Aggregator

CVE-2024-7262 | Kingsoft WPS Office up to 12.2.0.13489 on Windows Hyperlink promecefpluginhost.exe path traversal

1 week 5 days ago

A vulnerability was found in Kingsoft WPS Office up to 12.2.0.13489 on Windows and classified as critical. This issue affects some unknown processing of the file promecefpluginhost.exe of the component Hyperlink Handler. The manipulation results in path traversal. This vulnerability is known as CVE-2024-7262. Attacking locally is a requirement. Furthermore, an exploit is available.

vuldb.com

CVE-2024-39717 | Versa Director Change Favicon Option access control (Nessus ID 207794)

Vuldb Updates

1 week 5 days ago

A vulnerability was found in Versa Director and classified as critical. This vulnerability affects unknown code of the component Change Favicon Option. Executing manipulation can lead to improper access controls. This vulnerability appears as CVE-2024-39717. The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.

vuldb.com

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

1 week 5 days ago

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws […]

Pierluigi Paganini

Akira Ransomware Claims It Stole 23GB from Apache OpenOffice

Hack Read

1 week 5 days ago

The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified.

Waqas

Metaencryptor

Dark Feed IO

1 week 5 days ago

You must login to view this content

cohenido

OpenAI confirms GPT-5 is now better at handling mental and emotional distress

Bleeping Computer.

1 week 5 days ago

OpenAI confirmed that it shipped an update on October 5, which allows GPT-5 to better handle sensitive conversations, especially when a user is experiencing emotional or mental distress. [...]

Mayank Parmar

Webinar | Beyond the Gateway: Protecting Financial Data from Internal Email Threats

BankInfoSecurity.com

1 week 5 days ago

When AI Agents Go Rogue: Managing Digital Insider Risk

BankInfoSecurity.com

1 week 5 days ago

Clear the Cloud Noise: Integrating CNAPP for Unified Threat Response

BankInfoSecurity.com

1 week 5 days ago

Secure Every Access and Edge: Unified SASE for Data Protection

BankInfoSecurity.com

1 week 5 days ago

ClickFix Infrastructure Surprises Inform Better Blocking

BankInfoSecurity.com

1 week 5 days ago

Big Crossover Found Between ClickFix and Adversary-in-the-Middle Infrastructure
Tracking how cybercriminals and their service providers use malicious infrastructure can give defenders an edge for blocking their targeting. New research spotted a massive crossover between IP addresses used for both ClickFix and adversary-in-the-middle attacks.

Cryptohack Roundup: Allegations Involving Melania Memecoins

BankInfoSecurity.com

1 week 5 days ago

Also: LastPass Warns of Phishing Campaign, Trump's New CTFC Head Pick
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Meteora CEO faced fraud allegations, LastPass warned of a phishing campaign, Trump taps crypto lawyer to lead CFTC, Mt. Gox delayed creditor repayments again and an Indian court blocked WazirX from using customer funds to cover hack losses.

Breach Roundup: Hackers Probe Canada's Critical Infrastructure

BankInfoSecurity.com

1 week 5 days ago

Also: F5 Revenue Dips, Swedish Utility Operator Breached
This week, critical infrastructure breaches in Canada, a Swedish grid operator breached, an Australian guilty of selling cyber exploits, Gmail wasn't breached, F5 projected a revenue dip, PhantomRaven targeted developers, a Pakistan-linked actor targeted India and Dentsu confirmed a data breach.

Sublime Secures $150M to Advance Agentic Email Protection

BankInfoSecurity.com

1 week 5 days ago

Series C Funding Fuels Autonomous Agents That Detect and Block Attacks in Real Time
Sublime Security closed a $150 million Series C round to expand its AI-driven agent platform. The Washington D.C.-based company aims to reduce cyber risk and manual workloads for defenders by adapting quickly to novel attacks, especially those using GenAI.

CISA, NSA offer guidance to better protect Microsoft Exchange Servers

CyberScoop

1 week 5 days ago

The guide includes security advice previously shared by Microsoft, yet authorities felt it prudent to outline best practices for the critical and widely used technology.

The post CISA, NSA offer guidance to better protect Microsoft Exchange Servers appeared first on CyberScoop.

Matt Kapko

Beyond IP lists: a registry format for bots and agents

The Cloudflare Blog

1 week 5 days ago

We propose an open registry format for Web Bot Auth to move beyond IP-based identity. This allows any origin to discover and verify cryptographic keys for bots, fostering a decentralized and more trustworthy ecosystem.

Thibault Meunier

Secrets Management That Fits Your Budget

Security Boulevard

1 week 5 days ago

How Can Effective NHI Management Transform Your Cybersecurity Strategy? How can organizations efficiently manage secrets and non-human identities (NHIs) while maintaining a budget-friendly approach? This question is particularly vital for industries like financial services, healthcare, and more, where both budget constraints and stringent security requirements exist. Exploring cost-effective secrets management, along with NHI management, provides […]

The post Secrets Management That Fits Your Budget appeared first on Entro.

The post Secrets Management That Fits Your Budget appeared first on Security Boulevard.

Angela Shreiber

Satisfied with Your Secrets Vaulting Approach?

Security Boulevard

1 week 5 days ago

Are You Really Satisfied with Your Secrets Vaulting Approach? How confident are you in your current secrets vaulting strategies? Where organizations increasingly rely on digital processes, the management of Non-Human Identities (NHIs) and their secrets becomes critical to maintaining security and compliance. For sectors such as financial services, healthcare, and DevOps, ensuring that machine identities […]

The post Satisfied with Your Secrets Vaulting Approach? appeared first on Entro.

The post Satisfied with Your Secrets Vaulting Approach? appeared first on Security Boulevard.

Angela Shreiber

Improving NHI Lifecycle Management Continuously

Security Boulevard

1 week 5 days ago

What is the True Cost of Overlooking Non-Human Identities? When organizations increasingly move operations to the cloud, the spotlight is now on securing machine identities, also known as Non-Human Identities (NHIs). But what happens when these identities are overlooked? The risks extend far beyond hypothetical breaches and can shake the very foundation of operational security. […]

The post Improving NHI Lifecycle Management Continuously appeared first on Entro.

The post Improving NHI Lifecycle Management Continuously appeared first on Security Boulevard.

Angela Shreiber

Independent Control Over Cloud Identities

Security Boulevard

1 week 5 days ago

How Secure Are Your Cloud-Based Non-Human Identities? What measures are you taking to ensure the security of your cloud-based systems? Managing Non-Human Identities (NHIs) has become a critical focus for diverse sectors, including financial services, healthcare, and travel. NHIs, essentially machine identities, are pivotal to maintaining a robust cybersecurity posture, yet they often remain overlooked. […]

The post Independent Control Over Cloud Identities appeared first on Entro.

The post Independent Control Over Cloud Identities appeared first on Security Boulevard.

Angela Shreiber

Aggregator

Managed ad