Aggregator

A vulnerability classified as critical was found in Huawei HarmonyOS and EMUI. Affected by this vulnerability is an unknown functionality of the component Wi-Fi Module. The manipulation leads to missing authentication. This vulnerability is known as CVE-2022-48621. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in NEC WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to execution with unnecessary privileges. The identification of this vulnerability is CVE-2024-28005. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Oracle E-Business Suite up to 12.2.13. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Workflow. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-21071. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Applications Framework up to 12.2.13. It has been declared as problematic. This vulnerability affects unknown code of the component REST Services. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-21080. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Oracle Concurrent Processing up to 12.2.13. Affected is an unknown function of the component Request Submission/Scheduling. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-21089. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle MySQL Connectors up to 8.3.0. Affected by this vulnerability is an unknown functionality. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-21090. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Oracle MySQL Server up to 8.0.36. Affected is an unknown function of the component Group Replication Plugin. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-21087. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Agile Product Lifecycle Management for Process 6.2.4.2. It has been declared as critical. This vulnerability affects unknown code of the component Product Quality Management. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-21092. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Samba 2.0.7. Affected by this vulnerability is an unknown functionality of the file cgi.log of the component Web Administration Tool. The manipulation leads to information disclosure (Password). This vulnerability is known as CVE-2000-0936. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader

Fifteen years ago I blogged about a different SQUID. Here’s an update:

Fleeing drivers are a common problem for law enforcement. They just won’t stop unless persuaded­—persuaded by bullets, barriers, spikes, or snares. Each option is risky business. Shooting up a fugitive’s car is one possibility. But what if children or hostages are in it? Lay down barriers, and the driver might swerve into a school bus. Spike his tires, and he might fishtail into a van­—if the spikes stop him at all. Existing traps, made from elastic, may halt a Hyundai, but they’re no match for a Hummer. In addition, officers put themselves at risk of being run down while setting up the traps...

The post Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device appeared first on Security Boulevard.

The Good, the Bad and the Ugly in Cybersecurity – Week 49

Incidents at Pain Management Firm, Pediatric Hospital Affect 50,000 People
An insider breach at a Florida pain management firm and an email breach at a Colorado pediatric hospital have resulted in more than $1.7 million in fines for HIPAA violations found by federal investigators. The two incidents affected fewer than 50,000 people.

Possible Chinese State-Sponsored Exploit Kit Using Browser Flaws to Deploy Spyware
A possible Chinese state threat group is targeting vulnerabilities in messaging apps to deliver spyware in cross-platform devices used by members of ethnic minorities targeted for repression by Beijing. Trend Micro dubs the group "Earth Minotaur."

Are We Fully Aware of the Cybersecurity Threats We Face in the Cloud? In today’s interconnected world, maintaining a secure environment is paramount. The advent of the cloud has expanded the horizon of potential threats, as it has given rise to machine identities, known as non-human identities (NHIs), and their secrets. With organizations increasingly moving […]

The post Exploring the Future of Cloud-Native Security Solutions appeared first on Entro.

The post Exploring the Future of Cloud-Native Security Solutions appeared first on Security Boulevard.

Why is Secrets Vaulting Essential for Data Security? As organizations increasingly adopt cloud technology and automation across various industries, securing Non-Human Identities (NHIs) and their secrets has emerged as a crucial element in the cybersecurity landscape. However, can you recall the last time you questioned how securely your machine identities’ secrets are stored? Or wondered […]

The post How Secure Vaulting Keeps Your Secrets Safe appeared first on Entro.

The post How Secure Vaulting Keeps Your Secrets Safe appeared first on Security Boulevard.

Bridging the Security Skills and Budget Gap with Managed Security Services

BigDaddyKane is Allegedly Selling the Data of Grayscale Investments

Termite, an emerging ransomware group that launched its data leak site in late October and appears to be using a modified version of the Babuk malware, is claiming responsibility for the hack of giant SaaS provider Blue Yonder late last month that disrupted the operations of several corporations, including Starbucks.

The post Emerging Ransomware Group Termite Claims Attack on Blue Yonder appeared first on Security Boulevard.

Counter is Allegedly Selling the Data of Haifa Municipality