Aggregator

A vulnerability was found in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is traded as CVE-2024-41780. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WukongCRM 11.3.3 and classified as critical. This issue affects some unknown processing of the file /adminUser/updateImg. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-55078. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information exposure through error message. This vulnerability was named CVE-2024-5591. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security,

Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging th

A vulnerability was found in Microsoft Windows up to XP SP2. It has been classified as critical. Affected is an unknown function of the component LoadImage API. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2004-1049. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows up to XP SP2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component ANI File Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2004-1049. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows up to XP SP2. It has been rated as critical. Affected by this issue is some unknown functionality of the file winhlp32.exe of the component HLP File Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2004-1049. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.

根据 Statcounter 在 2024 年 12 月的统计数据，即使 Windows 10 距离停止支持只剩下 10 个月，它仍然占据了最大的市场份额，相对于微软大力推广的 Windows 11，其份额不减反增。在全球操作系统市场，Windows 10 的市场份额略增至 62.7%，Windows 11 从 11 月的 34.94% 略减至 34.12%。美国的变化更为明显：Windows 10 的市场份额增至 67%。Windows 10 将于 2025 年 10 月 14 日停止支持，如果想要继续获得支持，用户将需要向微软付费。

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome extensions, which can manipulate emails, track browsing, and even transform infected browsers into proxies for attackers, enabling them to browse the web with the victim’s credentials. It has been observed distributing various stealers through Chrome extensions since August 2024, including LummaC2, […]

The post LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

在控制流中，识别原版OpenVPN的召回率达到85.90%，识别具有混淆技术的OpenVPN的召回率达到72.67%。

原文标题：OpenVPN is Open to VPN Fingerprinting原文作者：Diwen Xue, Reethika Ramesh, Arham Jain, Michalis Kall

Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. [...]

​French tech giant Atos, which secures communications for the country's military and secret

August 27, 2024Authors: Rui Ataide, Hermes BojaxhiThe GuidePoint Research and Intelligence T

August 27, 2024 Authors: Rui Ataide, Hermes Bojaxhi The GuidePoint Research and Intelligence Team (GRIT) has been tracking a highly […]

The post Best of 2024: So-Phish-ticated Attacks appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component Compositing. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-12694. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in WP Job Portal Plugin up to 2.2.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper control of resource identifiers. This vulnerability is known as CVE-2024-12132. The attack can be launched remotely. There is no exploit available.