Aggregator

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

The Hackers News
9 months 3 weeks ago
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to "gain SSH access to the victim's machine by writing the attacker’s SSH public key in the root user’s authorized_keys file," software supply
The Hacker News

CVE-2024-35308 | Artica Pandora FMS up to 777.2 Plugin Edition path traversal

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability was found in Artica Pandora FMS up to 777.2. It has been classified as critical. This affects an unknown part of the component Plugin Edition. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-35308. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-9987 | Artica Pandora FMS up to 777.2 agents_modules_csv filters sql injection

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability was found in Artica Pandora FMS up to 777.2 and classified as critical. Affected by this issue is some unknown functionality of the file extensions/agents_modules_csv. The manipulation of the argument filters leads to sql injection. This vulnerability is handled as CVE-2024-9987. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

梆梆安全荣获“2024年中国互联网成长型前二十家企业”

嘶吼
9 months 3 weeks ago

2024年10月17日,由中国互联网协会举办的《中国互联网企业综合实力指数(2024)》发布会在厦门成功召开,中国互联网协会副秘书长裴玮在会上正式发布了《中国互联网企业综合实力指数(2024)》报告,梆梆安全成功入选“2024年中国互联网成长型前二十家企业”

中国互联网协会副秘书长裴玮指出,自2013年以来,中国互联网协会已连续12年开展中国互联网企业综合实力指数研究工作,获得了政府部门、行业机构、业界专家的广泛关注和认可。2024年中国互联网成长型企业发展主要呈现以下特征:一是业务规模高速扩张。二是研发力度加大倾斜。三是业务形态丰富多元。

梆梆安全自2010年成立以来,始终以客户为中心,开创、繁荣了移动应用安全蓝海市场,建立了全面的移动应用安全防护生态体系,并在业务上形成了以移动安全为主体,联动安全服务和物联网安全的“一体两翼”业务体系,以及由技术、产品、解决方案和咨询服务构成的“四位一体”产研体系

梆梆安全率先提出了基于“全生命周期全渠道移动应用安全建设”的技术防护理念,通过风险环境和异常行为的深度分析,精准发现复杂攻击并快速响应。移动应用安全建设矩阵涵盖了Android、iOS、鸿蒙App及H5、小程序、轻应用等,以及外发Android SDK和iOS SDK,由第三方引入的Android/iOS SDK

同时,梆梆安全可以针对移动安全开发上线的整个生命周期(编码、测试、发布、运维、人工服务)提供全方位安全建议,确保上线应用的安全与合规,防止应用被反编译或调试,确保App符合相关的个人隐私监管要求。

目前,梆梆安全拥有10万家以上企业及开发者用户,安全技术覆盖的移动应用软件超过100万,这些应用已经累计安装在10亿个移动终端上,用户遍及金融、互联网、物联网、政府、运营商、企业、医疗、能源、教育等各大行业。

未来,梆梆安全将继续秉承“稳如泰山,值得托付”的服务观,持续加大研发投入和技术创新,积极探索移动安全的创新范式,精进产品能力,让更加标准化、智能化的安全解决方案走进真实的业务场景,让数字经济赋能数字中国高质量发展!

梆梆安全

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

Help Net Security
9 months 3 weeks ago

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and 1.6.7. The email carrying the exploit was sent in June 2024. About CVE-2024-37383 Roundcube is an open-source, browser-based IMAP client with a user interface that makes it look like a standalone application. CVE-2024-37383 is a … More →

The post Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) appeared first on Help Net Security.

Zeljka Zorz

Делаем облако слов в терминале Linux

Securitylab.ru
9 months 3 weeks ago
В этой статье мы рассмотрим, как можно быстро и просто создавать изображения с облаками слов. Мы шаг за шагом покажем процесс установки, настройки и использования программ, а также поделимся идеями для создания уникальных изображений с текстом.

Malware Trends Report: Q3, 2024

Anyrun
9 months 3 weeks ago

We’re excited to share ANY.RUN‘s latest malware trends analysis for Q3 2024. Our quarterly update provides insights into the most widely deployed malware families, types, and TTPs we saw during the last 3 months of the year. Summary In Q3 2024, ANY.RUN users ran 1,090,457 public interactive analysis sessions, which is a 23.7% increase from […]

The post Malware Trends Report: Q3, 2024 appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs
9 months 3 weeks ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog. ScienceLogic SL1 contains a vulnerability related to a third-party component. It has been fixed in […]
Pierluigi Paganini

Ivanti Neurons for App Control strengthens endpoint security

Help Net Security
9 months 3 weeks ago

Ivanti introduced Ivanti Neurons for App Control, which safeguards devices from unauthorized applications. In addition, Ivanti released new analytics in the Ivanti Neurons platform and new features for Ivanti Neurons for Patch Management to enhance security and ensure compliance. With Ivanti’s innovations and focus on exposure management, organizations can proactively safeguard themselves in today’s complex and evolving threat landscape. Organizations are witnessing a fast-growing ecosystem of IT assets on their networks — making attack surfaces … More →

The post Ivanti Neurons for App Control strengthens endpoint security appeared first on Help Net Security.

Industry News

Managed ad