Aggregator

The true measure of our cybersecurity prowess lies in our capacity to endure.

本次微访谈于11月1日举行，邀请了8位来自一线的业界专家分享智能化开发方面的实践经验。

Под угрозой конфиденциальная информация тысяч болельщиков.

Introduction APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. In recent campaigns, APT36 utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has significantly […]

The post Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT appeared first on Check Point Research.

A vulnerability classified as problematic has been found in OpenBSD 4.1. Affected is an unknown function. The manipulation of the argument cmd leads to cross site scripting. This vulnerability is traded as CVE-2007-6700. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Рост популярности системы дал новый ход хакерам и вирусам.

A vulnerability has been found in SearchBlox up to 8.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2015-0967. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese government entity in early 2023, which leverages three modules, CGM, CGN, and COL, to hijack web sessions and access cloud services like Google Drive, Gmail, and Outlook.  By stealing cookies from a victim’s browser, CloudScout can bypass 2FA and IP […]

The post Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. This vulnerability was named CVE-2024-10768. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10752. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory mentions contradicting file names to be affected.

因暗网身份的特殊性, 文本的内容主要来自公开情报和零散的情报收集汇总。

Submit #436531 / VDB-282988

Submit #436526 / VDB-282921

网信办启动了为期 2 个月的“清朗·同城版块信息内容问题整治”专项行动。本次专项行动覆盖社交、短视频、直播、资讯、电商、搜索引擎、团购点评、婚恋交友、地图导航、旅游出行、本地生活、天气日历、运动健康等平台同城（本地）榜单、版块、栏目、频道，以及各类基于地理位置提供同城信息内容或服务的移动互联网应用程序，重点整治5类突出问题：一是散播网络戾气。二是制造网络谣言和虚假信息。三是呈现色情低俗信息。四是为同城违法活动引流。以婚恋交友、线下陪玩、旅游搭子、上门按摩、租赁服务等名义，在低俗图文、短视频等信息中嵌入地理位置标签，以“茶”等暗语或者不合理高价售卖特定商品，打着“高薪”“包吃住”等幌子发布虚假招聘信息，在账号信息、评论、弹幕、直播等环节发布社交账号、群组号、手机号、二维码等，诱导网民私聊或加入群组，为线下色情、诈骗等违法活动引流。五是提供网络水军服务。

A vulnerability classified as problematic has been found in TP-Link Tapo H100 IoT Smart Hub prior 1.5.22. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information. This vulnerability is uniquely identified as CVE-2024-10523. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in BG-TEK Informatics Security Technologies CoslatV3 up to 3.1069. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-10035. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Brokerage Technology Solutions Wave 2.0 up to 1.1.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to information exposure through error message. This vulnerability is known as CVE-2024-51560. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Brokerage Technology Solutions Wave 2.0 up to 1.1.6. It has been classified as problematic. Affected is an unknown function of the component API Endpoint. The manipulation of the argument user_id leads to authorization bypass. This vulnerability is traded as CVE-2024-51559. It is possible to launch the attack remotely. There is no exploit available.

软件介绍QOwnNotes是开源的记事本，具有 Markdown支持 和针对GNU / Linux，Mac OS X和Windows的待办事项列表管理器

A vulnerability was found in Brokerage Technology Solutions Aero and classified as very critical. This issue affects some unknown processing of the component API Endpoint. The manipulation leads to reliance on untrusted inputs in a security decision. The identification of this vulnerability is CVE-2024-51561. The attack may be initiated remotely. There is no exploit available.