Aggregator

A Threat Actor Claims to be Selling 200+ Indonesian Government Administrative Users with Root Access to the Database Server

A vulnerability, which was classified as problematic, was found in GL.iNet GL-E750 Mudi. This affects an unknown part of the component POST Request Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2023-24261. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Huawei HarmonyOS and EMUI. This vulnerability affects unknown code of the component Content Sharing Pop-Up Module. The manipulation leads to improper access controls. This vulnerability was named CVE-2023-52373. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS and EMUI. It has been classified as problematic. Affected is an unknown function of the component WindowManagerServices Module. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-52375. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability has been found in Huawei HarmonyOS 4.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component VerifiedBoot Module. The manipulation leads to improper authentication. This vulnerability is known as CVE-2023-52361. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.11.20/5.12.3. It has been classified as problematic. Affected is the function cfg80211_calculate_bitrate of the component mt7915. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2021-47028. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.12.3. It has been rated as critical. Affected by this issue is the function mt7615_coredump_work of the component mt7615. The manipulation leads to memory leak. This vulnerability is handled as CVE-2021-47030. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.36/5.11.20/5.12.3. It has been classified as problematic. This affects the function hci_conn_get_phy of the component Bluetooth. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2021-47038. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.36/5.11.20/5.12.3 and classified as critical. Affected by this issue is the function virtio_transport_remove_sock of the component virtio. The manipulation leads to memory leak. This vulnerability is handled as CVE-2021-47024. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

L’assalto di Salt Typhoon alle telco Usa

An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on "key Scattered Spider members" and their tactics.

This post first appeared on blog.netwrix.com and was written by Jonathan Blackwell.
Each individual in your organization needs a user account to access data, applications, servers, cloud services and other resources. If you have just a few accounts, you may be able to create, secure and govern them throughout their lifecycle using manual processes. However, manual processes are highly prone to human errors and do not scale … Continued

Russian users report Gazprombank outages amid alleged Ukrainian cyberattack

Name: DataCon2024 (an DataCon event.)
Date: Nov. 13, 2024, 2 a.m. — 22 Nov. 2024, 10:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://datacon.qianxin.com/datacon2024-en
Rating weight: 0
Event organizers: DataCon

A vulnerability, which was classified as critical, has been found in Belkin F5D7230-4 9.01.10. Affected by this issue is some unknown functionality of the component Firmware. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2008-1245. The attack may be launched remotely. Furthermore, there is an exploit available.

The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.

Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS, potentially linked to the use of online tracking tools. Healthcare company Atrium Health disclosed a data breach that impacted 585,000 individuals. The company notified the US Department of Health and Human Services (HHS). Atrium Health launched an investigation into the security breach and […]

A vulnerability, which was classified as problematic, has been found in Linux Kernel 2.6.28.2. Affected by this issue is the function tty_ldisc_hangup. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2009-3043. The attack needs to be approached locally. Furthermore, there is an exploit available.