Aggregator

A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection. The identification of this vulnerability is CVE-2024-10998. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. This vulnerability is traded as CVE-2024-10999. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel up to 6.7.3 and classified as critical. Affected by this issue is the function amdgpu_mca_smu_get_mca_entry. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-26672. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.16/6.7.4 and classified as critical. This vulnerability affects the function dcn21_set_backlight_level of the component Display. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-26662. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.148/6.1.77/6.6.16/6.7.4. It has been rated as critical. Affected by this issue is the function stream_enc_regs of the component Stream Encoder Creation. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-26660. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

K-Hunt++（同时引用数加一）

备注：非完整组织架构

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple products, including FortiAnalyzer, FortiClient, FortiManager, and FortiOS. These vulnerabilities could allow attackers to perform unauthorized operations, escalate privileges, or hijack user sessions. Below are detailed descriptions of the key vulnerabilities, their impact, and the recommended fixes. 1. Read-Only Users Could Run […]

The post Fortinet Patches Critical Flaws That Affected Multiple Products appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Fortinet FortiClientWindows up to 6.4.10/7.0.12/7.2.4/7.4.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Named Pipe Message Handler. The manipulation leads to authentication bypass using alternate channel. This vulnerability is handled as CVE-2024-47574. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Почему итальянские шпионские программы многие годы избегают санкций США?

Windows 用户报告，微软释出的最新 Edge 更新会再次尝试自动导入 Chrome 数据。Edge 在开机之后会自动启动，弹出“加强浏览体验”的提示，默认勾选“从其它浏览器导入数据”的选项，点击确认的按钮非常大，而关闭按钮则非常小。如果用户点击确认，那么如果用户将 Chrome 设为默认浏览器，Edge 会自动导入 Chrome 数据并同步标签页。微软此举主要针对安装了 Chrome 浏览器的 Windows 用户。

Updated November 15, 2024

Palo Alto Networks (PAN) has updated their informational bulletin, noting they "observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet."

CISA continues to urge users and administrators to review the following for more information, follow PAN’s guidance for hardening network devices, review PAN’s instruction for accessing organization’s scan results for internet-facing management interfaces, and take immediate action if required:

• PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management Interface is Secured
• Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device

End of Update

Palo Alto Networks (PAN) has released an important informational bulletin on securing management interfaces after becoming aware of claims of an unverified remote code execution vulnerability via the PAN-OS management interface.

CISA urges users and administrators to review the following for more information, follow PAN’s guidance for hardening network devices, review PAN’s instruction for accessing organization’s scan results for internet-facing management interfaces, and take immediate action if required:

• PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management Interface is Secured
• Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device

If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver’s license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your

История 22-летнего сотрудника Пентагона, который прошел путь от киберзащитника до предателя.

Rakuten Viber has launched new solutions to further protect communication on the platform. Businesses can now quickly authenticate users to enhance trust and reduce fraud, making interactions more secure. Verification messages provide a secure and seamless way to authenticate clients through one-time passwords (OTPs). With ready-made templates designed to increase conversions, businesses can send encrypted OTPs at lower costs than SMS and at a pre-defined delivery time. When users receive a Viber verification message, they … More →

The post Rakuten Viber unveils new security solutions for businesses appeared first on Help Net Security.

API abuse is increasing at an alarming rate. Read this post to learn the four areas of focus for organizations that are seeking to protect their APIs.

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community websites to deliver Cobalt Strike malware, according to a recent investigation by Recorded Future’s Insikt Group. According to a report from Recorded Future, the investigation revealed that TAG-112 compromised at least two websites belonging to Tibetan organizations: Tibet Post (tibetpost[.]net) and Gyudmed Tantric University (gyudmedtantricuniversity[.]org). […]

The post China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Эксперты предлагают меры для противостояния слежке.