Aggregator

GEEKCON 2024 上海站于10月24日在上海举行。今年GEEKCON 2024 上海站再设"深蓝洞察之特别披露"、"漏洞与利用 DAF 挑战赛"、"30+5 深度分享"、"AI与黑客挑战赛"和

在数字化时代，网络安全已经成为全球关注的焦点。随着互联网技术的飞速发展，网络空间的安全问题日益凸显，对个人隐私 […]

A vulnerability classified as problematic was found in Cisco TelePresence Management Suite. Affected by this vulnerability is an unknown functionality of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2023-20248. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Better Comments Plugin up to 1.5.5 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-2402. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.0. Affected is the function dasd_alias_get_start_dev of the component s390. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-48636. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.70/5.19.11/6.0. This vulnerability affects the function __qlt_24xx_handle_abts of the component qla2xxx. The manipulation leads to memory leak. This vulnerability was named CVE-2022-48650. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Logpoint up to 7.3.x. It has been rated as problematic. This issue affects some unknown processing of the component Shared Widgets. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-30176. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nuki Bridge up to 1.8.0/1.9.1. It has been rated as critical. This issue affects some unknown processing of the component JTAG. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2022-32503. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oxygen XML Web Author and Content Fusion. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-25662. The attack can be launched remotely. There is no exploit available.

AuditForge AuditForge (PwnDoc fork) is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to search...

The post auditforge: A pentest reporting application appeared first on Penetration Testing Tools.

What is Acra Acra helps you easily secure your databases in distributed, microservice-rich environments. It allows you to selectively encrypt sensitive records with strong multi-layer cryptography, detect potential intrusions and SQL injections and cryptographically compartmentalize...

The post Acra: database protection suite appeared first on Penetration Testing Tools.

Dr. Memory: the memory debugger Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside of allocated heap units...

The post drmemory: Memory Debugger for Windows, Linux, Mac, and Android appeared first on Penetration Testing Tools.

NSFOCUS Showcases Two Groundbreaking Topics at SAS 2024: An In-Depth Analysis of the DarkCasino APT Group and the Evolution of New Botnets. SANTA CLARA, Calif., October 30, 2024 – The 17th Security Analyst Summit (SAS), a premier global event focused on cybersecurity, recently concluded in Bali, Indonesia, where NSFOCUS was invited to participate. As the […]

The post NSFOCUS Showcases Two Groundbreaking Topics at SAS 2024 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS Showcases Two Groundbreaking Topics at SAS 2024 appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Cisco Video Surveillance Manager. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2013-3429. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Database Server 10.1.0.3 and classified as critical. This issue affects some unknown processing of the file sys.dbms_cdc_ipublish.create_scn_change_set. The manipulation of the argument CHANGE_SET_NAME leads to sql injection. The identification of this vulnerability is CVE-2005-1197. The attack may be initiated remotely. There is no exploit available.

由清华大学网络科学与网络空间研究院、奇安信集团、蚂蚁集团、广东联通、百度安全、赛尔网络、北京航空航天大学国家卓越工程师学院主办，复旦大学计算机科学技术学院、西安交通大学、腾讯安全应急响应中心、北京蓝莲

The post How Security Automation Platforms Streamline SOC Operations appeared first on AI-enhanced Security Automation.

The post How Security Automation Platforms Streamline SOC Operations appeared first on Security Boulevard.

複数のFortinet製品に関する脆弱性（悪用あり）が公開されています。対象となる製品およびバージョンは多岐にわたります。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は開発者が提供する情報を参照してください。

Normalyze’s AI-Powered DSPM Technology Boosts Proofpoint’s Data Visibility, Control
Proofpoint will acquire DSPM startup Normalyze to strengthen its data security offerings across cloud, SaaS and hybrid environments. The company aims to give security teams enhanced visibility, control and human-centric risk reduction for sensitive data across complex infrastructures.