Aggregator

Home » Security Bloggers Network » USENIX Security ’23 – CipherH: Automated Detection of Cipherte

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis firm Chainalysis revealed that while overall on-chain illicit activity has decreased by nearly 20% year-to-date, stolen funds and ransomware significantly increased. Stolen funds inflows almost doubled, rising from $857 million to $1.58 billion, and ransomware […]

Ransomware payments rose from $449.1 million to $459.8 millionBlockchain analysis firm Chainal

error code: 1106

Microsoft has launched a new unified Teams application that allows Windows and Mac users to switch between personal, work, and education accounts without installing multiple apps. [...]

A Kentucky man who hacked into a state registry and faked his own death to avoid paying child suppo

A vulnerability classified as problematic was found in Pligg CMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file /admin/domain_management.php?whitelist_add. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-42612. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-8023. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #390087 / VDB-275292

A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The identification of this vulnerability is CVE-2024-8022. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #390127 / VDB-26313

Submit #389978 / VDB-26313

A vulnerability was found in Grafana and Grafana Enterprise up to 11.1.0/11.1.2. It has been declared as problematic. This vulnerability affects unknown code of the file plugin.json. The manipulation of the argument ReqActions leads to incorrect privilege assignment. This vulnerability was named CVE-2024-6322. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BlackBerry CylanceOPTICS 3.2/3.3 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2024-35214. It is possible to launch the attack on the local host. There is no exploit available.

Submit #389913 / VDB-275291

A vulnerability was found in Apache Helix Front and classified as problematic. Affected by this issue is some unknown functionality of the component express-session. The manipulation leads to use of hard-coded password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-22281. Access to the local network is required for this attack to succeed. There is no exploit available.

Hackers set up malicious banking applications that were nearly identical to legitimate European one

A vulnerability has been found in eScan Management Console 14.0.1400.2281 and classified as critical. Affected by this vulnerability is the function acteScanAVReport. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-42919. Access to the local network is required for this attack. There is no exploit available.

error code: 1106

A vulnerability, which was classified as problematic, was found in discourse-placeholder-theme-component. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43408. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.