Aggregator

A vulnerability was found in gristlabs grist-core up to 1.3.1 and classified as problematic. Affected by this issue is some unknown functionality of the component HyperLink Cell Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-56359. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cybersecurity constantly evolves, but some books have stood the test of time, shaping how professionals think about security, risk, and digital threats. Whether you’re a CISO, a seasoned expert, or cybersecurity enthusiast, these must-reads belong on your shelf. Masters of Deception: The Gang That Ruled Cyberspace Author: Michele Slatalla Set against the backdrop of the 1990 AT&T phone network crash, Masters of Deception chronicles an important moment in hacker history: law enforcement cracked down on … More →

The post Cybersecurity classics: 10 books that shaped the industry appeared first on Help Net Security.

扫地机器人 Roomba 制造商 iRobot 在公布季度财报时警告它可能在 12 个月内倒闭。iRobot 的主营业务因中国制造的扫地机器人的竞争而陷入困境，该公司曾试图出售给电商巨人亚马逊，但没有获得欧盟监管机构的批准，其联合创始人 Colin Angle 之后辞职，公司还裁掉了半数员工。iRobot 在公布 2024 年四季度财报和全年财报表示，美国地区的销售额在四季度暴跌 47%，如果无法获得融资或找到买家，它可能会在 12 个月内停止运营。

Как хакерам удаётся контролировать сеть без малейших признаков вторжения?

A vulnerability, which was classified as critical, has been found in HUSKY Products Filter for WooCommerce Professional Plugin up to 1.3.4.2 on WordPress. Affected by this issue is the function woof_meta_get_keys. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2023-40334. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in HUSKY Plugin up to 1.3.6.1 on WordPress. This affects an unknown part of the component Unsubscribe Handler. The manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2024-7491. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in realmag777 WOLF Plugin up to 1.0.8.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-52396. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in SiteOrigin Widgets Bundle Plugin up to 1.64.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-54268. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Kanban up to 1.2.42. Affected by this issue is some unknown functionality of the file app/Core/Session/SessionHandler.php. The manipulation leads to session expiration. This vulnerability is handled as CVE-2024-55603. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM InfoSphere Information Server 11.7. This affects an unknown part. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is uniquely identified as CVE-2021-29827. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Neo4j up to 5.18.x. It has been declared as problematic. This vulnerability affects unknown code of the component Cypher. The manipulation leads to improper privilege management. This vulnerability was named CVE-2024-34517. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in gristlabs grist-core up to 1.3.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-56358. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in gristlabs grist-core up to 1.3.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component javascript Scheme Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-56357. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in File Upload Plugin up to 4.24.11 on WordPress. It has been declared as critical. This vulnerability affects unknown code of the file wfu_file_downloader.php. The manipulation leads to path traversal. This vulnerability was named CVE-2024-9047. The attack can be initiated remotely. There is no exploit available.

Cybersecurity researchers have uncovered a sophisticated cyber espionage campaign targeting critical network infrastructure, marking a significant evolution in tactics by Chinese state-sponsored hackers. Mandiant, a leading cybersecurity firm, has discovered multiple custom backdoors deployed on Juniper Networks‘ routers, attributing the activity to a Chinese espionage group known as UNC3886. The backdoors provided attackers with persistent […]

The post Chinese Hacked Exploit Juniper Networks Routers to Implant Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Apple Safari 2.0.4 419.3. This affects the function window.console.log. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2007-0644. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The United States has taken significant steps to address the growing threat of Chinese cyber intrusions into U.S. government agencies and critical infrastructure. On March 5, the U.S. Department of Justice (DOJ) indicted 12 Chinese nationals and one Chinese company on charges of malicious cyber activity. This move marks an escalation in Washington’s efforts to […]

The post U.S. Accuses 12 Chinese Nationals of Hacking National Security Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Bipartisan 'Match IT Act' Aims to Reduce Risk of Medical Mistakes, Privacy Mishaps
Two Congressmen are taking another bipartisan stab at passing legislation aimed at improving patient identity matching to help reduce mistakes that put patient privacy and safety at risk. The lawmakers have introduced similar provisions in the past. Will the proposals gain traction this time?

The Edge Device Hacking Wave Hasn't Spared French Companies
France playing host to the Olympics resulted in a surge of cyberattacks requiring intervention of the state cybersecurity agency, it said in an annual report also flagging an uptick in attacks levied against network edge devices. The games went smoothly.

Series D Funding to Drive U.S. Growth and AI Advancements in Cybersecurity
Pentera has raised $60 million in Series D funding to expand its presence in the U.S. and accelerate AI-driven innovations in security validation. CEO Amitai Ratzon says the company is focused on advancing automated testing and strengthening its leadership in exposure validation.