Aggregator

Скептики уже предупреждают о возможных последствиях нововведения.

Исследователи представили климатический атлас Красной планеты.

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

Cloudera launched Cloudera Private Link Network to address critical data security and privacy concerns for highly regulated organizations with strict internal data security policies. Cloudera Private Link Network provides secure, private connectivity from customer workloads to the Cloudera Control Plane, ensuring that data does not traverse the public Internet. Organizations in industries such as finance, healthcare and pharmaceuticals often face privacy challenges because providers often cannot guarantee that traffic between tenants, even within the same … More →

The post Cloudera Private Link Network helps enterprises protect their data appeared first on Help Net Security.

A vulnerability, which was classified as very critical, was found in Oracle WebCenter Sites 12.2.1.3.0. Affected is an unknown function of the component Apache Commons FileUpload. The manipulation leads to deserialization. This vulnerability is traded as CVE-2016-6814. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

本文分析了Apache OFBiz的SSRF到RCE漏洞（CVE-2024-45507）。通过复现漏洞、研究其触发条件以及影响版本，详细讲解了如何利用该漏洞进行未授权的远程代码执行，并提供了修复补丁分析和防护规则。

作者：Sunflower@知道创宇404实验室 时间：2024年9月12日 1.前言 漏洞名称：Apache OFBiz SSRF to RCE 漏洞影响：version < 18.12.16 CVE：CVE-2024-45507 据互联网上相关OFBiz漏洞PoC陆续公开，趁热拿url调试分析一下漏洞原理。 2.环境搭建 复现版本：18.12.12 执行如下代码进行下载和启动OFBi...

美国人在 2023 年使用了逾 100 万亿 MB 无线数据，比前一年增长了 36%。代表 Verizon、AT&T 和 T-Mobile 等主要无线运营商的无线行业协会 CTIA 表示，2023 年使用的无线数据比 2022 年多了 26 万亿 MB，驱动这一增长的是 5G 设备使用量在不断增长。去年无线连接总数增至 5.58 亿，比 2022 年增长 6%。频谱使用需求激增，部分原因是无人机、自动驾驶汽车、太空任务和精准农业等的无线使用量增长。美国人用于打电话的时间从 2022 年的 2.5 万亿分钟略降至 2023 年的 2.4 万亿分钟，短信数量是与前一年基本持平的 2.1 万亿条。

A vulnerability classified as problematic was found in Quick Code Plugin up to 1.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7822. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Misiek Photo Album Plugin up to 1.4.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-7817. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in MM-Breaking News Plugin up to 0.7.9 on WordPress. This affects an unknown part. The manipulation of the argument REQUEST_URI leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8056. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Adicon Server Plugin up to 1.2 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-7766. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Misiek Photo Album Plugin up to 1.4.3 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-7818. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in MM-Breaking News Plugin up to 0.7.9 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-8054. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Visual Sound Plugin up to 1.03 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-7859. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in RafflePress Giveaways and Contests Plugin up to 1.12.15 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6887. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in CM Pop-Up Banners Plugin up to 1.7.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-5799. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Easy Property Listings Plugin up to 3.5.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-3163. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Seven critical-severity vulnerabilities addressed, including an extraordinary (but narrow) Windows Update flaw

SCATTERED SPIDER, a ransomware group, leverages cloud infrastructure and social engineering to target insurance and financial institutions by using stolen credentials, SIM swaps, and cloud-native tools to gain and maintain access, impersonating employees to deceive victims.  Their partnership with BlackCat has enhanced their ability to target Western organizations due to their understanding of Western business […]

The post New Developer-As-A-Service In Hacking Forums Empowering Phishing And Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.