Aggregator

No Disruption to Service; Manual Operations Implemented
FBI and U.S. Department of Homeland Security officials are in Arkansas City, Kansas, to investigate a cyberattack at the city's water treatment facility. "There has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations," said the city manager.

Spy Agency Says Taiwanese Defense Ministry Is Trying to Disrupt Chinese Politics
China's Ministry of State Security has accused a Taiwanese government agency of waging cyberattacks on the mainland's digital assets across multiple organizations and running disinformation campaigns on social media to disrupt the political system and sow social discord.

Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics

Кибератаки ботнета нацелены на маршрутизаторы и IoT-устройства известных производителей.

A vulnerability, which was classified as critical, has been found in Foconet 1. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7005. The attack can only be done within the local network. There is no exploit available.

OneTrust announced new capabilities to help organizations enhance resilience across the financial sector and operationalize compliance with the EU’s Digital Operational Resilience Act (DORA). Building upon its comprehensive OneTrust Third-Party Management solution, OneTrust will now offer first-to-market capabilities such as automated DORA “register of information” report creation and out-of-the-box depth of screening and compliance data. “An organization’s supply chain can be one of its biggest assets for efficiency and innovation, as well as its most … More →

The post OneTrust helps organizations operationalize DORA compliance appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in Apache Answer up to 1.3.5. This issue affects some unknown processing of the component Gravatar. The manipulation leads to inadequate encryption strength. The identification of this vulnerability is CVE-2024-40761. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Livemesh Addons for Elementor Plugin up to 8.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-47303. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in CODESYS Control for BeagleBone SL, Control for emPC-A iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL, Control RTE SL, Control RTE, Control Win, Embedded Target Visu Toolkit, HMI, Remote Target Visu Toolkit, Runtime Toolkit and Virtual Control SL. This affects an unknown part of the component Web Server. The manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2024-8175. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in kstover Ninja Forms Plugin up to 3.8.15 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Referer leads to cross site scripting. This vulnerability is handled as CVE-2024-3866. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in revolutbusiness Revolut Gateway for WooCommerce Plugin up to 4.17.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /wc/v3/revolut of the component REST API Endpoint. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-8678. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in wclovers WCFM Plugin up to 6.7.12 on WordPress. It has been classified as problematic. Affected is the function WCFM_Customers_Manage_Controller::processing. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2024-8290. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in devitemsllc HT Mega Plugin up to 2.6.5 on WordPress and classified as problematic. This issue affects the function render of the file includes/widgets/htmega_accordion.php of the component Template Data Handler. The manipulation leads to exposure of sensitive information through metadata. The identification of this vulnerability is CVE-2024-8910. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Vonage VDV-23 115 3.2.11-0.9.40. This affects an unknown part of the file /goform/RgParentalBasic. The manipulation of the argument NewKeyword/NewDomain leads to cross site scripting (Stored). This vulnerability is uniquely identified as CVE-2017-16843. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Bitwarden announced further enhancements to inline autofill capabilities within the Bitwarden browser extension. Following the recent addition of autofill for cards and identities, this update ensures seamless autofill of passkeys, providing a faster, more secure, and convenient way for users to log into websites and applications that support passkey authentication. Bitwarden continues to see strong momentum in passkey adoption. Since announcing passkey management earlier this year, daily passkey creation peaked this summer at more than … More →

The post Bitwarden inline autofill empowers users to fill passkeys directly from their vault appeared first on Help Net Security.

error code: 521

追踪上半年全球的近百起勒索软件攻击事件，推出该报告以供参阅。

本期，一位非典型的安全圈创业者为我们分享其企业特色和创业心得。

A vulnerability classified as critical was found in PETA 1.1. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-7004. The attack needs to be approached within the local network. There is no exploit available.