Aggregator

A vulnerability classified as problematic has been found in MT Safeline X-Ray X3310 NXG 19.05. This affects an unknown part of the component Webserver. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2023-25200. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WP-FeedStats wpb-show-core Plugin up to 2.5 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1292. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Huawei HarmonyOS and EMUI. Affected by this vulnerability is an unknown functionality of the component App Pre-Loading. The manipulation leads to improper authentication. This vulnerability is known as CVE-2023-52541. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in JGraphT Core 1.5.2. It has been declared as problematic. Affected by this vulnerability is the function org.jgrapht.alg.util.ToleranceDoubleComparator::compare. The manipulation leads to incorrect comparison. This vulnerability is known as CVE-2024-23079. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Savignano SNotify up to 2.0.0. This affects an unknown part of the component User Profile Page. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-23734. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel Plugin up to 2.2.75 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the component Ajax Action Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-0881. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Automattic WooCommerce Plugin up to 8.5 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-1310. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A Threat Actor Allegedly Has Leaked Data of Waffle Factory

​TideInspire(潮启)是由新潮信息Tide安全团队自研推出的一款移动端安全管控平台。通过利用该平台获取的数据，进而对山东省移动应用数量、恶意仿冒应用分布情况，安全漏洞数量等九个方面进行总结与展示。

dbsector has Allegedly Leaked the Data of EMBASE Pro Suit

今天分享一个之前知识星球小伙伴的提问，一定还有不少同学有相同的思考，发出来供大家学习讨论。问：干了半年的渗透测试，现在有点迷茫 希望大佬们能传授点学习经验~ 各位大佬们好，我从入行到现在大概有 8 个

Deal to Drive Application Security, Attack Surface Management Fusion for Detectify
With Insight Partners as majority owner, Detectify plans to combine application security and attack surface management capabilities. Insight's purchase supports a renewed focus on R&D and engagement with application security professionals in the U.S. and Northern Europe, Detectify’s core markets.

Also: Truth Terminal Founder Social Media Hack Inflates Fraudulent Token
This week, a Truth Terminal founder hack, U.S. recovered stolen crypto, TeamTNT resurfaced, former FTX exec Nishad Singh avoided prison, a possible SEC's X account hacker plea deal, Tether reported to be under investigation, trends in digital assets enforcement and pending Dutch crypto legislation.

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]

The post Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network appeared first on Microsoft Security Blog.

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!

Permalink

The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #311 – Come to the Office appeared first on Security Boulevard.

Chinese APTs lurked in Canadian government networks for five years — and that's just one among a whole host of threats from Chinese bad actors.

A vulnerability classified as problematic was found in SourceCodester Online Diagnostic Lab Management System 1.0. Affected by this vulnerability is an unknown functionality of the file diagnostic/add-test.php. The manipulation of the argument Test Name leads to cross site scripting. This vulnerability is known as CVE-2024-51430. The attack can be launched remotely. There is no exploit available.

Почему квантовый компьютер проиграл классическому в собственной игре?

​Microsoft is investigating a new Windows 11 issue that causes the Task Manager to say there are zero running apps and background processes. [...]