Aggregator

A vulnerability was found in Red Hat Ansible Automation Platform 2.5. It has been classified as critical. This affects an unknown part of the component OAuth2 Token Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-11483. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Apache Struts up to 2.2.3.0. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2013-2115. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.9. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-53114. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.112/6.6.56/6.11.3. It has been declared as critical. This vulnerability affects the function vc4_perfmon_close_file of the component File Descriptor Handler. The manipulation leads to uncontrolled file descriptor consumption. This vulnerability was named CVE-2024-50187. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.11.7. This affects the function tpm_pm_suspend. The manipulation leads to insufficiently random values. This vulnerability is uniquely identified as CVE-2024-53085. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.112/6.6.56/6.11.3 and classified as problematic. Affected by this issue is some unknown functionality of the component DA_ID Handler. The manipulation leads to race condition. This vulnerability is handled as CVE-2024-50183. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.1. It has been declared as critical. This vulnerability affects unknown code of the component af_bluetooth. The manipulation leads to deadlock. This vulnerability was named CVE-2024-26886. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

APT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT
A suspected South Asian threat actor targeted a Turkish defense organization, deploying malware via a RAR archive and using alternate data streams to deliver remote access Trojans. The group previously targeted multiple countries including China, India, Pakistan and Bangladesh.

Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps
The integration of Tidelift into Sonar's ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code.

Federal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025
The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack.

Regulators Say NIST's 2035 Deadline for Insecure Encryption Could Be Too Late
Australia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 - five years earlier than the deadline set by National Institute of Standards and Technology in the U.S.

关键词数据泄露据BleepingComputer消息，当地时间12月17日，爱尔兰数据保护委员会（DPC）以Facebook涉嫌泄露2900万用户个人数据，违反了《通用数据保护条例（GDPR）》相关规

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

关键词间谍软件据以色列新闻媒体报道，一家美国私募股权公司已完成对以色列间谍软件公司Paragon的收购交易。关于AE Industrial Partners这家私募股权巨头为Paragon支付了多少，

关键词数据泄露数世咨询与零零信安联合发布了基于0.zone安全开源情报系统的《数据泄露态势》月度报告，报告涵盖的监控范围包括明网、深网、暗网、匿名社群等约10万个威胁源。根据报告，美国成为数据泄露的最

Twee digitale rechercheurs van de marechaussee zijn teruggekeerd uit Oekraïne. Zij deden daar sinds medio november onderzoek naar mogelijke oorlogsmisdaden. Dat gebeurde onder de vlag van het Internationaal Strafhof. Een overzicht van Defensieoperaties in de week van 11 tot en met 17 december 2024.