Aggregator

A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The identification of this vulnerability is CVE-2024-8022. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #390127 / VDB-26313

Submit #389978 / VDB-26313

A vulnerability was found in Grafana and Grafana Enterprise up to 11.1.0/11.1.2. It has been declared as problematic. This vulnerability affects unknown code of the file plugin.json. The manipulation of the argument ReqActions leads to incorrect privilege assignment. This vulnerability was named CVE-2024-6322. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BlackBerry CylanceOPTICS 3.2/3.3 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2024-35214. It is possible to launch the attack on the local host. There is no exploit available.

Submit #389913 / VDB-275291

A vulnerability was found in Apache Helix Front and classified as problematic. Affected by this issue is some unknown functionality of the component express-session. The manipulation leads to use of hard-coded password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-22281. Access to the local network is required for this attack to succeed. There is no exploit available.

Hackers set up malicious banking applications that were nearly identical to legitimate European one

A vulnerability has been found in eScan Management Console 14.0.1400.2281 and classified as critical. Affected by this vulnerability is the function acteScanAVReport. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-42919. Access to the local network is required for this attack. There is no exploit available.

error code: 1106

A vulnerability, which was classified as problematic, was found in discourse-placeholder-theme-component. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43408. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). [...]

error code: 1106

Identities are both the weapons and the targets. Without vigilant protection and strategic oversight, identities can be gateways to your crown jewels.

The post Identity Crisis: Hidden Threats In Digital Infrastructure appeared first on Security Boulevard.

Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. [...]

Experts spotted a previously undetected backdoor, dubbed Msupedge, that was employed in an attack against a university in Taiwan.  Broadcom Symantec researchers discovered a previously undetected backdoor, called Msupedge, that was employed in an attack targeting an unnamed university in Taiwan. The most notable feature of the backdoor is that it relies on DNS tunnelling […]

Previously unseen Msupedge backdoor targeted a university in TaiwanExperts spotted a previousl

Managed Kubernetes is a service offered by cloud providers, such as Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP) that simplifies the deployment, management, and scaling of Kubernetes clusters. These cloud providers each offer their own “flavor” of managed K8s: Microsoft’s Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), and Google Kubernetes Engine (GKE). All of these services provide powerful capabilities that make it easier to deploy Kubernetes. Fairwinds Managed Kubernetes-as-a-Service is a people-led offering that manages the entire underlying Kubernetes platform and all the third-party tooling organizations need to make the most of K8s’ powerful capabilities.

The post What You Get with AKS, EKS, GKE vs. Managed Kubernetes-as-a-Service appeared first on Security Boulevard.

Managed Kubernetes is a service offered by cloud providers, such as Amazon Web Services (AWS), Micr