Aggregator

A vulnerability, which was classified as problematic, has been found in Altra Side Menu Plugin up to 2.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-12774. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Social Share Buttons Plugin up to 2.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-13117. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP Triggers Lite Plugin up to 2.5.3 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13095. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in IBM Security Directory Integrator and Security Verify Directory Integrator 7.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to exposure of information through directory listing. This vulnerability is handled as CVE-2024-28766. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in php-fusion 9.03.50. This affects an unknown part of the file downloads/downloads.php. The manipulation as part of Request leads to improper privilege management. This vulnerability is uniquely identified as CVE-2020-24949. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader

A lot of companies sending emails daily discover that their clients also receive fraudulent mes

Learn how DMARC email security can protect your brand, improve deliverability, and prevent phishing attacks. Get expert advice and best practices.

The post DMARC Email Security: A Guide to Protecting Your Domain  appeared first on Security Boulevard.

Threat actors demonstrated a methodical approach in a recent cyberattack, taking 11 days from initial compromise to fully deploy LockBit ransomware across a victim’s network. The incident, detailed in a report by The DFIR Report, showcases the evolving tactics of ransomware operators and the critical need for robust cybersecurity measures. The attack began in late […]

The post Hackers Tool 11 Days To Deploy LockBit Ransomware From Initial Compromise appeared first on Cyber Security News.

Лишь тщательный мониторинг логов может спасти от потери данных.

Researchers have exposed a systemic vulnerability within the Windows operating system, leveraging its “Best-Fit” charset conversion feature to bypass security checks and execute remote code. The findings highlight widespread implications across various applications, with real-world exploitation scenarios impacting widely used tools such as Microsoft Excel, PHP-CGI, and others. Charset Conversion and “Best-Fit” Behavior Windows systems […]

The post Researchers Exploited Windows Charset Conversion Feature to Execute Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Dyn Business Panel Plugin up to 1.0.0 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-13057. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Dental Optimizer Patient Generator App Plugin up to 1.0 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13052. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Altra Side Menu Plugin up to 2.0 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2024-12773. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Fabio Rinaldi Crelly Slider Plugin up to 1.4.6 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13116. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in WP Triggers Lite Plugin up to 2.5.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13094. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP Customer Area Plugin up to 8.2.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-12436. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WC Affiliate Plugin up to 2.3.9 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12321. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Dyn Business Panel Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13055. The attack can be initiated remotely. There is no exploit available.