Aggregator

A vulnerability, which was classified as problematic, has been found in OX Software OX App Suite up to 8.2. Affected by this issue is some unknown functionality of the component HTML E-Mail Message Handler. The manipulation leads to HTML injection. This vulnerability is handled as CVE-2022-29853. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in OX Software OX App Suite up to 8.2. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-29852. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Communications Diameter Signaling Router 8.6.0.0. Affected is an unknown function of the component Platform. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2022-42898. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Communications Network Analytics Data Director 23.1.0. It has been classified as critical. This affects an unknown part of the component Install/Upgrade. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2022-42898. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Oracle MySQL Cluster up to 8.0.34/8.1.0. This vulnerability affects unknown code of the component Cluster. The manipulation leads to integer overflow. This vulnerability was named CVE-2022-42898. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Squid Web Proxy up to 4.17/5.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Internal URL Handler. The manipulation leads to exposure of sensitive information due to incompatible policies. This vulnerability is known as CVE-2022-41317. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Enlightenment up to 0.25.3. It has been declared as critical. This vulnerability affects unknown code of the component enlightenment_sys. The manipulation leads to path traversal: '/../filedir'. This vulnerability was named CVE-2022-37706. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. [...]

本期周报简介：1、在甲方安全中，如何实施主动防御措施以提升整体安全防护水平？ 2、发现生产服务器配置代理上网时，应采取哪些步骤进行处理，以确保数据安全与合规性？ 3、面对项目组或运维方对安全整改的抵触情绪，哪些有效策略可以帮助推进整改工作？

本期周报简介：1、在甲方安全中，如何实施主动防御措施以提升整体安全防护水平？ 2、发现生产服务器配置代理上网时，应采取哪些步骤进行处理，以确保数据安全与合规性？ 3、面对项目组或运维方对安全整改的抵触情绪，哪些有效策略可以帮助推进整改工作？

Educational institutions worldwide are facing an unprecedented wave of sophisticated cyber attacks, with the education sector ranked as the third-most targeted industry in Q2 2024, according to Microsoft. This alarming trend reveals a strategic shift in threat actors’ focus, as they increasingly exploit the unique vulnerabilities inherent to academic environments. Between April and September 2024, […]

The post Schools and Colleges Emerges as a Prime Target for Threat Actors appeared first on Cyber Security News.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A sophisticated backdoor malware known as BPFDoor has been actively targeting organizations across Asia, the Middle East, and Africa, leveraging advanced stealth techniques to evade detection. This Linux backdoor utilizes Berkeley Packet Filtering (BPF) technology to monitor network traffic at the kernel level, allowing it to remain hidden from conventional security scans while maintaining persistent […]

The post Stealthy Rootkit-Like Malware Known as BPFDoor Using Reverse Shell to Dig Deeper into Compromised Networks appeared first on Cyber Security News.

Threat Attack Daily - 14th of April 2025

A vulnerability was found in Sophos Anti-Virus up to 6.0.4 and classified as critical. Affected by this issue is some unknown functionality of the component CHM Archive Handler. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2006-5645. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Ransomware Attack Update for the 14th of April 2025

黑客出租高价macOS恶意软件，可完全控制系统窃密！

Spear-Phishing Campaign Used RomCom Malware Variant
A phishing campaign wielding malware previously associated with Russian-speaking hackers targeted the U.K. Ministry of Defense in late 2024. It is unclear if the campaign is tied to a data leak of 600 armed personnel, civil servants, and defense contractors reported late last year.

Event to Feature Innovation Sandbox 20-Year Anniversary, DARPA, Hacking Sessions
RSAC Conference brings together thousands of cybersecurity professionals with one goal: finding innovative ways to defend enterprises. This year for the event's annual Innovation Sandbox, the stakes couldn't be bigger. This year, leading-edge projects will receive $5 million in investment funding.