Aggregator

Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links

The Hackers News
9 months ago
The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.
The Hacker News

瘫痪男子用意念操作机械臂

Solidot
9 months ago
加州大学旧金山分校的研究人员通过一种能将大脑信号传递到计算机的设备,使一名瘫痪患者能够控制机械臂。他只需想象自己做出动作,就能抓取、移动和放下物体。这种被称为脑机接口(BCI)的设备在不需要调整的情况下工作了创纪录的7个月。此前此类设备通常只能工作一两天。BCI 依赖于一个能够适应大脑在重复动作——或者在这种情况下是想象中的动作——时发生的微小变化的人工智能模型,并学会以更精细的方式完成动作。研究人员与一名多年前因中风瘫痪的研究参与者合作。他无法说话或移动。研究人员在他的大脑表面植入了微小的传感器,这些传感器可以在他想象动作时捕捉大脑活动。为了查看他的大脑模式是否会随时间变化,研究人员让参与者想象移动身体的不同部位,如手、脚或头部。尽管他无法真正移动,但当参与者想象自己做出动作时,他的大脑仍然可以产生动作信号。BCI通过大脑表面的传感器记录了这些动作的代表。

CVE-2001-0228 | Goahead Webserver V.2.0/V.2.1 GET Request path traversal (EDB-20607 / ID 86368)

Vuldb Updates
9 months ago
A vulnerability has been found in Goahead Webserver V.2.0/V.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2001-0228. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.
vuldb.com

多家公司开始限制员工加班

Solidot
9 months ago
深圳大疆、美的和海尔等公司据报道开始限制员工加班,实施双休制(或五天工作制)。大疆员工称,公司主管 2 月 27 日在组会上提出,不提倡过度加班,没有必须完成的任务,那就早点下班回家,“必须9点下班”。美的 1 月发布文件要求,美的内部沟通严禁 PPT,含工作沟通、总结规划、述职等,如用 PPT,要求白底黑色几行字一页以内;严禁任何形式的代写材料行为,董事长和总裁也不能例外;严禁下班后开会及形式主义加班;减少微信群、减少手工报表和作业等。海尔内部发布全面落实双休制的通知,所有部门(包括研发、市场等)实行双休,周六不准来公司,食堂也不提供饭食,特殊情况需要加班的,必须提前一周审批,工作日加班不得超过3小时/天。据悉,市场监管总局曾在今年 2 月召开企业公平竞争座谈会,与天合光能、晶澳科技、隆基绿能、阿里集团、京东集团、北汽集团、奔驰集团等 7 家企业有关负责人围绕整治“内卷式”竞争进行深入交流。

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs
9 months ago
Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. The Loretto Hospital is a not-for-profit, community-focused health care provider. They provide healthcare services […]
Pierluigi Paganini

CVE-2024-27320 | Refuel Autolabel up to 0.0.8 CSV File neutralization of directives

Vuldb Updates
9 months ago
A vulnerability classified as very critical has been found in Refuel Autolabel up to 0.0.8. Affected is an unknown function of the component CSV File Handler. The manipulation leads to improper neutralization of directives in dynamically evaluated code ('eval injection'). This vulnerability is traded as CVE-2024-27320. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-45824 | Rockwell Automation FactoryTalk View Site Edition up to 14.0 command injection

Vuldb Updates
9 months ago
A vulnerability, which was classified as critical, was found in Rockwell Automation FactoryTalk View Site Edition up to 14.0. This affects an unknown part. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-45824. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-6701 | Pegasystems Pega Infinity up to 24.1.2 Case Type cross site scripting

Vuldb Updates
9 months ago
A vulnerability classified as problematic has been found in Pegasystems Pega Infinity up to 24.1.2. This affects an unknown part of the component Case Type Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6701. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-6700 | Pegasystems Pega Infinity up to 24.1.2 App Name cross site scripting

Vuldb Updates
9 months ago
A vulnerability has been found in Pegasystems Pega Infinity up to 24.1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component App Name Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6700. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Laravel Framework Flaw Allows Attackers to Execute Malicious JavaScript

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months ago

A significant vulnerability has been identified in the Laravel framework, specifically affecting versions between 11.9.0 and 11.35.1. The issue revolves around improper encoding of request parameters on the error page when the application is running in debug mode, leading to reflected cross-site scripting (XSS). This flaw has been assigned the CVE identifier CVE-2024-13918 and has […]

The post Laravel Framework Flaw Allows Attackers to Execute Malicious JavaScript appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2019-8649 | Apple macOS up to 10.14.5 WebKit Universal cross site scripting (HT210348 / EDB-47162)

Vuldb Updates
9 months ago
A vulnerability classified as problematic was found in Apple macOS up to 10.14.5. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to cross site scripting (Universal). This vulnerability is known as CVE-2019-8649. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad