Aggregator

每年10月1日是网络安全意识月启动日，由美国国家网络安全联盟（NCA）与网络安全和基础设施安全局（CISA）共同推动。文章强调了四项核心安全习惯：使用强密码和密码管理器、启用多因素认证、识别并报告网络诈骗、定期更新软件。同时介绍了GuidePoint Security提供的相关资源和活动，旨在帮助个人和组织提升网络安全意识。

Hackers have recently leveraged a vulnerability in the web-based management interfaces of certain cellular routers to co-opt their built-in SMS functionality for nefarious purposes. By targeting exposed APIs, attackers are able to dispatch large volumes of malicious SMS messages containing weaponized links that lead to drive-by downloads or credential-stealing pages. This emerging threat vector exploits […]

The post Hackers Exploit Cellular Router’s API to Send Malicious SMS Messages With Weaponized Links appeared first on Cyber Security News.

This issue seems to be a false positive. Please check the referenced sources and consider omitting this entry entirely.

Siemens launched SINEC Secure Connect, the zero trust security platform designed for operational technology (OT) networks. The software solution virtualizes network structures using overlay networks. It enables Machine-to-Machine, Machine-to-Cloud, and Machine-to-Datacenter connections, plus secure remote access to industrial systems, all without relying on VPNs. Shop floor devices using SINEC Secure Connect remain protected from unauthorized external access while maintaining the necessary operational connectivity. This allows industrial companies to realize secure, flexible, and future-proof OT networking. … More →

The post Siemens simplifies OT security with virtualized, encrypted connectivity appeared first on Help Net Security.

A vulnerability classified as very critical has been found in GNU Coreutils up to 8.23. Affected by this vulnerability is the function keycompare_mb of the file sort.c. The manipulation leads to integer overflow. This vulnerability is documented as CVE-2015-4042. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability labeled as problematic has been found in GNU C Library up to 2.25. Affected by this vulnerability is an unknown functionality of the component iconv. Such manipulation of the argument -c leads to improper input validation. This vulnerability is traded as CVE-2016-10228. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in GNU C Library up to 2.33 and classified as problematic. This vulnerability affects the function mq_notify. Executing manipulation of the argument sigevent can lead to use after free. This vulnerability is handled as CVE-2021-33574. The attack can only be done within the local network. There is not any exploit available.

A vulnerability classified as critical has been found in runc up to 1.0-rc6. Affected is an unknown function of the file /proc/self/exe. The manipulation leads to containment errors. This vulnerability is referenced as CVE-2019-5736. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Хакеры показали, как легко повысить привилегии в VMware Aria.

A vulnerability described as problematic has been identified in Infopop Ultimate Bulletin Board up to 5.47. The impacted element is an unknown function of the component IMG Tag Handler. Executing manipulation can lead to basic cross site scripting. This vulnerability is handled as CVE-2001-0897. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Rick Fournier Network Tools 0.2 on PHP-Nuke. This impacts an unknown function. The manipulation of the argument $hostinput results in improper privilege management. This vulnerability was named CVE-2001-0899. The attack may be performed from remote. In addition, an exploit is available. Upgrading the affected component is advised.

A vulnerability was found in University of Cambridge Exim 3.22. It has been classified as critical. This vulnerability affects unknown code of the component Pipe Handler. Performing manipulation results in improper privilege management. This vulnerability is reported as CVE-2001-0889. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Francisco Burzi Gallery 1.2.3. Affected is an unknown function of the file modules.php. This manipulation of the argument include causes path traversal. The identification of this vulnerability is CVE-2001-0900. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in EMC NetWorker 6.0. This affects an unknown function of the component DNS Handler. Executing manipulation can lead to authentication bypass by spoofing. This vulnerability appears as CVE-2001-0910. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability marked as critical has been reported in PHP-Nuke and PostNuke. This impacts an unknown function of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data (Password). This vulnerability is traded as CVE-2001-0911. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

Research by: hasherezade Highlights Introduction Rhadamanthys is a complex, multi-modular malware sold on the underground market since September 2022. It was first advertised by the actor “kingcrete2022.” From the outset, its design showed the hallmarks of experienced developers, and analysis soon revealed that it drew heavily from an earlier project by the same authors, Hidden […]

The post Rhadamanthys 0.9.x – walk through the updates appeared first on Check Point Research.

Rhadamanthys是一款复杂的多模块恶意软件，在网络犯罪中广泛应用。最新版本0.9.2引入了新的自定义可执行格式XS1_B和XS2_B、改进的字符串混淆算法、指纹收集脚本及支持Ledger Live钱包的Lua扩展。Check Point提供了转换器、去混淆器和解包器等工具以应对这些变化。

Image-sharing platform Imgur has blocked its services within the UK, following a regulatory notice from the ICO

A vulnerability was found in Linux Kernel up to 6.12.45/6.16.5. It has been rated as critical. Affected is an unknown function of the component wifi. The manipulation leads to stack-based buffer overflow. This vulnerability is documented as CVE-2025-39918. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.45/6.16.5. It has been declared as critical. This impacts the function ixgbe_lp_map. Executing manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2025-39922. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.