Aggregator

研究人员披露针对 AMD SEV 的 BadRAM 攻击

News alert: DMD Diamond invites developers to participate in open beta for its v4 blockchain

A vulnerability classified as problematic has been found in GitLab up to 16.8.3/16.9.1. Affected is an unknown function of the component Group Access Token Handler. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2024-1299. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.8.4/16.9.2/16.10.0. It has been declared as problematic. This vulnerability affects unknown code of the component Label Handler. The manipulation of the argument description leads to resource consumption. This vulnerability was named CVE-2024-2818. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Fortinet FortiOS up to 6.4.15/7.0.15/7.2.5/7.4.1. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-23662. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Enterprise Edition up to 16.8.5/16.9.3/16.10.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component junit Test Report File Handler. The manipulation leads to resource consumption. This vulnerability is known as CVE-2023-6678. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in GitLab Community Edition and Enterprise Edition up to 16.9.5/16.10.3/16.11.0. Affected by this vulnerability is an unknown functionality of the component Email Address Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-1347. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

regain access to a Sony Xperia ZQ

黑客利用 Visual Studio Code 远程隧道进行网络间谍活动

疑似俄罗斯黑客在新间谍活动中瞄准乌克兰国防企业

Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. [...]

【情报】美国司法部又给四川公司和专家打广告了

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

法官拒绝将 Infowars 出售给洋葱新闻

断网近 24 小时！俄罗斯再次演练“主权互联网”可用性

Watsonville Community Hospital Has Been Claimed a Victim to TERMITE Ransomware

SentinelOne Continues to Set the Standard in MITRE ATT&CK® Evaluations | 100% Detection, Zero Delays and 88% Less Noise

Evidence Mounts for Chinese Hacking 'Quartermaster'
A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure cloud infrastructure to target Western technology firms for espionage, security firms Tinexta Cyber and SentinelLabs said. The companies call the campaign "Operation Digital Eye."

Inmediata Health Group Has Paid $2.7M in Fines, Civil Claims for 2019 HIPAA Breach
A breach that exposed the personal information of nearly 1.6 million patients of a Puerto Rico-based clearinghouse has led to a $250,000 financial settlement with federal regulations for multiple HIPAA violations. The 2019 leak has cost Inmediata Health $2.7 million in fines and civil settlements.

LexisNexis Combines AI-Driven Document Authentication With Its Fraud Solutions
To counter AI-driven fraud, LexisNexis acquired IDVerse, a London-based startup focused on document authentication and regulatory compliance. This acquisition aims to seamlessly integrate advanced tools into LexisNexis' fraud and identity platforms, enhancing global operations.