Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
Aggregator
CVE-2016-8019 | Intel VirusScan Enterprise Linux up to 2.0.3 NailsConfig.html Stored cross site scripting (EDB-40911 / Nessus ID 95812)
5 months ago
A vulnerability, which was classified as problematic, has been found in Intel VirusScan Enterprise Linux up to 2.0.3. This issue affects some unknown processing of the file NailsConfig.html. The manipulation leads to cross site scripting (Stored).
The identification of this vulnerability is CVE-2016-8019. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Взлом ENGlobal Corporation: данные оборонки США в руках вымогателей
5 months ago
Сети компании стали очередным вектором атаки на ключевые IT-системы.
暴力破解的艺术-- ffuf的不常见用法
5 months ago
暴雪从 GOG 下架《魔兽争霸》前两代
5 months ago
暴雪最近通过其 Battle.net 商店分别以 10 美元和 15 美元出售经典即时战略游戏《魔兽争霸》和《魔兽争霸 II》的重制版,它要求 GOG(Good Old Games)商店从 12 月 13 起起下架这两款有 30 年历史的游戏。此前 GOG 宣布了经典游戏的保存计划,而《魔兽争霸》系列游戏列入了保存计划中。然而现在游戏都要下架了,它如何保存?GOG 表示玩家在购买游戏之后可以继续使用,或使用离线安装包安装,它将会继续维护和更新游戏,确保其与现在和未来的操作系统兼容。
CVE-2020-11022 | Oracle Primavera Gateway up to 16.2.11/17.12.7/18.8.9/19.12.4 Admin cross site scripting (EDB-49766 / Nessus ID 209233)
5 months ago
A vulnerability has been found in Oracle Primavera Gateway up to 16.2.11/17.12.7/18.8.9/19.12.4 and classified as critical. This vulnerability affects unknown code of the component Admin. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2020-11022. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
How AI will Transform Product Management
5 months ago
How AI will Transform Product Management
Energy industry contractor ENGlobal Corporation discloses a ransomware attack
5 months ago
ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million […]
Pierluigi Paganini
Performance Outages Are on the No-Fly List This Holiday Season
5 months ago
Airports already are ramping up for the holiday travel season—or if they aren’t, they should be. CNN reported that summer air travel in the United States reached new record-setting levels in 2024, particularly around Memorial Day, Fourth of July, and Labor Day holidays. This pattern is anticipated to hold true for the...
Brooke Jameson
Last Week in Security (LWiS) - 2024-12-02
5 months ago
Last Week in Security (LWiS) - 2024-12-02
CVE-2000-0219 | Red Hat Linux 6.0 Single User Mode access control (EDB-19763 / Nessus ID 105412)
5 months ago
A vulnerability was found in Red Hat Linux 6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Single User Mode. The manipulation with the input ^C leads to improper access controls.
This vulnerability is known as CVE-2000-0219. Attacking locally is a requirement. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
The EU in the middle of MiCA tunnel: any light?
5 months ago
The EU in the middle of MiCA tunnel: any light?
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
5 months ago
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack
The Hacker News
DragonBridge: Streaming IQ Data Over 802.11ah HaLow via Two Relay Drones
5 months ago
DragonBridge: Streaming IQ Data Over 802.11ah HaLow via Two Relay Drones
CVE-2024-11844 | IdeaPush Plugin up to 8.71 on WordPress Board Term authorization
5 months ago
A vulnerability classified as problematic has been found in IdeaPush Plugin up to 8.71 on WordPress. Affected is an unknown function of the component Board Term Handler. The manipulation leads to missing authorization.
This vulnerability is traded as CVE-2024-11844. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-12062 | Charity Addon for Elementor Plugin up to 1.3.2 on WordPress Post information disclosure
5 months ago
A vulnerability, which was classified as problematic, was found in Charity Addon for Elementor Plugin up to 1.3.2 on WordPress. Affected is an unknown function of the component Post Handler. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2024-12062. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-11732 | BP Profile Shortcodes Extra Plugin up to 2.6.0 on WordPress Shortcode tab sql injection
5 months ago
A vulnerability was found in BP Profile Shortcodes Extra Plugin up to 2.6.0 on WordPress. It has been declared as critical. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation of the argument tab leads to sql injection.
This vulnerability was named CVE-2024-11732. The attack can be initiated remotely. There is no exploit available.
vuldb.com
92% за полнаносекунды: MIT интегрировал нейросеть в фотонный процессор
5 months ago
Исследователи создали чип для глубокого обучения на основе света.
LiDAR: технологическое оружие Китая, которое пугает США
5 months ago
Новый доклад показывает, почему китайские технологии заставляют США переживать за нацбезопасность.
Access Control in Paxton Net2 software
5 months ago
Access Control in Paxton Net2 software