Aggregator

A 7-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.

Новые данные об интеллекте и сенсорных способностях древних хищников.

Новые эксперименты могут изменить наше понимание фундаментальных законов природы.

A vulnerability, which was classified as problematic, was found in Pligg CMS 2.0.2. This affects an unknown part of the file /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-42619. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Microsoft Azure Managed Instance for Apache Cassandra. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-38175. The attack may be launched remotely. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

Authors/Presenters:Sen Deng, Mengyuan Li, Yining Tang, Shuai Wang, Shoumeng Yan, Yinqian Zhang

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – CipherH: Automated Detection of Ciphertext Side-channel Vulnerabilities in Cryptographic Implementations appeared first on Security Boulevard.

The 2024 US election has, in the last few weeks, become the most interesting one I can recall. I’m

Home » Security Bloggers Network » USENIX Security ’23 – CipherH: Automated Detection of Cipherte

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis firm Chainalysis revealed that while overall on-chain illicit activity has decreased by nearly 20% year-to-date, stolen funds and ransomware significantly increased. Stolen funds inflows almost doubled, rising from $857 million to $1.58 billion, and ransomware […]

Ransomware payments rose from $449.1 million to $459.8 millionBlockchain analysis firm Chainal

error code: 1106

Microsoft has launched a new unified Teams application that allows Windows and Mac users to switch between personal, work, and education accounts without installing multiple apps. [...]

A Kentucky man who hacked into a state registry and faked his own death to avoid paying child suppo

A vulnerability classified as problematic was found in Pligg CMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file /admin/domain_management.php?whitelist_add. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-42612. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-8023. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #390087 / VDB-275292

A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The identification of this vulnerability is CVE-2024-8022. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #390127 / VDB-26313

Submit #389978 / VDB-26313

A vulnerability was found in Grafana and Grafana Enterprise up to 11.1.0/11.1.2. It has been declared as problematic. This vulnerability affects unknown code of the file plugin.json. The manipulation of the argument ReqActions leads to incorrect privilege assignment. This vulnerability was named CVE-2024-6322. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.