Aggregator

A vulnerability, which was classified as critical, was found in OpenCart up to 3.0.3.2. This affects an unknown part of the file upload/admin/index.php of the component Fba Plugin. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2020-20491. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PluckCMS 4.7.10. It has been classified as critical. This affects the function save_file of the component Image File Handler. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2020-20718. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in joyplus-cms 1.6.0. It has been rated as problematic. This issue affects the function goodbad. The manipulation of the argument id leads to information disclosure. The identification of this vulnerability is CVE-2020-20636. The attack may be initiated remotely. There is no exploit available.

dRPC CEO Outlines Three Core Infrastructure Shifts for Ethereum in 2025

Think Twice Before You Click: INTERPOL Unveils Alarming Cybercrime Trends

$750K stolen: The Telegram Groups’ Huge Scam (Investigation)

Open source software security and dependency management have never been more critical, as organizations strive to protect their software supply chains while navigating increasing complexity and risks.

The post Why software composition analysis is essential for open source security appeared first on Security Boulevard.

Horizon3.ai Introduces NodeZero Insights™ to Close Security Gaps and Drive Measurable Improvements in Cyber Defense

The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.

Head Mare Group Intensifies Attacks on Russia with PhantomCore RAT

Chinese hackers use Visual Studio Code tunnels for remote access

Microsoft 365 outage takes down Office web apps, admin center

On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploited by attackers CVE-2024-49138 stems from a heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver and can be exploited by attackers to elevate their privileges on the target host to SYSTEM, according to Microsoft. The attack … More →

The post Microsoft fixes exploited zero-day (CVE-2024-49138) appeared first on Help Net Security.

高血糖对大脑有负面影响

The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastructure companies. The Department of Justice unsealed an indictment on Guan for the same activity. The U.S. Department of State also announced a Rewards for Justice reward offer of up to $10 million for … More →

The post US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks appeared first on Help Net Security.

Hunting The Secret Service’s $10M Joker: Timur Kamilevich Shakhmametov

Security Risks in TP-Link Archer Router Could Lead to Unauthorized Access

SpartanWarrioz, whose prolific phishing kit business took a hit when the group's Telegram channel was shut down in November, is rebounding quickly, creating a new channel and courting former subscribers as it rebuilds its operations, Forta researchers say.

The post Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down appeared first on Security Boulevard.

Full-Face Masks to Frustrate Identification

TikTok ban in US: Company seeks emergency injunction to prevent it