Aggregator

Миллионы компьютеров оказались беззащитны перед восьмиступенчатой атакой через доверенную программу.

字节跳动回应Trae IDE问题：性能优化完成，遥测关闭误解需改进，Discord封禁为反广告机器人误操作已解封。

It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food sector is dealing with right now. Despite agriculture’s importance, cybersecurity in this field doesn’t get the attention it deserves. Farms, processing plants, and distribution systems are going digital, and that’s opening the door to cyber attacks. A big problem is that a lot of the … More →

The post The food supply chain has a cybersecurity problem appeared first on Help Net Security.

富士電機製Monitouch V-SFTとTellus Liteには、境界外書き込みの脆弱性が存在します。

Johnson Controlsが提供するSoftware House iStar Pro Door Controllerには、重要な機能に対する認証の欠如に関する脆弱性が存在します。

俄罗斯堪察加半岛7月29日发生8.8级强震，引发海啸警报。日本多地观测到40厘米高海浪。这是2011年以来最强地震，目前无人员死亡报告。

美国地质勘探局(USGS)报告，俄罗斯堪察加半岛 7 月 29 日 23:24 UTC 发生 M8.8 级地震。太平洋沿海地区发布海啸警报，据日本共同社报道，第一波海啸已经抵达日本海岸，北海道十胜港观测到了 40 厘米高的海啸。这次大地震是 2011 年日本东北地方太平洋近海地震（M9.1）以来的最强地震，为有记录以来第六强地震。目前暂无死亡报告。

A vulnerability classified as problematic was found in Cisco IOS and IOS XE 16.3.1. Affected by this vulnerability is an unknown functionality of the component Autonomic Networking Infrastructure. The manipulation leads to improper access controls. This vulnerability is known as CVE-2017-6663. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Cisco IOS 15.0/15.1/15.2/15.3/15.4 and classified as problematic. Affected by this issue is some unknown functionality of the component VPLS. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2017-12238. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Intel Ethernet Diagnostics Driver up to 1.3.0 on Windows. It has been rated as critical. This issue affects some unknown processing of the file IQVW32.sys/IQVW64.sys. The manipulation as part of IOCTL Call leads to improper input validation. The identification of this vulnerability is CVE-2015-2291. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Java SE 6u101/7u85/8u60. Affected by this issue is some unknown functionality of the component Deployment. The manipulation leads to denial of service. This vulnerability is handled as CVE-2015-4902. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Как Raven Stealer превратил Telegram в командный пункт для кражи данных.

ColoCrossing推出低价洛杉矶/纽约独立服务器，采用英特尔至强处理器，起售价129美元/年。这些物理机性能优越但需自行安装系统且不支持退款。型号多样，配置包括不同内存、存储和带宽。购买后需5-7天配置硬件。

Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report from SpecterOps makes the case that traditional tools like identity governance, PAM, and MFA aren’t enough. They help manage access, but they miss the bigger problem: how identity and privilege sprawl across the environment in ways that attackers can string together. Attack Path Management (APM) is a continuous security … More →

The post Why CISOs should rethink identity risk through attack paths appeared first on Help Net Security.

A vulnerability has been found in PHP Melody 2.7.1 and classified as critical. This vulnerability affects unknown code of the file ajax.php. The manipulation of the argument playlist as part of Parameter leads to sql injection (Time-Based). This vulnerability was named CVE-2018-5211. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Photography CMS 1.0. This affects an unknown part of the file clients/resources/ajax/ajax_new_admin.php. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2018-5969. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in PHP Proxy 3.0.3. This issue affects some unknown processing of the file index.php?q=file://. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2018-19458. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in PEAR Archive_Tar up to 1.4.3. Affected by this vulnerability is an unknown functionality. The manipulation of the argument $v_header[filename] as part of Parameter leads to deserialization (Unserialize). This vulnerability is known as CVE-2018-1000888. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tubigan Welcome to our Resort 1.0. It has been classified as critical. This affects an unknown part of the file index.php?p=accomodation. The manipulation of the argument q leads to sql injection. This vulnerability is uniquely identified as CVE-2018-18800. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Menlo Park, United States, July 30th, 2025, CyberNewsWire AccuKnox, Inc., the Zero Trust Cloud-Native Application Protection Platform (CNAPP) leader, has announced deployment in the UAE banking sector through its strategic partnership with cybersecurity VAD CyberKnight. The deal, secured with a major Abu Dhabi-based financial institution [market cap $30 billion], marks a milestone in AccuKnox’s regional expansion. The deployment […]

The post AccuKnox Partners With CyberKnight To Deliver Zero Trust Security For A Leading Global Bank In The UAE. appeared first on Cyber Security News.