Aggregator

АБР предложила новый подход к внедрению валюты.

A vulnerability, which was classified as critical, has been found in Linux Kernel 2.4.0/2.4.1/2.4.2/2.4.3. This issue affects the function ip_conntrack_ftp of the component iptables. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2001-0405. The attack may be initiated remotely. Furthermore, there is an exploit available. Due to its background and reception, this vulnerability has an historic impact. It is recommended to upgrade the affected component.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2023-28461 Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute malicious JavaScript and send crafted requests to interconnected Microsoft applications like Outlook, OneDrive, and Copilot. The exploit leveraged the trust placed in Bing’s root domain (www.bing.com) as an allowed origin across Microsoft’s ecosystem, posing a significant security risk. The Research […]

The post XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Chromium libvpx up to 1.14.0. It has been rated as critical. Affected by this issue is the function vpx_img_alloc. The manipulation of the argument d_w/d_h/align leads to integer overflow. This vulnerability is handled as CVE-2024-5197. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in TianoCore EDK2 up to edk2-stable202405. This affects the function PeCoffLoaderRelocateImage. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-38796. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in GNOME Shell up to 45.7. Affected by this issue is some unknown functionality of the component Portal Helper. The manipulation leads to origin validation error. This vulnerability is handled as CVE-2024-36472. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.1.116/6.6.60/6.11.7. It has been classified as critical. Affected is an unknown function of the component ar0521. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-53081. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.116/6.6.60/6.11.7. It has been declared as problematic. Affected by this vulnerability is the function amd_pmc. The manipulation leads to information exposure through error message. This vulnerability is known as CVE-2024-53072. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Как мошенники рассылают миллионы SMS-сообщений без риска попасться полиции.

ShadowHound is a PowerShell tool designed for mapping Active Directory environments without using known malicious binaries. It utilizes legitimate PowerShell modules for data collection through two methods: ADWS and LDAP.

A vulnerability was found in Inter7 Qmailadmin up to 1.0.5 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument QMAILADMIN_TEMPLATEDIR as part of Environment Variable leads to memory corruption. This vulnerability is handled as CVE-2002-1414. An attack has to be approached locally. Furthermore, there is an exploit available.

Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really like the saying that ‘This is out of scope’ said no hacker ever. Whether it’s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their

We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn’t just about stolen data—it’s about power. Hackers are

网络不是法外之地，一言一行均须遵规守法。对在网络空间违反公序良俗传播低俗信息等违法犯罪行为，公安机关将依法严厉查处。近日，江西省赣州市石城、南康两地公安机关联合网信部门约谈多名网络主播。

今年以来，印度接连发生多起被称为“数字逮捕”的电诈骗局，犯罪分子不仅冒充警察和电信监管机构官员，还伪造“审判现场”，受害者多为印度本国人。这种新型电诈骗局引起印度国内外广泛关注。

AI聊天角色在回答中可能出现色情擦边、暴力对话等情况，主要与“数据来源的混杂性、商业模式的诱导性、监管机制的滞后性”这三大关键因素有关。

11月19日至22日，2024年世界互联网大会乌镇峰会如期举行，本次峰会主题为“拥抱以人为本、智能向善的数字未来——携手构建网络空间命运共同体”。

国家数据局23日发布消息，根据最新印发的《可信数据空间发展行动计划（2024—2028年）》，到2028年，我国将建成100个以上可信数据空间，形成一批数据空间解决方案和最佳实践。

为进一步深化互联网信息服务算法综合治理，中央网信办等四部门自即日起至2025年2月14日开展“清朗·网络平台算法典型问题治理”专项行动。