Aggregator

A vulnerability was found in Janobe E-Negosyo System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation of the argument category leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-33978. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Janobe PayPal, Credit Card and Debit Card Payment 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/mod_reports/index.php. The manipulation of the argument start leads to cross site scripting. This vulnerability is handled as CVE-2024-33981. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Janobe PayPal, Credit Card and Debit Card Payment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/mod_reports/printreport.php. The manipulation of the argument start leads to cross site scripting. This vulnerability is known as CVE-2024-33980. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Janobe E-Negosyo System 1.0. Affected is an unknown function of the file /passwordrecover.php. The manipulation of the argument phonenumber leads to sql injection. This vulnerability is traded as CVE-2024-33958. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Janobe E-Negosyo System 1.0. This issue affects some unknown processing of the file /admin/orders/controller.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-33957. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Janobe PayPal, Credit Card and Debit Card Payment 1.0. This vulnerability affects unknown code of the file /admin/mod_reports/printreport.php. The manipulation of the argument categ leads to sql injection. This vulnerability was named CVE-2024-33959. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in gRPC. This affects an unknown part of the component HTTP2 Handler. The manipulation of the argument not leads to expected behavior violation. This vulnerability is uniquely identified as CVE-2024-7246. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Ransomware has infiltrated the IT systems of 40 French museums, including the renowned Louvre. The incident, which occurred on the night of August 3-4, 2024, was first detected by the director of information systems at the Grand Palais site. The director noticed unusual activity in the computer systems and promptly raised the alarm, signaling the […]

The post 40 French Museums IT Systems Hit by Ransomware Attack appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

近日，最高人民法院、国家市场监督管理总局联合发布了依法惩治网络传销犯罪典型案例，旨在发挥典型案例的教育、警示和震慑作用，帮助公众快速识别传销犯罪从而避免上当受骗，也警示潜在的此类模式操控者和运营者放弃打擦边球的商业模式。

数字经济时代，海量数据为培育和发展新质生产力奠定了基础。然而，大量数据未被有效利用，一定程度上制约了数字经济的发展。充分挖掘并最大限度释放数据价值，既是市场主体的迫切需求，也是发展新质生产力的现实需要。

算法为数字经济发展赋能的同时，蕴含的技术风险也可能给个人与社会带来负面影响。若算法决策因数据偏见、设计缺陷、黑箱问题等造成侵害，其高度专业性、不透明性及计算的庞杂性增大了损失认定与责任追究的难度，给算法责任承担判定带来挑战。

欧盟《人工智能法案》是全球首部全面监管人工智能的法规，标志着欧盟在规范人工智能应用方面迈出重要一步。分析指出，许多国家和地区正在制定人工智能监管规则，欧盟新规则可能为后来者提供重要借鉴。不过，法案实施或将增加人工智能相关企业的合规成本。

为深入推进信息通信行业管理创新，进一步优化营商环境，推动信息通信行业高质量发展，工业和信息化部近日印发《关于创新信息通信行业管理 优化营商环境的意见》。

近日，微软Windows操作系统发生重大技术故障，致使全球近千万台Windows设备出现“蓝屏宕机”，全球多国交通、金融、医疗、政务等领域信息系统受到严重影响，有的甚至因无法运转而瘫痪，酿成了全球性的网络安全危机。

新一代信息技术及网络应用不断创新，特别是人工智能、大数据等新技术的快速发展与成熟，使网络及网络应用深入国家和社会生活的各个领域。与之相伴，数据、虚拟身份、算法和信息系统都成为具有高价值的目标。

Hunters International has deployed a novel C# malware dubbed SharpRhino as an initial infection vector and persistent Remote Access Trojan (RAT).  Delivered through a typosquatting domain that looks like an Angry IP Scanner, SharpRhino uses techniques that have never been seen before to increase privileges, let the group move laterally without any problems, and then […]

The post Network Admins Beware! SharpRhino Ransomware Attacking Mimic As Angry IP Scanner appeared first on Cyber Security News.

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs. Both the libraries did not attract

Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.  The challenge for many is detecting those threats before they lead to full

Scalable package scanning within PyPi and npm using GuardDog software identified two malicious packages linked to a DPRK-aligned threat actor cluster dubbed “Stressed Pungsan.”  The cluster strongly aligns with Microsoft’s MOONSTONE SLEET, indicating a sophisticated supply chain attack vector. The packages are initial access points for malware distribution, enabling data exfiltration, credential theft, and lateral […]

The post North Korean Hackers Attacking Windows Users With Weaponized npm Files appeared first on Cyber Security News.

Hackers often target Window Smart App Control and SmartScreen security flaws to launch malicious code and applications for their illicit purposes. Threat actors aiming to undermine Windows security features can use these vulnerabilities to seize illicit access, steal sensitive data, and compromise system integrity. Cybersecurity researchers at Elastic Security Labs discovered Windows Smart App Control […]

The post Windows Smart App Control & SmartScreen Flaw Let Hackers Hijack Systems appeared first on Cyber Security News.