Aggregator

A vulnerability has been found in Pantera CMS 401.152/402.072 and classified as critical. Affected by this vulnerability is an unknown functionality of the component User Profile Management. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-40531. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in AMD 3rd Gen EPYC Processors, 4th Gen EPYC Processors, EPYC Embedded 7003 and EPYC Embedded 9003. Affected is an unknown function of the component SEV-SNP. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2024-21978. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Pantera CRM 401.152/402.072. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to permission issues. The identification of this vulnerability is CVE-2024-40530. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in AMD 3rd Gen EPYC Processors, 4th Gen EPYC Processors, EPYC Embedded 7003 and EPYC Embedded 9003. This vulnerability affects unknown code of the component SNP Firmware. The manipulation leads to memory corruption. This vulnerability was named CVE-2023-31355. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in AMD 3rd Gen EPYC Processors, 4th Gen EPYC Processors, EPYC Embedded 7003 and EPYC Embedded 9003. This affects an unknown part of the component SNP Firmware. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-21980. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. [...]

Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions through 18.12.14, version 18.12.15 addressed the flaw. “Unauthenticated […]

New report warns of escalating hardware supply chain attacks, with 19% of organizations impacted and nearly all IT leaders expecting nation-state involvement

Как фишинговые письма на иврите маскируются под известные СМИ.

For You Plague: U.S. Justice Dept. and Federal Trade Commission file lawsuit, alleging TikTok broke the COPPA law, plus a previous injunction.

The post TikTok Abuses Kids, say DoJ and FTC appeared first on Security Boulevard.

LAS VEGAS — Humans, unsurprisingly, remain the weak link in cybersecurity.

Related: Digital identity best practices

We’re gullible – and we can’t get away from relying on usernames and passwords.

Steady advances in software and hardware mechanisms to secure identities … (more…)

The post Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring first appeared on The Last Watchdog.

The post Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring appeared first on Security Boulevard.

Организатор крупнейшей аферы с техподдержкой за решеткой.

National Public Data, a background check company that collects sensitive personal information, is facing a class-action legal complaint for allowing the data from 2.9 billion people to be stolen in a breach and later sold on the dark web for millions of dollars.

The post National Public Data Sued for Hack that Exposed Data of 2.9 Billion People appeared first on Security Boulevard.

Обезьяны из зоопарка Пейнтон проверили известную теорему на практике.

Cybersecurity startup Knostic, a finalist in this year's Black Hat USA Startup Spotlight competition, adds guardrails to how AI uses enterprise data to ensure sensitive data doesn't get leaked.

Cybersecurity startup LeakSignal, a finalist in this year's Black Hat USA Startup Spotlight competition, helps organizations see where data is leaking within their environments.

触屏交互设备的安全风险 by 洞源实验室

更多最新文章，请访问SecWiki