Aggregator

近日，湖北省“HW2024”网络攻防实战演习在武汉圆满落下帷幕。经过为期五天的激烈比拼，默安科技攻击队凭借总分第一的成绩，在23支参赛队伍中脱颖而出，荣获“攻击方一等奖”。同时，默安科技还凭借卓越的防

A vulnerability has been found in Rob Flynn Gaim 0.57 and classified as problematic. This vulnerability affects unknown code of the file /tmp of the component Temp File Handler. The manipulation leads to improper privilege management. This vulnerability was named CVE-2002-0377. Local access is required to approach this attack. There is no exploit available.

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an eff

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士安全研究员发现大量可疑包被发布在注册表中，收割以太坊密钥并通过SSH协议来获得对设备的远程访问权限。Phylum 公司的研究人员在上周发布的分析报告

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士距离美国国会要求由网络安全专家组成的团队重新思考美国的数字化安全方法已过去六年，基本上该团队提出的所有提案均已执行。不过有一个例外为政策制定者和提倡

A vulnerability was found in Oracle Outside In Technology 8.5.4/8.5.5 and classified as very critical. This issue affects some unknown processing of the component Installation. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2016-10328. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Segugio Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extracting the malware’s final stage configuration. Segugio was created to address the need for...

The post Segugio: Tracking Malware from Click to Configuration appeared first on Penetration Testing Tools.

2024年10月14日-2024年10月20日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞272个，其中高危漏洞1

漏洞名称：VMware vCenter Server堆溢出漏洞(CVE-2024-38812)组件名称：VMware-vCenter影响范围：VMware vCenter Server 8.0 < 8

September2024年9月奖励公告2024年9月共有25位白帽师傅来到OSRC挖出有效漏洞具体名单如下：注：根据OSRC漏洞奖励规定，每月奖励将通过“UP小帮手”平台发放，也可在OSRC官网商城

引言如今，AIGC、大模型等技术正在与更多场景深度融合，以数据构建关键要素，重塑数字生产力的当下，数据和隐私安全也更受到行业和用户的关注。10 月 17 日，2024 年 OPPO 开发者大会（简称“

msldap LDAP library for auditing MS AD   Feature Comes with a built-in console LDAP client All parameters can be controlled via a convenient URL Supports integrated windows authentication (SSPI) both with NTLM and...

The post msldap: LDAP library for auditing MS AD appeared first on Penetration Testing Tools.

A vulnerability was found in SGI IRIX up to 6.5.16 and classified as very critical. This issue affects some unknown processing of the file xfsmd of the component XFS File System. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2002-0359. The attack may be initiated remotely. There is no exploit available.

sn0int sn0int is an OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. It is an enumerating attack...

The post sn0int: OSINT framework and package manager appeared first on Penetration Testing Tools.

Digital Echo Chambers and Erosion of Trust – Key Threats to the US ElectionsResecurity reports

A vulnerability classified as critical was found in Linux Kernel up to 6.11.2. Affected by this vulnerability is the function memfd_pin_folios of the component HugeTLB Page Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-49872. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.11.1. This issue affects the function spin_unlock_irqrestore. The manipulation leads to improper locking. The identification of this vulnerability is CVE-2024-47735. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.11.1. Affected is the function lpfc_sli4_request_firmware_update of the component firmware_loader. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-47742. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.53/6.10.12/6.11.1. This affects the function get_rpi of the component powercap. The manipulation leads to off-by-one. This vulnerability is uniquely identified as CVE-2024-49862. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.53/6.10.12/6.11.1 and classified as problematic. Affected by this vulnerability is the function check_func_arg of the component bpf. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2024-49861. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.