Aggregator

A vulnerability was found in HP PC. It has been rated as problematic. Affected by this issue is some unknown functionality of the component BIOS. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2022-31643. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Obsidian Canvas 1.1.9. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to incorrect default permissions. This vulnerability is handled as CVE-2023-27035. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OpenText BizManager up to 16.6.0.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2022-35898. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in KaiOS 3.0. It has been declared as problematic. This vulnerability affects unknown code of the component Communications Application. The manipulation leads to information disclosure. This vulnerability was named CVE-2023-27108. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Konga 0.14.9. Affected by this vulnerability is an unknown functionality of the component POST Request Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2023-26987. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Antabot White-Jotter 0.2.2. Affected by this issue is the function coversUpload. The manipulation of the argument file leads to unrestricted upload. This vulnerability is handled as CVE-2023-29635. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in 3CX Phone System 6.0.806.0/15.5.3554.1/16.0.0.1570. Affected by this vulnerability is an unknown functionality of the file /Electron/download of the component Drive Letter Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2022-48483. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Новое исследование объясняет механизм устойчивости тяжелых элементов.

A vulnerability was found in Microsoft IIS 5.0/5.1 and classified as critical. Affected by this issue is some unknown functionality of the component WebDAV. The manipulation as part of XML leads to denial of service. This vulnerability is handled as CVE-2003-0226. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in PHPFox 3.7.3/3.7.4/3.7.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument val[item_id] leads to improper access controls. This vulnerability is known as CVE-2013-7196. The attack can be launched remotely. Furthermore, there is an exploit available.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Humidifier Review’ appeared first on Security Boulevard.

​The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. [...]

Новый метод генерации поляритонов может перевернуть представления об интегральной оптике.

For NSX customers and partners who are Star Trek fans, VMware getting absorbed into the huge Broadcom product line might remind them of the Borg collective: “Resistance is Futile!” I lived through similar events when I was at IronPort, and we got purchased by Cisco. We were able to keep interest in the email security […]

The post Did the Broadcom Acquisition of VMware Leave You Feeling High-and-Dry? appeared first on ColorTokens.

The post Did the Broadcom Acquisition of VMware Leave You Feeling High-and-Dry? appeared first on Security Boulevard.

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed by cybersecurity researchers. Introduced by James Forshaw and further developed using the Responder and krbrelayx tools, this approach exploits local name resolution protocols like LLMNR (Link-Local Multicast Name Resolution) to achieve pre-authenticated Kerberos relay attacks. This method provides a fresh […]

The post Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed “Tria Stealer,” which exploits fake wedding invitations to lure users into installing malicious apps (APK files). Malware Campaign Overview The campaign primarily targets users in Malaysia and Brunei, with Malaysia experiencing the most significant impact. Analysis indicates the operation originates from an […]

The post New Android Malware Exploiting Wedding Invitations to Steal Victims WhatsApp Messages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass, is facing scrutiny after the discovery of severe memory protection vulnerabilities in its products. Despite having established itself as a trusted name for safeguarding user data, these flaws could expose sensitive personal information, including encrypted VPN traffic and credit card […]

The post 500 Million Proton VPN & Pass Users at Risk Due to Memory Protection Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Data privacy in healthcare is more important than ever, but few people fully understand how it works and why it’s necessary. Learn more about what data privacy in healthcare means and how medical organizations practice it in this detailed guide.

The post What is data privacy in healthcare? everything you need to know appeared first on Security Boulevard.