Aggregator

A vulnerability was found in Linux Kernel up to 6.4. It has been declared as problematic. Affected by this vulnerability is the function cyttsp4_stop_wd_timer of the file drivers/input/touchscreen/cyttsp4_core.c. The manipulation leads to use after free. This vulnerability is known as CVE-2023-4134. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

美国环境保护署（EPA）标记了300多个饮用水系统的安全漏洞，这些系统为大约1.1亿人提供服务。

In 1989, the first ransomware attack was recorded. It was the foundational ground that laid the wave of digital invasions that the world has been witnessing with an attack occuring every two seconds. From the monetary aspect, a 30% increase in damage is seen every year. The amount is expected to cross $265 billion by […]

The post Ransomware Evolution: From Triple-Quadruple Extortion to RaaS appeared first on Kratikal Blogs.

The post Ransomware Evolution: From Triple-Quadruple Extortion to RaaS appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in Microsoft Windows 10 21H2/10 22H2/11 22H2/11 23H2/Server 2022. Affected is an unknown function of the component Update Stack. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-43530. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is some unknown functionality of the component Win32 Kernel Subsystem. The manipulation leads to time-of-check time-of-use. This vulnerability is handled as CVE-2024-49046. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Microsoft Visual Studio Code Remote. This affects an unknown part of the component SSH Extension. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-49049. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Real Time Logic SharkSSL up to 09.09.24. This affects an unknown part of the component TLS Client Key Exchange Message Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-48075. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Socifi Guest WIFI as SAAS WIFI Portal. It has been classified as critical. This affects an unknown part. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2021-27700. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in Socifi Guest WIFI as SAAS. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2021-27701. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file print.php. The manipulation of the argument map_id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-50971. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file printtool.php. The manipulation of the argument borrow_id leads to sql injection. This vulnerability was named CVE-2024-50972. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Online Furniture Shopping Project 1.0. This issue affects some unknown processing of the file orderview1.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-50970. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Microsoft TorchGeo. It has been classified as critical. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-49048. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Microsoft PC Manager. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to link following. This vulnerability is handled as CVE-2024-49051. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

随着敏捷方法的不断发展，持续集成和DevOps在某种程度上就变得越发重要。

作为庆祝《半条命 2》发布二十周年纪录片的一部分，Valve 开发者解释了为什么取消开发《半条命 2：第三章》。开发者已经为《第三章》设计了新武器冰冻枪，能冰冻敌人，建造冰墙作为临时掩体，或制造冰梯从悬崖上下来，他们还设想了新的敌人。开发者花了半年时间为《第三章》做准备工作，但随后 Valve 决定将所有开发者投入到多人游戏《Left 4 Dead》的开发上。Valve 过去十五年的开发重心都是类似《Left 4 Dead》或 CS2 之类的多人游戏上，这些持久运营的游戏能带来更持久的收入。当在 2008 年完成《Left 4 Dead》开发之后，Valve 决定投入两年时间开发《第三章》，但此时开发者发现难以重新启动《第三章》的开发，或者是疲劳感，或者是认为需要新引擎。很多人在《半条命》系列上工作了八年多时间，他们想要专注于其它工作。《半条命2》的《第一章》和《第二章》反响一般，很多开发者也对《第三章》感到畏惧和压力。最终的结果就是《半条命 2》系列留下了一个巨大的悬念至今没有解决。

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'dungnm from vcslab of Viettel Cyber Security' was reported to the affected vendor on: 2024-11-19, 93 days ago. The vendor is given until 2025-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-11-19, 93 days ago. The vendor is given until 2025-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Angela' was reported to the affected vendor on: 2024-11-19, 23 days ago. The vendor is given until 2025-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Jay Turla and Jerold Camacho of VicOne, Japz Divino of VikingCloud Inc.' was reported to the affected vendor on: 2024-11-19, 93 days ago. The vendor is given until 2025-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.