Aggregator

A vulnerability was found in Netgear D7800, DM200, R6100, R7500, R7500v2, R7800, R8900, R9000, WNDR4300, WNDR4300v2, WNDR4500v3 and WNR2000v5 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Stored). This vulnerability is handled as CVE-2018-21155. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in SolarWinds WebHelpDesk 12.7.1. Affected by this vulnerability is an unknown functionality of the file TicketActions/view?tab=group of the component TSV Export Handler. The manipulation as part of Request leads to code injection. This vulnerability is known as CVE-2019-20002. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Rukovoditel 2.5.2. This issue affects some unknown processing of the component User Access Groups Page. The manipulation leads to cross site scripting (Stored). The identification of this vulnerability is CVE-2020-11822. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Ipa up to 4.8.0 and classified as problematic. This vulnerability affects unknown code of the component Password Hashing. The manipulation as part of Long Password leads to resource consumption. This vulnerability was named CVE-2020-1722. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Huawei Honor V10 9.0.0.125(C00E125R2P14T8)/9.0.0.156(C00E156R2P14T8)/10.0.0.146(C432E4R1P4). It has been classified as critical. Affected is an unknown function of the component Driver. The manipulation as part of Parameter leads to out-of-bounds read. This vulnerability is traded as CVE-2020-1804. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Hackers are leveraging a sophisticated social engineering technique dubbed “ClickFix” to trick Windows users into executing malicious scripts on their systems. This method capitalizes on fake error pages and notifications that mimic legitimate alerts, often resembling Chrome browser errors or system warnings. These deceptive pop-ups prompt users to “fix” an alleged issue by copying and […]

The post Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

美国政府网络安全合规执法日益严格

美国政府网络安全合规执法日益严格

本文通过解读报告，帮助用户提升对复杂网络安全威胁的认知与防范能力。

本文通过解读报告，帮助用户提升对复杂网络安全威胁的认知与防范能力。

能够以不可逆转的方式覆写Linux 系统的主磁盘并将其渲染为不可启动。

能够以不可逆转的方式覆写Linux 系统的主磁盘并将其渲染为不可启动。

近日，国家互联网信息办公室、公安部联合公布了《人脸识别技术应用安全管理办法》。《办法》的出台，对我国规范应用人脸识别技术处理人脸信息活动，强化个人信息权益保护具有重要意义。

为更好地保障公民的合法权益，维护数字市场经济秩序，我国持续探索和创新网络执法新理念、新模式，确保执法活动能够与网络空间创新实践同步规划、同步发展。近日发布的《中国网络法治发展报告（2024年）》系统回顾了我国2024年网络空间治理成效。

为促进和规范终端设备直连卫星服务健康发展，维护国家安全和社会公共利益，保护公民、法人和其他组织的合法权益，近日，国家互联网信息办公室会同有关部门发布《终端设备直连卫星服务管理规定》，对终端设备直连卫星服务作出系统性制度安排。

本文讨论的公共数据开放具有市场竞争属性，最典型的为授权运营行为，强调通过专业化机构对数据进行深度开发，以满足社会对公共数据的多样化需求，并支持其他经营主体对数据产品进行再开发和再利用，进一步推动市场竞争。