Aggregator

全球数据泄露态势10月份报告完整版，附下载地址。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Four current and former publicly trading tech companies have agreed to pay civil penalties in relation to the SEC charges

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate […]

INE Security offers essential advice to protect digital assets and enhance security. As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE Security, a leading provider of cybersecurity training and certifications, today shared its cybersecurity training for cyber hygiene practices for small businesses, underscoring […]

The post INE Security Launches New Training Solutions to Enhance Cyber Hygiene for SMBs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

Cary, NC, 22nd October 2024, CyberNewsWire

The post INE Security Launches New Training Solutions to Enhance Cyber Hygiene for SMBs appeared first on Security Boulevard.

A vulnerability classified as critical was found in ICONICS GENESIS64, Hyper Historian, AnalytiX, MobileHMI and Electric MC Works64. This vulnerability affects unknown code. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2024-7587. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in WooCommerce Order Proposal Plugin up to 2.0.5 on WordPress. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-9927. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Liferay Portal and DXP. It has been rated as critical. Affected by this issue is some unknown functionality of the component Workflow. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2024-38002. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Liferay Portal and DXP. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Script Console. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-8980. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Liferay Portal and DXP. It has been classified as problematic. Affected is an unknown function of the component Content Page Editor. The manipulation of the argument p_l_back_url leads to cross-site request forgery. This vulnerability is traded as CVE-2024-26272. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Liferay Portal and DXP and classified as problematic. This issue affects some unknown processing of the component My Account Widget. The manipulation of the argument _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-26271. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Liferay Portal and DXP and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect leads to cross-site request forgery. This vulnerability was named CVE-2024-26273. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Red Hat Build of Keycloak, Fuse, JBoss Data Grid, JBoss Enterprise Application Platform, JBoss Enterprise Application Platform Expansion Pack and Single Sign-On. This affects an unknown part of the component Wildfly. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10234. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in IBM Concert 1.0.0/1.0.1. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is handled as CVE-2024-43177. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in IBM Concert 1.0.0/1.0.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie with improper samesite attribute. This vulnerability is known as CVE-2024-43173. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Red Hat OpenShift Container Platform 4. Affected is an unknown function of the component Graphql Introspection Query Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-50312. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.