Aggregator

CVE-2002-0233 | eshare Expressions 1.0/2.0 HTTP Request path traversal (XFDB-8079 / BID-4029)

Vuldb Updates
10 months 3 weeks ago
A vulnerability has been found in eshare Expressions 1.0/2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2002-0233. The attack can be launched remotely. There is no exploit available. It is recommended to apply restrictive firewalling.
vuldb.com

Palo Alto Networks extends security into harsh industrial environments

Help Net Security
10 months 3 weeks ago

The convergence of IT and operational technology (OT) and the digital transformation of OT have created new opportunities for innovation and efficiency in critical Industrial Automation and Control Systems. However, these advancements also broaden the potential attack surface, making it even more crucial to improve and extend security for OT environments. Palo Alto Networks introduced new capabilities in its OT Security solution, including the industry’s only fully integrated, risk-based guided virtual patching solution, powered by … More →

The post Palo Alto Networks extends security into harsh industrial environments appeared first on Help Net Security.

Industry News

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

The Hackers News
10 months 3 weeks ago
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts. Tracked under the names BlackWidow, IceNova, Lotus,
The Hacker News

李彦宏预测 AI 是另一个泡沫,99% 的 AI 公司会在泡沫破裂时面临倒闭

Solidot
10 months 3 weeks ago
百度 CEO 李彦宏在哈佛商评举办的 Future of Business 会议上预测 AI 是另一个泡沫,99% 的 AI 公司会在泡沫破裂时面临倒闭的风险,只有 1% 的公司能生存下来。AI 泡沫有多大,可以用该行业最主要芯片供应商英伟达的市值作为参考,英伟达的市值在两年内增长了十倍,从 3000 亿美元增至 3.4 万亿美元。一辆火车能搭载的乘客是有限制的,李彦宏称,AI 行业的泡沫类似 90 年代和移动互联网市场的泡沫。他认为这段不确定的时期是健康的,将会清除掉 AI 市场中不符合消费者需求的虚假创新或产品。他认为 AI 取代人类工作至少需要 10 到 30 年的时间。

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

The Hackers News
10 months 3 weeks ago
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to "gain SSH access to the victim's machine by writing the attacker’s SSH public key in the root user’s authorized_keys file," software supply
The Hacker News

CVE-2024-35308 | Artica Pandora FMS up to 777.2 Plugin Edition path traversal

VulDB Recent Entries
10 months 3 weeks ago
A vulnerability was found in Artica Pandora FMS up to 777.2. It has been classified as critical. This affects an unknown part of the component Plugin Edition. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-35308. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-9987 | Artica Pandora FMS up to 777.2 agents_modules_csv filters sql injection

VulDB Recent Entries
10 months 3 weeks ago
A vulnerability was found in Artica Pandora FMS up to 777.2 and classified as critical. Affected by this issue is some unknown functionality of the file extensions/agents_modules_csv. The manipulation of the argument filters leads to sql injection. This vulnerability is handled as CVE-2024-9987. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

梆梆安全荣获“2024年中国互联网成长型前二十家企业”

嘶吼
10 months 3 weeks ago

2024年10月17日,由中国互联网协会举办的《中国互联网企业综合实力指数(2024)》发布会在厦门成功召开,中国互联网协会副秘书长裴玮在会上正式发布了《中国互联网企业综合实力指数(2024)》报告,梆梆安全成功入选“2024年中国互联网成长型前二十家企业”

中国互联网协会副秘书长裴玮指出,自2013年以来,中国互联网协会已连续12年开展中国互联网企业综合实力指数研究工作,获得了政府部门、行业机构、业界专家的广泛关注和认可。2024年中国互联网成长型企业发展主要呈现以下特征:一是业务规模高速扩张。二是研发力度加大倾斜。三是业务形态丰富多元。

梆梆安全自2010年成立以来,始终以客户为中心,开创、繁荣了移动应用安全蓝海市场,建立了全面的移动应用安全防护生态体系,并在业务上形成了以移动安全为主体,联动安全服务和物联网安全的“一体两翼”业务体系,以及由技术、产品、解决方案和咨询服务构成的“四位一体”产研体系

梆梆安全率先提出了基于“全生命周期全渠道移动应用安全建设”的技术防护理念,通过风险环境和异常行为的深度分析,精准发现复杂攻击并快速响应。移动应用安全建设矩阵涵盖了Android、iOS、鸿蒙App及H5、小程序、轻应用等,以及外发Android SDK和iOS SDK,由第三方引入的Android/iOS SDK

同时,梆梆安全可以针对移动安全开发上线的整个生命周期(编码、测试、发布、运维、人工服务)提供全方位安全建议,确保上线应用的安全与合规,防止应用被反编译或调试,确保App符合相关的个人隐私监管要求。

目前,梆梆安全拥有10万家以上企业及开发者用户,安全技术覆盖的移动应用软件超过100万,这些应用已经累计安装在10亿个移动终端上,用户遍及金融、互联网、物联网、政府、运营商、企业、医疗、能源、教育等各大行业。

未来,梆梆安全将继续秉承“稳如泰山,值得托付”的服务观,持续加大研发投入和技术创新,积极探索移动安全的创新范式,精进产品能力,让更加标准化、智能化的安全解决方案走进真实的业务场景,让数字经济赋能数字中国高质量发展!

梆梆安全

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

Help Net Security
10 months 3 weeks ago

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and 1.6.7. The email carrying the exploit was sent in June 2024. About CVE-2024-37383 Roundcube is an open-source, browser-based IMAP client with a user interface that makes it look like a standalone application. CVE-2024-37383 is a … More →

The post Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) appeared first on Help Net Security.

Zeljka Zorz

Делаем облако слов в терминале Linux

Securitylab.ru
10 months 3 weeks ago
В этой статье мы рассмотрим, как можно быстро и просто создавать изображения с облаками слов. Мы шаг за шагом покажем процесс установки, настройки и использования программ, а также поделимся идеями для создания уникальных изображений с текстом.

Managed ad