citrix.