Aggregator

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately […]

Skip to contentWordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engin

A vulnerability was found in PHPOffice PhpSpreadsheet up to 1.29.1/2.1.0. It has been declared as problematic. This vulnerability affects unknown code of the component XLSX File Handler. The manipulation leads to absolute path traversal. This vulnerability was named CVE-2024-45290. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPOffice PhpSpreadsheet up to 1.29.1/2.1.0. It has been rated as problematic. This issue affects the function setEmbedImages of the component XLSX File Handler. The manipulation leads to absolute path traversal. The identification of this vulnerability is CVE-2024-45291. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHP up to 8.1.29/8.2.23/8.3.11 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2024-8925. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows Server 2022 23H2. It has been rated as critical. Affected by this issue is some unknown functionality of the component OpenSSH. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2024-38029. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Azure Monitor Agent. This affects an unknown part. The manipulation leads to link following. This vulnerability is uniquely identified as CVE-2024-38097. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Power BI Report Server and classified as critical. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-43481. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows up to Server 2022 23H2. Affected by this vulnerability is an unknown functionality of the component Secure Kernel Mode. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-43528. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. This affects an unknown part of the component Remote Registry Service. The manipulation leads to not failing securely. This vulnerability is uniquely identified as CVE-2024-43532. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

MongoDB Queryable Encryption allows customers to securely encrypt sensitive application data and store it in an encrypted format within the MongoDB database. It also enables direct equality and range queries on the encrypted data without the need for cryptographic expertise. Adding range query support expands data retrieval options, allowing for more powerful search capabilities. You can configure Queryable Encryption using the following methods: Automatic encryption: Allows encrypted read and write operations to be performed seamlessly, … More →

The post MongoDB Queryable Encryption now supports range queries on encrypted data appeared first on Help Net Security.

加拿大多伦多大学公民实验室分析了腾讯微信的加密协议。微信早期使用了被称为“业务层加密”的自制协议，后来在业务层加密之上又加入了一层 MMTLS 加密，今天的微信同时使用了业务层加密和 MMTLS。MMTLS 是基于 TLS 1.3，微信开发者修改了 TLS 1.3 的密码学机制，在部分修改当中引入了弱点。研究人员指出，中国的应用广泛地使用自制加密法。一般状况下，选择不使用业界标竿的 TLS，并且发展自制非标准加密法，与业界公认安全的最佳做法背道而驰。MMTLS 的情况与之类似，研究人员对此表达担忧。

A vulnerability, which was classified as critical, was found in Garip Ve Ilginc Olaylar 0.1. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-7748. The attack can only be initiated within the local network. There is no exploit available.

Битва за раскопки может привести к крупной судебной тяжбе.

面对攻击者不断加码的攻击量级和手段，企业必须积极采取策略，守卫云上网络环境。

A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2024-10068. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

error code: 1106

Submit #419684 / VDB-280716

世事变化无常。在科技行业，今天你拿着高薪，但明天你可能就被解雇了。如果你在薪水最高房价最高的时间点贷款买了豪宅，那么降薪失业房价下跌会对你的精神造成巨大的冲击。美国国家经济研究局（National Bureau of Economic Research，NBER）的研究显示，高收入通常是短暂的，而低收入则是永久性的。美国皮尤研究中心的一项研究显示，过去几十年高收入人群就业流动性显著下降，收入最高的五分之一人中每年只有 7.2% 更换工作，而收入最低的五分之一人中换工作的比例为 13.3%。虽然高收入人群在被解雇后更有可能找到新工作，但新工作也更有可能降薪。富有是一种被动收入高于消费的状况，而高薪者的生活依靠的主动收入，主动收入是有风险是无法一直持续的，你需要控制收入，让收入多元化，这都需要规划。

A company has fallen victim to a cyberattack after unknowingly hiring a North Korean cybercriminal as a remote IT worker. The unidentified firm, based in the UK, US, or Australia, discovered the breach after the hacker downloaded sensitive data and issued a ransom demand. The incident highlights the growing threat of North Korean operatives infiltrating […]

The post Organization Hacked Following Accidental Hiring of North Korean Remote IT Worker appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.