Aggregator

A vulnerability classified as critical has been found in sqlparse up to 0.4.x. This affects the function sqlparse.parse. The manipulation leads to uncontrolled recursion. This vulnerability is uniquely identified as CVE-2024-4340. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Red Hat OpenStack Platform. Affected is an unknown function of the component Director. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2024-4840. The attack needs to be done within the local network. There is no exploit available.

俄罗斯上周四从哈萨克斯坦拜科努尔航天发射场发射了进步号（Progress）货运飞船，为国际空间站执行例行补给任务，运送食物、燃料和补给等货物。但周六俄罗斯宇航员打开飞船舱门时他们闻到了一股恶臭，看到了小的液滴，他们随即关闭了舱门。NASA 报告到上周日空间站的空气质量处于正常水平。Russian Space Web 的 Anatoly Zak 声称气味有毒。暂时不清楚是什么导致了恶臭。这不是俄罗斯太空设备第一次发生泄漏。

最终排名来了

360发布全球首份《大模型安全漏洞报告》，曝光Intel等知名开源产品漏洞

A vulnerability has been found in Eaton Intelligent Power Protector up to 1.70 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficient verification of data authenticity. This vulnerability was named CVE-2022-33861. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Eaton Intelligent Power Protector up to 1.70. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2022-33862. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Eaton Intelligent Power Manager up to 1.69. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2021-23282. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Have you ever received a call from an unknown number and wondered who could be on the other end? It could be a vishing scam. Vishing, a combination of “voice” and “phishing”, is a fraudulent scheme that aims to trick you into revealing sensitive information.  During a vishing call, a skilled scammer uses social engineering […]

The post Voice Phishing Attacks: How to Prevent and Respond to Them appeared first on CybeReady.

The post Voice Phishing Attacks: How to Prevent and Respond to Them appeared first on Security Boulevard.

Противники мизогинии, женоненавистничества и маскулинности празднуют победу.

Meta has closed down two million accounts it says were used in scams such as pig butchering

Black Friday 2024 at ANY.RUN is here! As always, we’ve prepared time-limited deals to not only help you save on our tools but also improve collaboration with your colleagues.  Here’s what we have in store for you this time.  Hunter Plan: Two Subscriptions for the Price of One  Hunter plan is designed for individual users, […]

The post Black Friday 2024 at ANY.RUN appeared first on ANY.RUN's Cybersecurity Blog.

近日DEF CON大会上启动的Franklin项目旨在利用顶尖黑客的技能，帮助水务公司修复系统漏洞，增强关键基础设施的安全性。

Wireshark, the popular network protocol analyzer, has reached version 4.4.2. It is used for troubleshooting, analysis, development and education. The following vulnerabilities have been fixed: wnpa-sec-2024-14 FiveCo RAP dissector infinite loop. wnpa-sec-2024-15 ECMP dissector crash. Updated protocol support: ARTNET, ASN.1 PER, BACapp, BT BR/EDR, CQL, DOF, ECMP, ENIP, FiveCo RAP, Frame, FTDI FT, HSRP, HTTP/2, ICMPv6, IEEE 802.11, MBTCP, MMS, MPEG PES, PN-DCP, POP, ProtoBuf, PTP, RPC, RTCP, SIP, SRT, Syslog, TCP, UMTS RLC, USB … More →

The post Wireshark 4.4.2: Security updates, bug fixes, updated protocol support appeared first on Help Net Security.

业务实现性能提升20% 、成本优化35%，揭秘火山引擎 HTTPDNS 边缘云原生技术实践