Aggregator

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following Palo Alto Networks Expedition vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Last week, Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack […]

是漏洞还是设计选择？

速修复

1、摘要       这篇文章旨在介绍施耐德EcoStruxure Power […]

A report from the Five Eyes cybersecurity alliance, released by the CISA, highlights the majority of the most exploited vulnerabilities last year were initially zero-day flaws, a significant increase compared to 2022 when less than half of the top vulnerabilities were zero-day exploits.

The post Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted appeared first on Security Boulevard.

学SYN扫描实现，看这儿就够了

Поправки в закон ужесточают контроль и увеличивают штрафы.

Bitsight announced it has signed a definitive agreement to acquire Cybersixgill, a global cyber threat intelligence (CTI) data provider. Together, Bitsight and Cybersixgill will provide visibility into an organization’s external attack surface, supply chain, and the threats targeting it. As a result, security leaders can proactively identify, prioritize, and mitigate risk across their first and third party environments. With cyber attacks on the rise, CTI data is increasingly vital. However, applying threat intelligence findings to … More →

The post Bitsight acquires Cybersixgill to help organizations manage cyber exposure appeared first on Help Net Security.

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building web applications. The vulnerability allows unauthorized access by exploiting improperly validated inputs, potentially leading to privilege escalation, data tampering, or full system compromise. Given Laravel’s widespread adoption across industries, the discovery is a cause for concern, as it could leave […]

The post Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новая уязвимость ставит под удар инфраструктуру Citrix.

A vulnerability was found in ISC DHCPD up to 4.1-ESV-R16-P1/4.4.3. It has been classified as critical. This affects the function option_code_hash_lookup of the component Server Response Handler. The manipulation of the argument refcount leads to integer overflow. This vulnerability is uniquely identified as CVE-2022-2928. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in MIME Multipart on Go. Affected is an unknown function. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2023-24536. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in net-http and mime-multipart on Go. It has been classified as problematic. Affected is an unknown function. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2022-41725. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in crypto-tls on Go. It has been classified as problematic. This affects an unknown part of the component TLS Handshake Handler. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2022-41724. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in libexpat up to 2.5.0. Affected is an unknown function of the component Parser. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2023-52425. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.8.6. This issue affects some unknown processing of the component Bluetooth. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-35963. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Envoy up to 1.28.6/1.29.4/1.30.0. It has been rated as critical. Affected by this issue is the function sendLocalReply. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-45810. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Тайные контракты и секретные миссии, о которых не принято говорить вслух.

今天 Anthropic 正式发布 Stable Diffusion 3.5，这是它们迄今为止最强的模型，此公开版本包含多个型号变体，包括 Stable Diffusion 3.5 Large ...

За ошибки ИБ-отдела будут расплачиваться руководители аптек.