Aggregator

A vulnerability was found in Oracle Retail Sales Audit 14.1. It has been rated as very critical. This issue affects some unknown processing of the component Transaction Maintenance. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2019-16943. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Oracle Siebel Engineering Installer and Deployment up to 2.20.5. Affected by this issue is some unknown functionality of the component Siebel Approval Manager. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2019-16943. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Siebel UI Framework up to 20.5 and classified as very critical. This vulnerability affects unknown code of the component EAI. The manipulation leads to improper input validation. This vulnerability was named CVE-2019-16943. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Communications Billing and Revenue Management 7.5.0.23.0/12.0.0.3.0 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component Business Operation Center/Billing Care. The manipulation leads to improper input validation. This vulnerability is known as CVE-2019-16943. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Retail Merchandising System 15.0.3/16.0.2/16.0.3. It has been declared as very critical. This vulnerability affects unknown code of the component Inventory Movement. The manipulation leads to improper input validation. This vulnerability was named CVE-2019-16943. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Database 12.2.0.1/18c/19c. It has been classified as problematic. This affects an unknown part of the component TFA. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2019-16943. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

在这个信息爆炸的时代，情报机构往往被视为国家安全的幕后英雄，但蒙古国的情报体系却以一种独特的方式走到了台前。

本文约3285字，预计阅读时间10分钟。

A vulnerability, which was classified as critical, has been found in Microsoft Windows up to Vista. This issue affects some unknown processing of the component OpenType Font Parser. The manipulation leads to data processing error. The identification of this vulnerability is CVE-2015-2432. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-4901. The attack can only be done within the local network. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Oracle WebCenter Portal 12.2.1.3.0/12.2.1.4.0. It has been classified as very critical. Affected is an unknown function of the component Security Framework. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2019-16943. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle WebCenter Sites 12.2.1.3.0/12.2.1.4.0. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component Sites. The manipulation leads to improper input validation. This vulnerability is known as CVE-2019-16943. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Global Lifecycle Management NextGen OUI Framework 12.2.1.3.0/12.2.1.4.0/13.9.4.2.2 and classified as very critical. This vulnerability affects unknown code of the component Tools. The manipulation leads to improper input validation. This vulnerability was named CVE-2019-16943. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Processor. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-45332. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Intel Core Processor and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-20623. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Intel Processor. Affected is an unknown function. The manipulation leads to insufficient resource pool. This vulnerability is traded as CVE-2025-20103. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Processor. It has been classified as problematic. Affected is an unknown function of the component denial of service. The manipulation leads to uncaught exception. This vulnerability is traded as CVE-2025-20054. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Intel Atom Arocessor. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-43420. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A critical vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) that could allow attackers to execute malicious code on affected systems remotely. The vulnerability, tracked as CVE-2025-21297, was disclosed by Microsoft in their January 2025 security updates and has since been actively exploited in the wild. The flaw, discovered and reported by VictorV (Tang Tianwen) […]

The post Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.

HackerNews 编译，转载请注明出处： 美国司法部对12名嫌疑人提出指控，称其涉嫌参与一系列加密货币盗窃及后续洗钱活动，涉案金额达数亿美元。指控包括用于打击有组织犯罪的RICO共谋罪、电汇欺诈共谋、洗钱和妨碍司法公正。案件中的两名新增嫌疑人——20岁的Malone Lam和21岁的Jeandiel Serrano——于2024年9月被捕，被控通过社会工程攻击从华盛顿特区一名受害者处窃取约2.45亿美元。 司法部表示，该团伙成员最初通过在线游戏平台结识。自2023年10月起，他们利用窃取数据库中的信息锁定持有大量加密货币的潜在目标。据称部分嫌疑人“主动致电受害者，通过社会工程手段说服他们其账户正遭受网络攻击，而团伙成员试图帮助保护账户”。 检方指控该团伙通过多种骗局获利，包括一笔1400万美元和另一笔290万美元的盗窃。2024年7月，Lam入侵某受害者的iCloud账户以监控其位置。随后19岁的Marlon Ferro闯入该目标位于新墨西哥州的住宅，窃取与其加密账户关联的硬件设备。 2024年8月，据加密货币调查员ZachXBT（自称协助执法部门研究此案）透露，Lam和四名未具名嫌疑人瞄准加密借贷平台Genesis的债权人。他们冒充加密货币交易所Gemini的客服人员，谎称受害者账户被黑，指示其重置多因素认证并将资金转入被控钱包，同时诱骗受害者使用AnyDesk共享屏幕导致私钥泄露。 ZachXBT发布的视频据称记录了该团伙盗取资金时的实时反应，视频中有人反复高喊“我们搞定了！”。 检方称，该团伙成员利用非法所得过着奢侈生活，使用伪造文件在佛罗里达和加州租赁豪宅，乘坐私人飞机前往汉普顿，并购买多辆豪车。在为期三周的时间内，他们涉嫌在洛杉矶夜店挥霍400万美元。 嫌疑人Kunal Mehta、Hamza Doost、Joel Cortez和Evan Tangeman被控参与洗钱活动。据称担任数据库黑客兼团伙组织者的Conor Flansburg曾对Lam发出疑问：“我们怎么都比别人强这么多……我们怎么在几个月内就超越了那些混了八年圈子的人？” 起诉书显示，2024年9月18日，一名休班执法人员告知Lam警方正在逼近。在警察抵达其迈阿密住所实施逮捕前，Lam走向屋后通往比斯坎湾的码头，将手机扔入水中。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文