Aggregator

Transfer of German Man's IP Address Wins Him 400 Euros
European privacy regulation - bane of American technology companies and a favorite cudgel of activists - came to haunt no less an organization than the European Commission, which must pay 400 euros to aggrieved German national Thomas Bindl, peeved that Facebook obtained his IP address.

US Senate Unlikely to Ratify Contentious Cybercrime Treaty Amid Mounting Concerns
Experts tell Information Security Media Group that a controversial United Nations cybercrime convention is unlikely to be ratified in the U.S. Senate due to mounting concerns from technology, human rights and privacy advocates over its potential impact on internet security and privacy protections.

Suspected Chinese Attackers Again Tied to Active Exploitation of VPN Appliances
VPN appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Experts are warning users to immediately update their devices, after factory resetting them to flush any malware attackers may have installed.

This article was researched and written by Stefan Dasic, manager, research and response for Thr

January 09, 2025 2 Minute Read

Both JWT (JSON Web Token) and PASETO (Platform-Agnostic Security Tokens) are technologies used to ge

A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command injection. This vulnerability is handled as CVE-2025-0328. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-13211. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-13212. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password recovery. The identification of this vulnerability is CVE-2025-0331. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Microsoft Azure AI Search. Affected by this vulnerability is an unknown functionality. The manipulation leads to hard-coded credentials. This vulnerability is known as CVE-2024-29063. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Hyper-V. The manipulation leads to improper handling of length parameter inconsistency. This vulnerability is handled as CVE-2024-29064. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-13200. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. This vulnerability is uniquely identified as CVE-2024-13206. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 17.5.0/17.6.0/17.7.0. This issue affects some unknown processing of the component API Request Handler. The manipulation leads to file and directory information exposure. The identification of this vulnerability is CVE-2025-0194. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Winston-Salem, North Carolina, residents are not able to pay their utility bills online after a pos

Are you looking to enhance your government organization’s critical security systems? The Biden-H

The Biden-Harris Administration’s Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act (IIJA), allows organizations to receive government grant money for improved cybersecurity.

The post Leveraging Government Grants to Enhance Critical Security Systems appeared first on Security Boulevard.

Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-s