Aggregator

Discover the most common Kerberos attacks that every red teamer should know (and analysts fear), and learn how to execute them with real-world examples.

The largest repackage and re-post of an old leak In November 2024, a hacker known as “Nam3L3ss” allegedly released previously undisclosed data from the MOVEit breach in May 2023. This leak consisted of millions of records, including sensitive employee and big brand corporate information, significantly escalating the breach’s impact. Digging into this story reveals that […]

The post MOVEit Repackaged and Recycled appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

The post MOVEit Repackaged and Recycled appeared first on Security Boulevard.

Cyber-attacks involving Remcos RAT surged in Q3 2024, enabling attackers to control victim machines remotely, steal data and carry out espionage

Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom instances. Version 5.8.0.24 of the three products, which was pushed out on Wednesday, plugs the hole that allowed attackers into vulnerable installations, where they moved to establish a reverse shell connection to their servers and perform reconnaissance. Huntress researcher John Hammond confirmed that the patch is effective at … More →

The post Cleo patches zero-day exploited by ransomware gang appeared first on Help Net Security.

Вот она - формула идеального переезда.

A vulnerability, which was classified as problematic, has been found in Hello in All Languages Plugin up to 1.0.6 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-12572. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in SVG Shortcode Plugin up to 1.0.1 on WordPress. This vulnerability affects unknown code of the component SVG Upload Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-12574. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Responsive Filterable Portfolio Plugin up to 1.0.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2019-25221. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in AR Plugin up to 7.3 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-12300. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/password-recovery.php. The manipulation of the argument mobileno leads to sql injection. This vulnerability is known as CVE-2024-54842. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Apache Superset up to 4.0.x. It has been classified as critical. Affected is an unknown function of the component Postgres Analytic Database Handler. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2024-55633. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The identification of this vulnerability is CVE-2024-55099. The attack may be initiated remotely. There is no exploit available.

CVE-2024-11680 PoC Exploit in ProjectSend r1605 and Older Versions

Google 的新 AI 助手 Jules 将帮助程序员自动修 Bug

聚焦纽创信安 | 上海ICCAD 2024-Expo

US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...]

报告发布|数世咨询：云网安一体化能力指南（附下载）