Aggregator

A vulnerability was found in Oracle MySQL Server up to 5.7.14. It has been classified as problematic. Affected is an unknown function of the component Optimizer. The manipulation leads to denial of service. This vulnerability is traded as CVE-2016-5632. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Mobile phishing attacks are on the rise, with 82% of phishing sites now targeting mobile devices, marking a 7% increase over the past three years.

The post Mobile Phishing Attacks Explode, Enterprise Devices Targeted appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Tufat FlashBB 1.1.5. This affects an unknown part of the file phpbb/sendmsg.php. The manipulation of the argument phpbb_root_path leads to memory corruption. This vulnerability is uniquely identified as CVE-2007-3697. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

NETSCOUT announced enhancements to its nGenius Enterprise Performance Management solution, which includes a new notification center that helps streamline and automate alerts and contextual workflows to identify and resolve problems faster. Secured Reliable Transport (SRT) was added to support live video streaming, and additional supervisory control and data acquisition (SCADA) protocols were added to support international utility networks. Performance degradations, application unavailability, and lengthy outages can have a crippling effect on any business. Organizations need … More →

The post NETSCOUT’s nGeniusONE notification center streamlines and automates alerts appeared first on Help Net Security.

速修复

其中3个无修复方案

A vulnerability has been found in Nobexrc Master Mix 3.3.5 and classified as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7007. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in apheliontechnologies HydFM 1.1.9. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7006. The attack can only be initiated within the local network. There is no exploit available.

9月21日，2024年度关键信息基础设施安全保护论坛，在北京圆满落下帷幕，取得圆满成功。

本文探讨了为什么入职流程和新员工对网络犯罪分子来说具有吸引力，确定入职期间风险最高的领域，并了解减轻这些风险的最佳做法。

Разработчики ПО могут получить особый статус.

卷入 FTX 加密货币交易所金融欺诈案的公司高管 Caroline Ellison 被判两年徒刑，她是公司联合创始人 Sam Bankman-Fried(SBF) 的前女友。SBF 此前被判了 25 年徒刑。作为认罪协议的一部分，Ellison 承认了电信欺诈和洗钱在内的指控，并作证指控了 SBF。她还被没收了 110 亿美元。Ellison 面临的最高刑期是 110 年，她在法庭上向受害者道歉，称其大脑甚至无法理解她所造成伤害的规模。FTX 成立于 2019 年，两年后就发展成为全球第三大加密货币交易所，估值为 320 亿美元。2022 年财务困境的流言引发了挤兑，随后暴露了 SBF 的欺诈罪行，他转移了客户的存款用于购买房产、投资和政治捐款。Ellison 是 SBF 最亲密的合伙人，她的作证是 SBF 迅速定罪的重要原因。

CISA adds critical Ivanti bug to its Known Exploited Vulnerabilities catalog

A vulnerability classified as problematic was found in BE126 WiFI Repeater 1.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument getpage as part of Parameter leads to information disclosure. This vulnerability is known as CVE-2017-8770. The attack can be launched remotely. Furthermore, there is an exploit available.

ManageEngine announced a significant upgrade to its flagship IT analytics solution, Analytics Plus. Version 6.0 introduces Spotlight, a contextual recommendations engine powered by AI, designed to identify key inefficiencies in IT operations and suggest corrective strategies. The 2023 State of Analytics Engineering report found that time to business insight is the biggest challenge for nearly 50% of surveyed directors. Spotlight dramatically reduces the time IT managers and CIOs spend analyzing various IT metrics and coming … More →

The post ManageEngine Analytics Plus 6.0 identifies key inefficiencies in IT operations appeared first on Help Net Security.

Millions of Customers Will Also Be Offered Monitoring of Genetic Data on Dark Web
Genetics testing firm 23andMe will offer cash payments to millions of individuals whose sensitive data was compromised in a 2023 credential stuffing incident. Under the proposed $30 million lawsuit settlement, affected customers will also be offered dark web monitoring of their genetic data.