Aggregator

A vulnerability classified as problematic has been found in Apple tvOS up to 9.2.1. Affected is an unknown function of the component Kernel. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2016-1865. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.102/6.6.43/6.10.2. Affected by this vulnerability is the function sync_filesystem of the file fs/f2fs/inode.c of the component f2fs. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-42297. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in infolinks Ad Wrap Plugin up to 1.0.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-8044. The attack may be launched remotely. There is no exploit available.

For the latest discoveries in cyber research for the week of 30th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American money transfer service MoneyGram has experienced a cyber-attack which led to significant network outages that disrupted its services globally. The attack has affected money transactions, particularly in the Caribbean, Jamaica and […]

The post 30th September – Threat Intelligence Report appeared first on Check Point Research.

Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...]

Raspberry Pi делает компьютерное зрение доступным для всех.

A Deloitte and NASCIO survey found that a third of state CISOs do not have a dedicated cybersecurity budget

WSJ: спецслужбы США успешно используют мессенджер в расследованиях.

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.

Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’ on-premises environment to cloud environments. They stole credentials and used them to gain control of the network, eventually creating persistent backdoor access to the cloud environment and deploying ransomware to the on-premises,” Microsoft shared last week. Common tactics and … More →

The post Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts appeared first on Help Net Security.

Community Clinic of Maui experienced a data breach impacting over 120,000 people following a LockBit ransomware attack. In May, the Community Clinic of Maui experienced a major IT outage that impacted thousands of patients following a cyber attack. In June, the Lockbit ransomware gang took credit for the attack. The Community Clinic of Maui, also known as Mālama […]

A vulnerability was found in Linux Kernel up to 6.10.2. It has been rated as critical. This issue affects the function enable_phantom_plane of the component AMD Display. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-43827. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.102/6.6.43/6.10.2. Affected is the function drm_cvt_mode. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-43829. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in alfio-event alf.io up to 2.0-M4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Content Security Policy Handler. The manipulation leads to escaping of output. This vulnerability is handled as CVE-2024-45299. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vonets VAP11G-300 3.3.23.6.9 and classified as critical. Affected by this issue is the function SystemCommand. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-46329. Access to the local network is required for this attack to succeed. There is no exploit available.