Aggregator

A vulnerability was found in Arena.IM Plugin up to 0.3.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-11384. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Arena.IM Plugin up to 0.3.0 on WordPress. It has been classified as problematic. This affects the function arena_embed_amp of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12463. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Arena.IM Plugin up to 0.3.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-12526. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Cognito Forms Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument id leads to cross site scripting. This vulnerability is known as CVE-2024-10182. The attack can be launched remotely. There is no exploit available.

据Cyber Security News消息，卡巴斯基发现，一项仍在持续的攻击行为正利用盗版软件传播RedLine数据窃取程序，目标是一些俄国企业。 报告表明，该攻击活动开始于 2024 年 1 月，通过俄罗斯一些在线论坛向目标发送了包含RedLine数据窃取程序的HPDxLIB 激活工具，该工具主要用来激活一些商业软件。 根据发现的激活器样本，RedLine被一种非常不寻常的方式隐藏，激活器库被 .NET Reactor 混淆，恶意代码被压缩和加密成多个层。研究人员注意到，恶意版本的激活工具在 .NET 中构建，并使用了自签名证书，而合法的 C++ 版本则使用了有效证书。 攻击者专门在讨论会计和公司的论坛上提供恶意激活工具的链接，并详细介绍了如何绕过许可证检查并能够保持更新。如同大多数激活工具一样，在安装时会要求用户关闭相应的安全保护，以此逃避安全检测，否则软件将无法正常运行。 另外，用户被要求用恶意激活工具中的techsys.dll文件替换合法的同名文件，并在执行已打补丁的软件时，通过合法的 1cv8.exe 进程加载恶意库，从而运行窃取程序。 这种方法利用的是用户的信任，而不是企业软件的漏洞。 RedLine 窃取程序以恶意软件即服务（MaaS）的形式传播，其开发者为买家提供了一次性购买或订阅的使用方式。RedLine 系列专门从指定的 C&C 服务器窃取机密数据，包括即时消息应用程序、浏览器、被入侵系统及其用户的信息。 该活动主要说明了盗版软件和各种激活程序可能潜在的危害性。 因此，为了安全起见，企业应避免使用盗版软件。       转自Freebuf，原文链接：https://www.freebuf.com/news/417408.html 封面来源于网络，如有侵权请联系删除

A vulnerability, which was classified as critical, was found in GLPI up to 10.0.16. Affected is an unknown function of the component API. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-47758. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Los Angeles, USA, 11th December 2024, CyberNewsWire

The post Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024 appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in SQL Chart Builder Plugin up to 2.3.6 on WordPress. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-11430. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Custom Skins Contact Form 7 Plugin up to 1.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12341. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in debranding Plugin up to 1.0.2 on WordPress. This affects an unknown part of the component Options Update Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-11443. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in AI Post Generator Plugin up to 3.5 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-11709. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Library Management System Plugin up to 3.0.0 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-12406. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Opt-In Downloads Plugin up to 4.07 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-10590. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Sign In with Google Plugin up to 1.8.0 on WordPress and classified as critical. This issue affects the function authenticate_user. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-11015. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Grid Plus Plugin up to 1.3.5 on WordPress and classified as critical. This vulnerability affects the function grid_plus_load_by_category of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-10910. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Numerix License Server Administration System 1.1_596. This affects an unknown part of the file nlslogin.jsp of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-50585. It is possible to initiate the attack remotely. There is no exploit available.

Viceadmiraal Boudewijn Boots is vanaf vandaag de nieuwe Inspecteur-Generaal der Krijgsmacht (IGK). In deze functie is hij ook Inspecteur der Veteranen en Inspecteur der Reservisten. Boots volgt luitenant-generaal der mariniers Frank van Sprang op. Die gaat op 1 januari met functioneel leeftijdsontslag.

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC) during NATO Edge 2024, the NATO Communications and Information Agency’s flagship conference. The solution is also specifically tailored for MSSPs that protect aerospace and defense organizations. This year’s event, held from December 3 to 5, emphasized emerging technologies in defense, […]

The post Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

原创 Paper | 揭秘暗黑系网络服务运营商——防弹主机网络

揭秘暗黑系网络服务运营商——防弹主机网络