Aggregator

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability, which was classified as critical, was found in Adobe Acrobat Reader up to 11.0.15/15.006. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2016-1083. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Editor’s note: The current article was originally published on August 16, 2022, and updated on October 21, 2024. Malware analysis is a challenge as it is. But after your hard work on cracking a new sample, it is important to present all your results to the company and colleagues. And today, we will talk about how […]

The post Malware Analysis Report in One Click appeared first on ANY.RUN's Cybersecurity Blog.

Кто организовал атаку и почему выбрал целью правительственные порталы?

A vulnerability classified as critical has been found in MariaDB 10.5. This affects the function sys_exec. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2023-39593. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in MariaDB 10.5 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2023-26785. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in MariaDB 11.1. It has been declared as critical. This vulnerability affects unknown code in the library lib_mysqludf_sys.so. The manipulation leads to code injection. This vulnerability was named CVE-2024-27766. The attack can be initiated remotely. There is no exploit available.

作者：知道创宇404实验室 时间：2024年10月21日 1 摘要 本文基于推特社交平台上一则C2的IP地址及其相关文件信息，以此作为线索，使用ZoomEye网络空间搜索引擎 [1] 进行C2资产拓线，发现更多属于该黑客组织的C2网络资产；并针对这些C2服务器上的木马程序进行分析，获取黑客组织的惯用攻击手法和独有特征。 2 概述 2024年9月8日，推特社交平台上有一位安全研究员发布了一则C...

A 43-year-old Italian-Australian man, one of the FBI’s most wanted hackers, was apprehended at Milan’s Malpensa Airport after evading capture for over three years. The arrest, carried out by Milan State Police officers, marks a significant victory in the global fight against cybercrime. The suspect, whose identity remains undisclosed, is alleged to be a key […]

The post FBI’s Most Wanted Hacker Arrested in Malpensa appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Timecop WMCube GDK 0.98. It has been classified as critical. Affected is an unknown function of the file wmcube-gdk of the component Object Description File Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2001-1201. It is possible to launch the attack on the local host. There is no exploit available.

Цель — изменить подход к термоядерной энергетике и лечению опухолей.

A vulnerability was found in ELECOM WAB-I1750-PS and WAB-S1167-PS up to 1.5.10 and classified as critical. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-43689. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in TS Poll Plugin up to 2.3.x on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-8625. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Wellchoose Administrative Management System. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-10202. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Wellchoose Administrative Management System. This issue affects some unknown processing. The manipulation leads to relative path traversal. The identification of this vulnerability is CVE-2024-10200. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Sangoma Asterisk and Certified Asterisk. This affects the function action_getconfig/action_getconfigJson of the file manager.c. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-49215. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in Wellchoose Administrative Management System. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-10201. The attack can be initiated remotely. There is no exploit available.

TikTok 母公司字节跳动证实以恶意干扰 AI 模型训练为由解雇了一名实习生，但否认该实习生破坏了数千张卡造成了数千万元的损失。字节跳动的豆包 AI 聊天机器人是中国最受欢迎的 AI 聊天机器人之一。字节跳动在声明中称，涉事实习生恶意干扰商业化技术团队研究项目的模型训练任务，但并不影响商业化的正式项目及线上业务，也不涉及字节跳动大模型等其他业务。涉事人一直在商业化技术团队实习，并没有 AI Lab 实习经历。该实习生已在 8 月被公司辞退。公司也将其行为同步给行业联盟和所在学校，交由校方处理。

A vulnerability, which was classified as critical, has been found in Adobe Acrobat Reader up to 11.0.15/15.006. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-1082. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.