Aggregator

via the c

О том, как технологии могут стать новыми хозяевами мира.

An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.

The Commerce Department on Tuesday announced a new rule that will bar certain Chinese and Russian c

There was a shady "job" I did a few days ago which led me to lose money because of a techn

Почему разработчики решили отозвать проблемный модуль памяти ROX.

So I'm not a professional, I'm actually an accountant, but I think I know enough about wha

The post Sanitizing Unstructured Data In Motion—and Why It’s Important appeared first on Votiro.

The post Sanitizing Unstructured Data In Motion—and Why It’s Important appeared first on Security Boulevard.

A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms. [...]

Оказывается, квантовую запутанность можно исследовать совсем иначе.

Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that has been exploited as a zero-day by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share any attack-related information except indicators of compromise (IoCs): IP addresses, log entries, created users, and a list of operations performed by the threat actor. Some of those IoCs overlap with those shared … More →

The post Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) appeared first on Help Net Security.

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The identification of this vulnerability is CVE-2022-2488. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Linux Kernel up to 4.14.255/4.19.217/5.4.161/5.10.81/5.15.4. Affected by this vulnerability is an unknown functionality of the component i40e. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2021-47184. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.81/5.15.4. It has been classified as problematic. Affected is the function resp_readcap16 of the component scsi_debug. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2021-47191. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.15.4. This issue affects the function flow_put. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2021-47199. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.148/6.1.78/6.6.17/6.7.5. It has been classified as critical. This affects the function iio_device_register_sysfs_group. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2023-52643. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.5 and classified as critical. This issue affects the function irtoy_tx of the component ir_toy. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-26829. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.