Aggregator

Клиентам остаётся надеяться на лучшее, чтобы не потерять свои деньги.

肖棉文的故事，是华大基因信息安全建设的一个缩影，也是每一位信息安全人成长的缩影。

A vulnerability was found in TBB Taiwan Business Bank 2.04 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-6981. Access to the local network is required for this attack. There is no exploit available.

От падающих блоков к исцелению психологических травм за 20 минут.

A vulnerability was found in Cisco ATA 186. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Configuration Interface. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2002-0769. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

这个秋天，华为要用纯血鸿蒙和一台纯电 SUV 进入「金九银十」。

Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas. Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas in the country, likely due to an imminent full-scale strike. Following these warnings, massive bombings in southern […]

Глобальный профсоюз описал, как IT-гиганты создают новый мировой порядок.

A vulnerability classified as critical was found in Adobe Acrobat Reader up to 5.0.7. Affected by this vulnerability is the function WWWLaunchNetscape of the component Mailto Link Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2003-0508. The attack can be launched remotely. Furthermore, there is an exploit available.

Full Disclosuremailing list archivesFrom: Thomas Weber via Fulldisclosure

Full Disclosuremailing list archivesFrom: arfaoui haythem

A vulnerability, which was classified as critical, has been found in Cisco Unified Communications Manager. This issue affects some unknown processing. The manipulation leads to improper input validation (iframe). The identification of this vulnerability is CVE-2016-6440. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Lehigh Valley Health Network Will Pay 134,000 Victims of Ransomware Attack and Leak
A Pennsylvania-based healthcare system that was hacked by ransomware group BlackCat in 2023 and extorted over stolen exam photos of breast cancer patients posted to a data leak site has agreed to pay $65 million under a proposed settlement of a lawsuit affecting 134,000 patients and employees.

Attackers Could Shut Down Operations Or Cause Physical Damage
A severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code. The vulnerability is rated 8.8 on the CVSS v4 scale. The U.S. Cybersecurity and Infrastructure Security Agency advised immediate patching.

Austria, Estonia, Lithuania and the Netherlands Join the Coalition Formed in March
Four more European Union nations have joined a United States government-led initiative lanched in March to tackle spyware misuse globally. The move came amid growing criticisms of the European Commission's failure to curb the EU's prolific spyware market.

Embattled CEO Pavel Durov Says Telegram Will Released IP Addresses, Phone Numbers
Embattled Telegram CEO Pavel Durov signaled a more cooperative relationship with law enforcement, telling users Monday the messaging service will provide IP addresses and phone numbers "in response to valid legal requests." Durov faces criminal charges in France.

SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If

The US Commerce Department wants to prohibit the sale or import of connected vehicles with Russian or Chinese-made hardware and software

A vulnerability was found in MyCMS 0.9.8. It has been classified as critical. Affected is an unknown function of the file games.php of the component Login. The manipulation of the argument score leads to code injection. This vulnerability is traded as CVE-2007-3586. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

俄罗斯军方计划上周在普列谢茨克航天发射场试射 RS-28 Sarmat 洲际弹道导弹。上周末拍摄的商业卫星图像显示，导弹在发射前或发射过程中爆炸。这是俄罗斯 RS-28 Sarmat 导弹在不到两年时间里至少第二次发射失败。此前俄罗斯国家杜马主席发出隐晦威胁，如果欧洲批准乌克兰向俄发射远程武器，俄罗斯将用该型号导弹对付欧洲。卫星照片显示，导弹发射井被严重破坏。RS-28 是俄罗斯最大型的洲际导弹，高 35 米，能将弹头发射到 1.8 万公里的目标，它能携带最多 10 枚大型弹头、16 枚小型弹头、弹头和反制的组合、或高超音速助推滑翔器。俄罗斯没有披露导弹的发射时间，而卫星照片显示上周四发射场地遭到严重损坏。分析师估计，发射尝试可能是 9 月 19 日，大火持续了 24 小时。俄罗斯尚未承认此次事故。