Aggregator

WhatsApp for Windows 最新版本中存在一个安全问题，允许发送 Python 和 PHP 附件

7月29日，微软发出警告指出勒索软件的犯罪团伙正在利用VMware ESXi中的一个身份验证绕过漏洞来进行攻击。该安全漏洞被追踪为CVE-2024-37085。

2024 年新修订的《中华人民共和国保守国家秘密法》（以下简称《保密法》）在深入总结党的十八大以来保密工作重大理论和实践成果的基础上，对多个方面做出了调整和完善。

近日，CrowdStrike最新报告显示约3%的设备错过“抢救时机”，至今未能从此前的CrowdStrike软件更新引发的全球性系统崩溃事件中恢复。

全球移动设备和应用安全知名企业Zimperium, Inc.于7月29日发布最新研究报告。

巴黎奥运会期间，法国境内关基设施屡遭破坏，日前境内长途光纤电缆遭遇“重大破坏”，导致多地网络出现“显著减速”。

Google has rolled out a new security update for its Chrome browser, addressing several critical vulnerabilities. The update on the Stable channel brings Chrome to version 127.0.6533.88/89 for Windows and Mac, and 127.0.6533.88 for Linux. The update will be distributed over the coming days and weeks. Critical Vulnerabilities Addressed According to Chrome reports, the latest […]

The post Chrome Security Update: Patch for Critical Flaw that Leads to Exploitation appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

建议用户定期根据排查步骤对 X 账号进行授权排查，加强账号的安全性。

A sophisticated phishing campaign with Tycoon 2FA Phish-kit has been identified, leveraging Amazon Simple Email Service (SES) and a series of high-profile redirects to steal user credentials. The attack chain, meticulously designed to evade detection, involves multiple stages and utilizes various compromised domains and services. According to the Phishing sample analysis, The phishing attack begins […]

The post Beware! Tycoon 2FA Phish-kit Exploits Amazon SES to Steal User Credentials appeared first on Cyber Security News.

Security researchers have uncovered a critical vulnerability affecting over one million websites. The vulnerability combines OAuth implementation flaws with cross-site scripting (XSS) attacks. The vulnerability stems from the interaction between OAuth, a widely used authentication protocol, and XSS, a long-standing web security issue. While XSS attacks have become less prevalent due to improved security measures, […]

The post Critical OAuth Vulnerability Exposes 1 Million Sites to XSS Attacks appeared first on Cyber Security News.

美国消费者产品安全委员会 (CPSC) 的测试发现，亚马逊平台销售的逾 40 多万件第三方产品存在严重安全风险，会导致死亡和触电，但亚马逊未能充分警告其客户。CPSC 投票一致决定让亚马逊对第三方卖家的缺陷产品承担法律责任，亚马逊被要求制定召回这些危险商品的计划，该计划将需要获得 CPSC 的批准，相关产品包括了高度易燃的儿童睡衣、有故障的一氧化碳探测器，可能导致触电的不安全吹风机，CPSC 担心这些问题商品在美国家庭中仍然被广泛使用。对这一裁决亚马逊已经表示将上诉。相关商品的销售发生在 2018-2021 年之间，亚马逊没有召回而是发出了警告，向受影响客户提供了礼品卡，让他们自行销毁商品。

2024年巴黎奥运会的应用程序正在追踪用户、提取私人数据，并将其出售给广告商和大型科技公司。

A vulnerability was found in CoolKit eWeLink Cloud Service up to 2.18.x. It has been rated as problematic. This issue affects some unknown processing of the component Homepage Module. The manipulation leads to insertion of sensitive information into sent data. The identification of this vulnerability is CVE-2024-7205. The attack may be initiated remotely. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves. It is recommended to upgrade the affected component.

Экстремальные условия позволили смоделировать формирование уникального вещества.

A vulnerability was found in HTML Forms Plugin up to 1.3.33 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-6412. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

SolarWinds has recently addressed 8 critical vulnerabilities pertaining to its Access Rights Manager (ARM) software. This SolarWinds patch has been released prior to the SolarWinds security flaws being exploited in the wild. In this article, we’ll focus on what that patch entails and what the consequences would have been if the vulnerabilities were exploited. SolarWinds […]

The post SolarWinds Patch: Critical ARM Flaws Fixed Before Exploits appeared first on TuxCare.

The post SolarWinds Patch: Critical ARM Flaws Fixed Before Exploits appeared first on Security Boulevard.

A vulnerability was found in User Profile Builder Plugin up to 3.11.8 on WordPress. It has been classified as critical. This affects an unknown part of the component User Registration Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-6695. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in 10Web Slider Plugin up to 1.2.56 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-6408. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SpiderContacts Plugin up to 1.1.7 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6272. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WANotifier Plugin up to 2.6.0 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-6165. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.