Aggregator

A Threat Actor Claims to have Leaked the Data of Constitutional Court of Indonesia

Authors/Presenters: Martin Pratt

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – National Labs Use Of XR appeared first on Security Boulevard.

Lou Morentin, VP of Compliance & Privacy There are a number of significant changes coming to Healthcare Cybersecurity requirements. While not all are finalized, they point the way towards Health and Human Services tightening the controls and requirements. Healthcare Cybersecurity: A Shift Towards Resilience The healthcare industry is facing an evolving threat landscape, with cyberattacks […]

The post New Guidelines: Cybersecurity Resilience in the Healthcare Industry appeared first on CISO Global.

The post New Guidelines: Cybersecurity Resilience in the Healthcare Industry appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in ABB ASPECT-Enterprise, NEXUS and MATRIX up to 3.08.02. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-48846. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WeGIA 3.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /configuracao/meio_pagamento.php. The manipulation of the argument id/name leads to cross site scripting. This vulnerability is handled as CVE-2024-53471. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Pegasystems Pega Infinity up to 24.2.0. Affected by this issue is some unknown functionality of the component Search. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10716. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WeGIA 3.2.0. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-53472. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WeGIA 3.2.0. It has been classified as problematic. Affected is an unknown function of the file /configuracao/gateway_pagamento.php. The manipulation of the argument id/name leads to cross site scripting. This vulnerability is traded as CVE-2024-53470. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Broadcast Plugin up to 51.01 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11379. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Flixita Plugin up to 1.0.82 on WordPress. This affects an unknown part. The manipulation of the argument id leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10836. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Video Gallery Plugin up to 2.4.1 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9769. The attack may be initiated remotely. There is no exploit available.

A critical security flaw in Sitevision CMS versions 10.3.1 and older has exposed SAML authentication signing keys, enabling potential authentication bypass and session hijacking. The vulnerability, tracked as CVE-2022-35202, stems from weak auto-generated passwords protecting Java keystores, which could be extracted and brute-forced to compromise private keys. Sitevision, a widely adopted content management system in […]

The post Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in Microsoft Edge. This issue affects some unknown processing. The manipulation leads to the ui performs the wrong action. The identification of this vulnerability is CVE-2024-49041. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in myCred Plugin up to 2.7.5.2 on WordPress. Affected by this vulnerability is the function mycred_send of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11201. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in ForumWP Plugin up to 2.1.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-10879. The attack can be launched remotely. There is no exploit available.