Aggregator

A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-7334. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. This vulnerability was named CVE-2024-7333. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. This vulnerability is uniquely identified as CVE-2024-7332. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. This vulnerability is handled as CVE-2024-7331. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Как сломанная стиральная машина привела к хакерскому открытию.

Cybersecurity firm TrustedSec has unveiled a powerful new tool called Specula. It exploits a longstanding vulnerability in Microsoft Outlook to transform it into a Command and Control (C2) server. This revelation has sent shockwaves through the cybersecurity community, highlighting a persistent weak point in many corporate networks. The Specula Framework Specula leverages a seemingly innocuous […]

The post New Specula Tool Turning Outlook as a C2 Server by Leveraging Registry appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. This vulnerability is known as CVE-2024-7330. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. This vulnerability is traded as CVE-2024-7329. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-7328. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

МОК признает, что передает данные третьим лицам, но не раскрывает весь масштаб проблемы.

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. This vulnerability was named CVE-2024-7327. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. This vulnerability is uniquely identified as CVE-2024-7326. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. This vulnerability is handled as CVE-2024-7325. Attacking locally is a requirement. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2024-7324. Local access is required to approach this attack. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Zimperium раскрывает масштабную кампанию по перехвату SMS-сообщений.

Tenable reportedly is exploring a potential sale that would add to the growing consolidation in a cybersecurity market that is seeing new innovations in cyber-defenses as the threat of cyberattacks grows.

The post Tenable Considering a Potential Sale: Report appeared first on Security Boulevard.

More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds.

United Launch Alliance 周二在佛罗里达州卡纳维拉尔角太空军基地为美国军方发射了一枚 Atlas V 火箭，执行机密军事任务。这是 Atlas V 火箭自 2002 年首次亮相以来的第 101 次发射，为 2007 年以来第 58 次也是最后一次执行机密军事任务，它标志着五角大楼结束了使用俄罗斯引擎的历史。这枚 Atlas V 火箭使用了俄制 RD-180 引擎和 5 个捆绑式固体燃料助推器。Atlas V 的研发始于 1990 年代，当时美国的政策允许使用俄罗斯引擎以帮助该国的航天行业，以免航空工程师被伊朗或朝鲜等国雇佣。2022 年在全面入侵乌克兰之后俄罗斯停止了向美国出口 RD-180，最后一批 RD-180 是在 2021 年交付的，交付总数为 122 台，早期订单的单价约 1000 万美元。 Atlas V 还将执行 15 次发射任务，主要是为商业客户和 NASA 发射有效载荷。未来美国的火箭将全部由美国制造。

In the digital age, where connectivity and data are paramount, cybersecurity threats such as ransomware loom large, posing significant risks to organizations worldwide. Ransomware attacks have evolved into sophisticated campaigns that can cripple businesses, demanding ransom payments in exchange for decrypting or not...

Numerous reports have highlighted the increased number of software supply chain attacks in recent years. The Verizon Business Data Breach and Investigation Report (DBIR) 2024 concluded that breaches stemming from third-party software development organizations played a role in 15% of the more than 10,000 data breaches that Verizon documented, a 68% jump from last year. Additionally, ReversingLabs' The "State of Software Supply Chain Security 2024" noted that incidents of malicious packages found on popular open-source package managers have increased by 1,300% over the past three years (2020–2023). 

The post 8 supply chain security talks you don’t want to miss at Black Hat appeared first on Security Boulevard.