Aggregator

.NET 一款适用于内网渗透痕迹清理的工具

国内最专业的 [ .NET 代码审计 ] 体系化学习社区

A vulnerability classified as problematic has been found in SolarWinds Platform up to 2024.4. This affects an unknown part of the component Search/Node Information Section. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-45717. It is possible to initiate the attack remotely. There is no exploit available.

FRP是一款基于golang、开源的跨平台内网穿透工具，支持http、https、tcp、udp等协议，同时也支持tls、白名单等安全配置，具有较高的安全性。FRP的原理是利用反向代理技术将公网...

A vulnerability was found in Synology Router Manager. It has been rated as critical. Affected by this issue is some unknown functionality of the component OTP Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-11398. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Synology Surveillance Station. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2023-52944. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Synology Surveillance Station. It has been classified as problematic. Affected is an unknown function of the component Alerting. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2023-52943. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

​3.62 万亿美元，苹果重回世界第一；腾讯「王者」衍生大作被曝已停摆；马斯克讨薪失败，天价薪酬被驳回｜极客早知道

A vulnerability was found in Genetech Solutions Pie Register Plugin up to 1.7.9 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-11293. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in William Deich Super 3.12/3.16/3.17/3.18 on Linux. Affected by this vulnerability is an unknown functionality. The manipulation of the argument line leads to format string. This vulnerability is known as CVE-2002-0817. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management

FTC bans data brokers from selling Americans’ sensitive location data

42Gears launched SureAccess, a Zero Trust Network Access (ZTNA) solution. This solution reinforces the company’s commitment to enterprise security by ensuring that only authenticated users and verified devices can access corporate resources from anywhere, anytime. “SureAccess represents our response to evolving security challenges, offering organizations a robust solution that verifies every access attempt, regardless of location or device,” said Onkar Singh, CEO of 42Gears. SureAccess (42Gears’ ZTNA solution) is designed to protect organizations from unauthorized access, data breaches, … More →

The post 42Gears SureAccess secures organizations from unauthorized access appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in jQuery up to 2.2.4. This issue affects some unknown processing of the file script.js of the component dataType Handler. The manipulation leads to cross site scripting (Cross-Domain). The identification of this vulnerability is CVE-2015-9251. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

威努特四件套轻装上阵，卷烟厂安全威胁绕道走

A registry overwrite remote code execution (RCE) vulnerability has been identified in NmAPI.exe, part of the WhatsUp Gold network monitoring software. This vulnerability, present in versions before 24.0.1, allows an unauthenticated remote attacker to execute arbitrary code on affected systems, posing significant security risks. Vulnerability Details The vulnerability lies within NmAPI.exe, a Windows Communication Foundation […]

The post Progress WhatsUp Gold RCE Vulnerability – PoC Exploit Released appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

企业如何构建 “有韧性”的防反勒索制度体系？

日本国家消费者事务中心提出建议，呼吁民众开始进行“数字化遗嘱规划”，并向公众提供了具体的操作指南。

英特尔周一宣布 CEO Pat Gelsinger 退休，这当然是官方的委婉说辞，他实际上是被董事会赶下台的，英特尔过去一年的糟糕表现总需要有人承担责任。作为芯片巨人的前 CTO，Pat Gelsinger 上台之初曾许诺要扭转公司困境重现辉煌，但他的计划进展太慢了，而且太昂贵了。英特尔今天的困境是它过去二十年多次重大决策错误的结果，它错过了智能手机革命，丢掉了苹果公司的电脑芯片订单，在 AI 革命中也是迟到者。它的芯片制造上最大的失误是未更早押注 ASML 的极紫外光刻技术（EUV），让台积电一跃成为芯片制造的领导者。通过重新拥抱 EUV，Gelsinger 希望公司的芯片制造技术能在四年内跨越五个节点，但难度显然比他预期的要大得多。业内人士透露，英特尔最近通知其客户该公司最先进的工艺 18a 和 16a 落后于台积电，台积电 2 纳米芯片的良品率非常高，但英特尔的 18a 芯片良品率不到 10%。芯片制造投入巨大，但英特尔没办法简单的分拆芯片工厂，因为它获得了美国政府近 80 亿美元的 CHIPS 和 Science Act 拨款，需要兑现在美国制造芯片的承诺。

A vulnerability has been found in Webmin and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2002-1673. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.