Aggregator

A vulnerability was found in Python Software CPython up to 3.14.0a0. It has been classified as problematic. Affected is the function asyncio._SelectorSocketTransport.writelines. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-12254. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MacWarrior clipbucket-v5 up to 5.5.1 Revision 199 and classified as very critical. This issue affects some unknown processing of the file upload/upload.php. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-54136. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in MacWarrior clipbucket-v5 up to 5.5.1 Revision 199 and classified as very critical. This vulnerability affects the function decode_key of the file upload/photo_upload.php. The manipulation leads to deserialization. This vulnerability was named CVE-2024-54135. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

移动安全公司 iVerify 在今年 5 月发布了一个工具，可用于扫描手机是否感染了以色列公司 NSO Group 开发的间谍软件 Pegasus。2,500 名用户扫描设备后发现了 7 起 Pegasus 感染事件。这意味着 Pegasus 的传播范围比以前认为的更为广泛。因为被感染的人是普通用户而不是特定目标。大部分感染都不是发生在近期，其中一次是 2023 年底的 iOS 16.6，另一次发生在 2022 年 11 月的 iOS 15，另外五次发生在 2021 年和 2022 年的 iOS 14 和 15 上。Pegasus 发动的是零点击攻击，感染设备不需要用户互动。

miyako Allegedly Leaked the Data of Beijing Jingsheng Century Technology

A vulnerability, which was classified as problematic, was found in Urban Base Z-Downloads Plugin up to 1.11.7 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-54206. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Ninja Team Filebird Plugin up to 6.3.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-53825. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Posimyth The Plus Addons for Elementor Page Builder Lite Plugin up to 5.6.14 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-53823. The attack can be launched remotely. There is no exploit available.

Rock-solid curl on video

英国国家犯罪局 (NCA) 宣布，一项名为“Destabilize”的联合执法行动摧毁了俄罗斯非法洗钱和现金运送网络以及与勒索软件、毒品和间谍活动有关的地下加密货币交易所。 NCA 领导的行动揭露了 Smart 集团和 TGR 集团这两个非法金融网络，这两个网络帮助俄罗斯精英规避国际制裁，并支持俄罗斯网络犯罪分子洗白非法利润。Smart 网络还被用来资助俄罗斯的间谍活动。 美国财政部外国资产控制办公室 (OFAC) 还制裁了与 TGR 集团有关的五名个人和四家实体。NCA 的国际合作伙伴还逮捕了第七名嫌疑人，是一名全球洗钱协助者。 NCA 表示：“NCA 协调的活动迄今已逮捕 84 人，其中许多人已服刑，并缴获了超过 2000 万英镑（3500 万美元）的现金和加密货币。” 复杂的犯罪网络在一个国家收集资金，然后在另一个国家提供等值资金，通常是通过将加密货币兑换成现金。这简化了西方犯罪集团产生的现金流动，并帮助寡头绕过制裁。 英国是这项活动的主要中心。数十亿美元的洗钱网络以一种此前不为当局或监管机构所知的方式运作，并隐藏在社区中。 调查人员发现全国各地大规模的货币兑换。街头现金交易之后，几乎立即出现了等值加密货币的转移。Smart 和 TGR 与俄罗斯金融业联系紧密，其全球影响力遍及 30 多个国家。 “我们首次能够找出俄罗斯精英、加密货币富豪网络犯罪分子和英国街头贩毒团伙之间的联系。将他们联系在一起的线索——Smart 和 TGR 的联合力量——直到现在才被发现。”NCA 运营总监 Rob Jones 表示。 “NCA及其合作伙伴已经从各个层面打击了这一犯罪活动。” Smart 集团由俄罗斯洗钱者 Ekaterina Zhdanova 领导。她指挥一家位于伦敦的现金快递公司，洗钱金额超过 1900 万美元。她还帮助勒索软件受害者以加密货币形式向 Ryuk 勒索软件集团支付超过 230 万美元疑似赎金，并与 TGR 成员合作转移了超过 200 万美元。 TGR 由乌克兰人乔治·罗西经营。该集团涉嫌隐瞒将受制裁的俄罗斯国有媒体组织今日俄罗斯（RT）的资金转移出境，以支持一家俄语媒体组织在英国的活动。 TGR 帮助将非法金融计划纳入全球金融体系，包括洗钱、未注册的现金和加密货币交易以及预付信用卡服务。其目的是掩盖资金来源。 NCA 表示：“Smart 和 TGR 的加密地址显示，他们经常接触 Garantex，这是一项加密货币交易服务，于 2022 年受到英国和美国的制裁。Garantex 与武器零部件交易有关。 ” OFAC 还制裁了拉脱维亚国民 Andrejs Bradens，他与多家 TGR 集团公司有联系，以及 Zhdanova 的两家关联公司：Khadzi-Murat Dalgatovich Magomedov 和 Nikita Vladimirovich Krasnov。 在其中一起案件中，NCA 和国际合作伙伴逮捕了一系列与谢缅·库克索夫及其同伙有关的信使，据信他们经营着一家地下加密货币交易所。     转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/2MEWWskREW-4GldVb0tRNg 封面来源于网络，如有侵权请联系删除

Pan Gulf Holding Has Been Claimed a Victim to Sarcoma Ransomware

小米电动汽车季度销量超过丰田

PEZ Has Been Claimed a Victim to Abyss Ransomware

Discover the essentials of FIDO2 authentication implementation in this developer-focused guide. We'll walk you through the process step-by-step, covering key concepts, best practices, and code examples to help you integrate secure, passwordless login into your applications efficiently.

The post Implementing FIDO2 Authentication: A Developer’s Step-by-Step Guide appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in NotFound Pie Register Premium Plugin up to 3.8.3.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-53821. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Captivate Audio Captivate Sync Plugin up to 2.0.22 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-53820. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WP Travel Plugin up to 9.6.0 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-53813. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Jacques Malgrange WP GeoNames Plugin up to 1.8 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-53812. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Posimyth WDesignkit Plugin up to 1.0.40 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-53811. The attack may be launched remotely. There is no exploit available.