Aggregator

De komende feestdagenperiode kun je jouw grijze cellen flink in beweging laten komen. De AIVD kerstpuzzel en de juniorkerstpuzzel zijn er namelijk weer!

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Tips For Managing Terraform Variables

От вредоносного текста до шокирующих изображений.

【补丁日速递】2024年12月微软补丁日安全风险通告

一条雄性座头鲸先是于 2017 年在哥伦比亚附近太平洋发现，2022 年在印度洋 Zanzibar 岛附近发现，两地之间的最短大圆距离为 13,046 公里。这可能是有记录以来座头鲸的最远旅行距离。座头鲸每年都会长途跋涉，但这只座头鲸的迁徙距离不同寻常。科学家猜测可能是气候变化减少了其主要食物磷虾的丰度，或者是寻找配偶。研究报告发表在《Royal Society Open Science》期刊上。

A vulnerability has been found in Application Dynamics Cartweaver ColdFusion up to 2.16.11 and classified as critical. This vulnerability affects unknown code of the file results.cfm. The manipulation of the argument ProdID leads to sql injection. This vulnerability was named CVE-2006-2046. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SoftExpert Excellence Suite up to 2.1.2. It has been classified as problematic. This affects an unknown part of the file /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2023-30330. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

December Zero-Day Phishing Threat Intel

WEB前端逆向拦截页面跳转

From Shopping Malls to Living Arcades: A Full-Circle Journey Into Modern Arcadism

绿盟科技威胁周报（2024.12.02-2024.12.08）

Understanding the nuances between cybersecurity products and platforms is crucial for enhancing business protections and supporting businesses anywhere.

The post Cybersecurity Products or Platforms – Which is More Effective? appeared first on Security Boulevard.

Strengthening Cybersecurity: Breaking Down inDrive’s Bug Bounty Program

Браузер обновляет подходы к защите конфиденциальности.

Editor’s note: The current article is authored by Mostafa ElSheimy, a malware reverse engineer and threat intelligence analyst. You can find Mostafa on X and LinkedIn.  In this malware analysis report, we will delve into Nova, a newly discovered fork of the Snake Keylogger family. This variant has been observed employing even more sophisticated tactics, signaling the continued […]

The post Analysis of Nova: A Snake Keylogger Fork appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability classified as problematic has been found in Schweizerische Steuerkonferenz Library taxstatement.jar 2.2.2/2.2.4 on Windows. Affected is the function DocumentBuilder of the component PDF Handler. The manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2024-8602. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.