Aggregator

A vulnerability was found in funadmin 5.0.2. It has been rated as critical. This issue affects some unknown processing of the file /curd/table/fieldlist. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-48223. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in funadmin 5.0.2. It has been classified as critical. This affects an unknown part of the component Curd One Click Command Mode Plugin. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-48229. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in funadmin 5.0.2. It has been declared as problematic. This vulnerability affects unknown code of the component Curd. The manipulation leads to denial of service. This vulnerability was named CVE-2024-48227. The attack needs to be done within the local network. There is no exploit available.

Lakesight Technologies Holding GmbH Has Been Claimed a Victim to MEDUSA Ransomware

A vulnerability was found in funadmin 5.0.2 and classified as critical. Affected by this issue is some unknown functionality of the file curd/table/savefield. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-48226. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in funadmin 5.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /curd/table/edit. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-48222. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in funadmin 5.0.2. Affected is an unknown function of the file /curd/table/list. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-48218. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in AIML Chatbot up to 1.0. This issue affects some unknown processing. The manipulation of the argument message leads to cross site scripting. The identification of this vulnerability is CVE-2024-48396. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in mipjz 5.0.5. This vulnerability affects unknown code of the file \app\setting\controller\ApiAdminSetting.php. The manipulation of the argument ICP leads to cross site scripting. This vulnerability was named CVE-2024-48233. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in funadmin 5.0.2. This affects the function index of the file \backend\controller\auth\Auth.php. The manipulation of the argument parentField leads to sql injection. This vulnerability is uniquely identified as CVE-2024-48230. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Pallets Werkzeug up to 3.0.5. It has been rated as problematic. Affected by this issue is the function werkzeug.formparser.MultiPartParser of the component Form Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-49767. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mipjz 5.0.5. It has been declared as problematic. Affected by this vulnerability is the function mipPost of the file \app\setting\controller\ApiAdminTool.php. The manipulation of the argument postAddress leads to server-side request forgery. This vulnerability is known as CVE-2024-48232. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Pallets Werkzeug up to 3.0.5. It has been classified as problematic. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-49766. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.

Lulzsec Arabs Targeted the IT Security Guru UK and Bloomberg Radio USA

British security provider Sophos plans to acquire Dell subsidiary Secureworks in an all-cash transaction valued at approximately $859 million. The deal, announced in a joint release on Monday, will grant Sophos control over Secureworks’ Taegis Extended Detection and Response (XDR) platform, a platform aimed at enhancing threat detection for medium to large enterprises. Sophos, which..

The post Sophos Acquires Dell’s Secureworks for $859 Million appeared first on Security Boulevard.

SMS Impersonation Scam Victims Must Be Made Whole
Singapore regulators gave banks six months to institute real-time detection tools for blocking impersonation scams or else assume liability for stolen funds. A finalized framework published Thursday also shifts liability onto island-nation telecoms unless they block fraudulent SMS messages

Top Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security
Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data breach investigation - critical areas for enterprises seeking resilient data security solutions.

How Might Election Outcome Affect HHS' Healthcare Cyber Work?
Regardless of who wins the upcoming Presidential election, one thing is apparent: As the final months of the Biden administration wrap up, regulators at the agency charged with enforcing HIPAA are racing to complete unfinished work they deem as critically important to healthcare sector cyber.

Rust-Based Ransomware Employs Aggressive Anti-Detection Tactics
Operators of a Russian-speaking ransomware group launched a new encryptor with enhanced measures for defeating cyber defenders including wiping logs, disrupting backup systems and stopping decryption without insiders knowledge. The same group disrupted London hospitals in a July attack.