Aggregator

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts. BleepingComputer first reported the news of the incident, after it received several messages from […]

In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing out fixes for critical vulnerabilities before disclosing their existence to the public, has privately notified select customers a week ago and shared temporary mitigation advice. The advice apparently includes configuring FortiManager to prevent devices with … More →

The post Fortinet releases patches for undisclosed critical FortiManager vulnerability appeared first on Help Net Security.

A vulnerability has been found in Rittal IoT Interface and CMC III Processing Unit and classified as problematic. Affected by this vulnerability is the function rand of the component Function Call Handler. The manipulation leads to generation of predictable numbers or identifiers. This vulnerability is known as CVE-2024-47945. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

A vulnerability was found in Rittal IoT Interface and CMC III Processing Unit. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Firmware Upgrade Handler. The manipulation leads to missing protection mechanism for alternate hardware interface. This vulnerability is known as CVE-2024-47944. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rittal IoT Interface and CMC III Processing Unit. It has been classified as problematic. Affected is an unknown function of the file run.sh of the component Firmware Upgrade Handler. The manipulation leads to improper verification of cryptographic signature. This vulnerability is traded as CVE-2024-47943. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in warfareplugins Social Sharing Plugin up to 3.5.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument swp_url leads to code injection. This vulnerability is known as CVE-2021-4434. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AVEVA PI Server up to 2018 SP3 P05/2023. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper check or handling of exceptional conditions. This vulnerability is traded as CVE-2023-34348. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-0716. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Intel NUC BIOS IN0048 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2023-28738. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Lenovo App Store App. Affected by this issue is some unknown functionality. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2023-6450. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads to sql injection. The identification of this vulnerability is CVE-2024-9986. The attack may be initiated remotely. Furthermore, there is an exploit available. The initial researcher advisory only mentions the parameter "password" to be affected. But it must be assumed that other parameters are affected as well.

A vulnerability was found in Oracle Hospitality OPERA 5 5.6.19.19/5.6.25.8/5.6.26.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component Opera Servlet. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-21172. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network configurations, user passwords,

A vulnerability classified as critical has been found in Funadmin 5.0.2. This affects the function index of the file \backend\controller\auth\Auth.php. The manipulation of the argument selectFields leads to sql injection. This vulnerability is uniquely identified as CVE-2024-48231. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.11.1. It has been rated as problematic. Affected by this issue is the function nf_reject_ip6_tcphdr_put of the component netfilter. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2024-47685. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.12/6.11.1. It has been declared as critical. Affected by this vulnerability is the function mlx5_vdpa_dev_add. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-47687. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.112/6.6.53/6.10.12/6.11.1. It has been classified as problematic. Affected is an unknown function of the component hisilicon. The manipulation leads to injection. This vulnerability is traded as CVE-2024-47730. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Is your vulnerability management game on point? If it’s not, you’re handing attackers an open invitation. And if you believe that merely using a vulnerability scanner qualifies as effective management,...

The post What is Vulnerability Management? Compliance, Challenges, & Solutions appeared first on Strobes Security.

The post What is Vulnerability Management? Compliance, Challenges, & Solutions appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.11.1 and classified as critical. This issue affects some unknown processing of the component DRM. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2024-47729. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Chinese researchers used a D-Wave quantum computer to crack a 22-bit encryption key, which can be used as a cautionary tale for what may lie ahead with future quantum systems but doesn't threaten the classical encryption being widely used today.

The post Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’ appeared first on Security Boulevard.