Aggregator

A vulnerability was found in Linux Kernel up to 6.10.2. It has been classified as problematic. This affects the function nf_expect_get_id of the component ctnetlink. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-44944. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527  (CVSS score 10.0) in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns. The vulnerability is a template injection vulnerability that can allow remote […]

Threat actors exploit Atlassian Confluence bug in cryptomining campaignsThreat actors are acti

6月25日，Cybernews研究团队发现了一个包含超过1.7亿条敏感数据记录的数据集，这些数据被暴露在互联网上，所有人都可以访问。泄露的数据包括： 全名 电话号码 电子邮件 详细地址 技能 专业摘要 教育背景 工作经历 由于泄露的数据集被标记为“PDL”，因此数据泄露的线索指向位于旧金山的数据经纪公司 People Data Labs (PDL)。 该公司的网站声称其数据库涵盖了15亿个人档案，供各种企业用于市场营销、销售、招聘等活动。PDL自豪地宣称，其在150多个数据点上提供了“无与伦比的覆盖范围”。 虽然最终导致数据泄露的责任方仍不清楚，但必须强调的是，将Elasticsearch服务器配置为无密码状态是极为危险的。威胁行为者可以在几秒钟内发现此类暴露的数据，这将使个人面临身份盗窃和欺诈的风险，并增加他们成为网络钓鱼攻击目标的可能性。 Cybernews 研究团队表示：“数据经纪公司的存在本就备受争议，因为它们通常缺乏足够的审查和控制措施，无法确保数据不会落入不当之手。大规模的数据泄露使威胁行为者更容易、更便捷地滥用数据进行大规模攻击。” PDL此前已经遭遇了一次大规模数据泄露事件，该事件在2019年暴露了超过十亿条数据记录。这两次泄露源于一个相同的问题：一个暴露且未受保护的Elasticsearch服务器。当时，PDL否认对数据泄露负有责任。 此次泄露的数据集被标记为“Version 26.2”，表明它可能与之前的数据泄露有关。无论这次泄露是否直接来源于PDL，此类事件都会对数据经纪公司造成严重的声誉损害，削弱其与客户和合作伙伴之间的信任。 我们的研究人员补充道：“如果这是一起新的泄露事件，而不是第三方对 2019 年所泄露的数据的处理和丰富，那么这一事件将揭示公司在个人数据安全方面的严重疏忽。” Cybernews 已联系 PDL 以征求意见，正在等待其回复。 如果用户认为自己可能受到了数据泄露的影响，可以采取以下几个步骤来减轻潜在的危害。   消息来源：Cybernews，译者：YY；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-8345. The attack may be launched remotely. Furthermore, there is an exploit available.

Accenture and Google Cloud announced that their strategic alliance is advancing solutions for enterprise clients and seeing strong momentum across industries in two critical and related areas: GenAI and cybersecurity. As part of the announcement today, the two companies are increasing their investments in services that support businesses through every stage of their GenAI projects, including providing the expertise to determine optimal use cases, piloting projects for strategic innovation and deploying the engineering prowess needed … More →

The post Accenture expands partnership with Google Cloud to boost AI adoption and cybersecurity appeared first on Help Net Security.

Software development is a fast-paced world where progress is both a blessing and a curse. The latest versions promise new features, improved performance, and enhanced security, but they also come with significant challenges. For many organizations running their applications on end-of-life (EOL) Spring Framework 5.3 and Spring Boot 2.7, the prospect of upgrading to the […]

The post The Hidden Costs of Progress: Navigating the Challenges of Upgrading from Spring Framework and Spring Boot EOL Versions appeared first on TuxCare.

The post The Hidden Costs of Progress: Navigating the Challenges of Upgrading from Spring Framework and Spring Boot EOL Versions appeared first on Security Boulevard.

Submit #400192 / VDB-276224

Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam
This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.

Cybercriminal Group Claims to Have Published 100 Gigabytes of Agency's Stolen Data
Two months after RansomHub claimed to have published 100GBs of its stolen data on the dark web, the Florida Department of Health is notifying citizens that their sensitive information has been compromised. The attack affected the vital statistics system used to issue birth and death certificates.

Compliance Expert on Readiness, Compliance and Rapid Incident Reporting
The NIS2 Directive focuses on addressing gaps and strengthening the security of network and information systems across the European Union. NIS2 mandates rapid incident reporting and holds senior management accountable for cybersecurity, shifting responsibilities to the board level.

Proposed Legislation Divides Tech World, AI Experts, Lawmakers
California state lawmakers on Wednesday handed off a bill establishing first-in-the-nation safety standards for advanced artificial intelligence models to their Senate counterparts after weathering opposition from the tech industry and high-profile Democratic politicians.

A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2024-8344. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save_client of the component User Registration Handler. The manipulation of the argument email leads to sql injection. This vulnerability is traded as CVE-2024-8343. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #400185 / VDB-276223

Home在线应用pin.gl – 超低延迟屏幕共享，只需3秒，分享你的桌面和摄像头

2024羊城杯wp-Crypto AK篇

Submit #399711 / VDB-276222