Aggregator

Adaptiva improves collaboration between IT and security teams with vulnerability dashboards

Help Net Security
11 months ago

Adaptiva announces the latest feature release for OneSite Patch: vulnerability dashboards. These new dashboards provide real-time visibility into Common Vulnerabilities and Exposures (CVEs) in the environment and patches that can remediate them–empowering organizations to find and fix vulnerabilities efficiently. IT and security teams often struggle to obtain real-time data that unifies vulnerability discovery and remediation status within the IT environment. This includes understanding how many vulnerabilities have available patches and the deployment status of those … More →

The post Adaptiva improves collaboration between IT and security teams with vulnerability dashboards appeared first on Help Net Security.

Industry News

Marriott Pays $52M to Settle US States' Breach Litigation

DataBreachToday.com
11 months ago
Hotel Chain Also Settles with Federal Trade Commission
The world's largest hotel chain agreed Wednesday to pay $52 million and conduct two decades of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The multi-million payout is part of a settlement reached with 50 U.S. attorneys general.

CVE-2024-9805 | code-projects Blood Bank System 1.0 /admin/campsdetails.php hospital/address/city/contact cross site scripting

VulDB Recent Entries
11 months ago
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The identification of this vulnerability is CVE-2024-9805. The attack may be initiated remotely. Furthermore, there is an exploit available. The initial researcher advisory only mentions the parameter "hospital".
vuldb.com

CVE-2024-9804 | code-projects Blood Bank System 1.0 /admin/campsdetails.php hospital sql injection

VulDB Recent Entries
11 months ago
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. This vulnerability was named CVE-2024-9804. The attack can be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
11 months ago

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access. The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation. According to the Broadcom report, the advisory, VMSA-2024-0020, was initially published on October 9, 2024, and highlights the moderate severity […]

The post Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2024-9803 | code-projects Blood Bank Management System 1.0 blooddetails.php Availibility cross site scripting

VulDB Recent Entries
11 months ago
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file blooddetails.php. The manipulation of the argument Availibility leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9803. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Security Affairs
11 months ago
Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines. Firefox Animation Timelines is a feature […]
Pierluigi Paganini

Zoom 将让 AI 化身代替你出席虚拟会议

Solidot
11 months ago
视频会议服务提供商 Zoom 准备让你的 AI 化身代替你出席虚拟会议。作为扩大 AI 计划的一部分,Zoom 宣布将很快允许用户创建自己的 AI 化身,用虚拟化身向团队成员发送简短消息。为了创建数字化身,用户首先需要录制视频,AI 将利用视频制作一个从外表和声音都像用户的化身。用户可以写下想要让 AI 化身说的消息,让其代替用户完成所有对话。该功能仅适用于 Zoom 的 Clips 功能,允许用户为同事录制简短视频更新。

CVE-2024-9799 | SourceCodester Profile Registration without Reload Refresh 1.0 add.php cross site scripting

VulDB Recent Entries
11 months ago
A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation of the argument email_address/address/company_name/job_title/jobDescriptionparameter leads to cross site scripting. This vulnerability is known as CVE-2024-9799. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-9794 | Codezips Online Shopping Portal 1.0 /update-image1.php productimage1 unrestricted upload

VulDB Recent Entries
11 months ago
A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The identification of this vulnerability is CVE-2024-9794. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Fortinet凭借最高执行力再夺Gartner SD-WAN魔力象限领导者

嘶吼
11 months ago

近日,专注于推动网络与安全融合的全球化网络安全企业Fortinet宣布,在2024年Gartner SD-WAN魔力象限评选中,公司再次荣获“领导者”殊荣,实现四连冠。这是Fortinet连续第五年入选Gartner SD-WAN魔力象限领导者象限,同时也是业内唯一一家连续四年凭借最高执行力获得此殊荣的安全厂商。

超越四连冠多机构共证顶级地位

在全球数字化转型的浪潮中,Fortinet凭借其安全SD-WAN解决方案,连续五年荣获行业领导者殊荣,再次证明了其在广域网(WAN)领域的卓越实力。Fortinet的安全SD-WAN解决方案不仅支持用户在本地和云中实现弹性架构和灵活的安全部署,还通过高级机器学习技术,为用户提供了“数字化体验监控”的优势功能,助力广大用户实现广域网的顺畅转型。

不仅在Gartner SD-WAN魔力象限中脱颖而出,Fortinet的安全SD-WAN解决方案更是连续四载稳坐Gartner Peer Insights™ SD-WAN“客户之选”宝座,同时还收获了城域以太网论坛(MEF)颁发的至高“AAA”评级。这一系列辉煌成就,无疑是对Fortinet在SD-WAN领域内杰出贡献与深厚实力的权威认可。凭借其卓越的性能与前瞻性的创新能力,Fortinet的安全SD-WAN解决方案已在业界赢得了广泛的赞誉与尊重。

对此,Fortinet首席营销官John Maddison表示:“Fortinet再次荣获Gartner SD-WAN魔力象限领导者称号,这充分证明了我们在SD-WAN领域的领先地位和创新能力。我们始终致力于为用户提供顶尖的解决方案,以满足他们不断变化的需求。这份卓越成就源于我们对用户的坚定承诺和不懈努力。”

安全SD-WAN 引领高效安全组网

Fortinet的安全SD-WAN解决方案,以其创新的诸多优势,正在重塑安全组网新格局。这些优势不仅涵盖了强大的功能集成,还包含了向统一SASE架构的平滑过渡,以及生成式AI的突破性应用。它们共同推动了网络性能的飞跃,同时全面支持SD-Branch,为企业打造了一个既高效又安全的网络环境。这些优势的融合,不仅简化了网络管理,还确保了网络的灵活性和可扩展性,使Fortinet在安全组网领域独树一帜。

首先,Fortinet安全SD-WAN方案功能强大且高度融合。该方案在统一操作系统FortiOS和自研ASIC芯片技术的双重加持下,全面整合了下一代防火墙、零信任网络访问、应用程序网关和高级路由等优势功能。这一整合不仅简化了网络架构,降低了运维成本,还显著提高了跨广域网和云边缘的运营效率。企业无需再为多个独立系统投入大量资源,从而能够更专注于核心业务的发展。

同时,该方案支持客户无缝迁移至统一SASE架构,生成式AI助手FortiAI的集成更使其如虎添翼,不仅能够帮助用户高效编排和管理SD-WAN部署,还能优化从Day 0到Day 2的安全运营流程,大幅提升企业网络的自动化水平和响应速度。此外,方案还显著增强了网络性能,通过智能算法按需优化全网格网络,并具备自我修复功能,确保网络始终高效、稳定运行。该方案与Fortinet的接入点、安全以太网交换机、无线广域网和网络访问控制无缝集成,为用户提供了业内最安全、最易管理的远程分支机构网络解决方案。

展望未来,Fortinet将继续深耕网络和安全领域,持续创新,以卓越的功能和服务,全方位满足全球近百万客户的独特需求。Fortinet将跨Security Fabric平台,不断提升SD-WAN解决方案的性能和安全性,为用户提供更加高效、智能和安全的网络体验。


科技产业资讯

CVE-2024-9793 | Tenda AC1206 up to 15.03.06.23 /goform/ate ate_iwpriv_set/ate_ifconfig_set command injection

VulDB Recent Entries
11 months ago
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. This vulnerability was named CVE-2024-9793. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad