Aggregator

A vulnerability, which was classified as critical, has been found in SQL Chart Builder Plugin up to 2.3.6 on WordPress. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-11430. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Custom Skins Contact Form 7 Plugin up to 1.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12341. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in debranding Plugin up to 1.0.2 on WordPress. This affects an unknown part of the component Options Update Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-11443. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in AI Post Generator Plugin up to 3.5 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-11709. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Library Management System Plugin up to 3.0.0 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-12406. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Opt-In Downloads Plugin up to 4.07 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-10590. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Sign In with Google Plugin up to 1.8.0 on WordPress and classified as critical. This issue affects the function authenticate_user. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-11015. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Grid Plus Plugin up to 1.3.5 on WordPress and classified as critical. This vulnerability affects the function grid_plus_load_by_category of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-10910. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Numerix License Server Administration System 1.1_596. This affects an unknown part of the file nlslogin.jsp of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-50585. It is possible to initiate the attack remotely. There is no exploit available.

Viceadmiraal Boudewijn Boots is vanaf vandaag de nieuwe Inspecteur-Generaal der Krijgsmacht (IGK). In deze functie is hij ook Inspecteur der Veteranen en Inspecteur der Reservisten. Boots volgt luitenant-generaal der mariniers Frank van Sprang op. Die gaat op 1 januari met functioneel leeftijdsontslag.

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC) during NATO Edge 2024, the NATO Communications and Information Agency’s flagship conference. The solution is also specifically tailored for MSSPs that protect aerospace and defense organizations. This year’s event, held from December 3 to 5, emphasized emerging technologies in defense, […]

The post Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

原创 Paper | 揭秘暗黑系网络服务运营商——防弹主机网络

揭秘暗黑系网络服务运营商——防弹主机网络

Prying Deep: An OSINT Tool to Collect Intelligence on the Dark Web

Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive potential, as the latest version, 2.9.4.0, introduces a custom DNS tunnel for covert C2 communications, bypassing traditional network security measures.  An interactive shell empowers attackers with granular control over infected systems, facilitating advanced attacks like ransomware deployment, where Zloader’s relentless […]

The post Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

周三 Black Hat Europe 会议上，安全公司 Lookout 的研究人员披露了警方用于从 Android 设备收集信息的间谍软件 EagleMsgSpy。该间谍软件至少从 2017 年就开始使用，Lookout 获得了间谍软件的多个版本。EagleMsgSpy 能从设备上获取通话记录、联系人、GPS 坐标、书签以及来自 Telegram 和 WhatsApp 等第三方应用的消息。它还能启动屏幕录制并捕获音频。EagleMsgSpy 被形容是一款手机司法监听产品，由武汉中软通证信息技术有限公司开发。

ESET scopre il primo bootkit UEFI per Linux

专家预测 2025 年网络安全将发生重大转变