Aggregator

A vulnerability has been found in FreshDirect 2.7.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6000. The attack can only be done within the local network. There is no exploit available.

The frequency of phishing attacks is rising as attackers increasingly utilize AI to execute more scams than ever before. In this Help Net Security video, Abhilash Garimella, Head Of Research at Bolster, discusses how phishing scams are now being hosted in the U.S. at nearly twice the rate compared to 2023, and this trend is only accelerating. Bolster’s researchers identified packages of voter data stolen over the past decade, available for sale on the dark … More →

The post Phishing in focus: Disinformation, election and identity fraud appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in Telenavsoftware autonavi 4.6.1. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-5999. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in Apple macOS up to 10.13.1. This issue affects some unknown processing of the component tcpdump. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-13044. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in SkyDrive Assistant 2.1. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-5998. Access to the local network is required for this attack to succeed. There is no exploit available.

快速浏览！2024.9.2-9.8安全动态周回顾。

Voldemort 是一个基于 C 的后门，支持各种命令和文件管理操作，包括渗透、将新的有效载荷引入系统以及文件删除。

该公约要求签署国对人AI产生的任何有害和歧视性结果负责，并要求AI侵权的受害者拥有法律追索权。

UDP反射放大攻击主要利用了UDP协议的特性。攻击者会向互联网上大量的开放UDP服务的服务器发送伪造的请求数据包。

WPMU DEVが提供するWordPress用プラグインForminatorには、クロスサイトスクリプティングの脆弱性が存在します。

Amidst global economic and geopolitical uncertainty, markets are jittery, companies are spending frugally, and investors remain cautious, according to IANS Research and Artico Search. Security budgets are also affected by these realities with most budgets remaining flat or increasing modestly. “As organizations confront an evolving threat landscape, the slight uptick in cybersecurity budgets this year reflects a careful balancing act,” said Nick Kakolowski, Sr. Research Director at IANS. “While we see modest increases, it’s clear … More →

The post End of an era: Security budget growth slows down appeared first on Help Net Security.

株式会社アイスタイルが提供するスマートフォンアプリ「@cosme(アットコスメ)化粧品・コスメランキング&お買物」には、アクセス制限不備の脆弱性が存在します。

Backdoor.Win32.PoisonIvy.ymw / Insecure Credential StorageDiscovery / credits: Malvuln (John Page

Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command ExecutionDiscovery / cr

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com

# Exploit Title: FortiSiem 7.1.3 Stored XSS# Google Dork: N/A# Date: 06.09.2024# Exploit Author:

Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH)Discovery / credits: Malvuln (John Pa

OKI Printer Default Login Credential Scanner### This module requires Metasploit: https://metasplo

Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1Cre