Aggregator

North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack The ransomware attack was investigated by Palo Alto Networks’ Unit 42 in September 2024, and they determined that North Korean hackers: Gained access to a host using a compromised users account Moved laterally to other … More →

The post North Korean hackers pave the way for Play ransomware appeared first on Help Net Security.

A vulnerability was found in Fonality up to 14.1i. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component FTP Server/SSH Server. The manipulation leads to hard-coded credentials. This vulnerability is known as CVE-2016-2362. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

微软警告，俄罗斯情报机构正利用远程桌面协议(RDP)发动大规模钓鱼攻击。这一攻击最早是在 10 月 22 日发现的，其目标是政府、非政府组织、学界和国防机构。攻击者被命名为 Midnight Blizzard aka APT29 和 Cozy Bear，被认为隶属于俄罗斯对外情报局(SVR)。攻击者向 100 多个组织的数千人发送了钓鱼邮件，邮件附件包含了 RDP 配置文件。一旦受害者运行配置文件，会建立与 Midnight Blizzard 所控制系统的 RDP 连接，攻击者可利用配置文件窃取大量信息。

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data

Технологии могут кардинально поменять оборону страны.

A vulnerability, which was classified as critical, was found in myWebland myBloggie 2.1.6. Affected is an unknown function of the file index.php. The manipulation of the argument post_id leads to sql injection. This vulnerability is traded as CVE-2007-1899. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Pivot 1.40.5. This issue affects some unknown processing of the file search.php. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2008-3128. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Catviz 0.4 Beta 1. Affected is an unknown function of the file index.php. The manipulation of the argument webpage leads to sql injection. This vulnerability is traded as CVE-2008-3129. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in BareNuked CMS 1.1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument password leads to sql injection. This vulnerability was named CVE-2008-3133. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in eSHOP100 and classified as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument SUB leads to sql injection. This vulnerability is handled as CVE-2008-5190. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Vizzed Acmlmboard 1.a2 and classified as critical. This vulnerability affects unknown code of the file memberlist.php. The manipulation of the argument pow leads to sql injection. This vulnerability was named CVE-2008-5198. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in NetWin Surgemail 3.9e. It has been declared as problematic. This vulnerability affects unknown code of the component IMAP Service. The manipulation of the argument first leads to memory corruption. This vulnerability was named CVE-2008-7182. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Sebrac SebracCMS 0.4. Affected by this vulnerability is an unknown functionality. The manipulation of the argument uname leads to sql injection. This vulnerability is known as CVE-2008-5195. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Com Xewebtv on Joomla. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2008-5200. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

A vulnerability was found in Smash Balloon Custom Twitter Feeds Plugin up to 2.2.3 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-49685. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Lukas Huser EKC Tournament Manager Plugin up to 2.2.1 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-49674. It is possible to launch the attack remotely. There is no exploit available.