Aggregator

Threat actors are exploiting a post-authentication remote command injection vulnerability in

hello, i know that i'm not exactly in the right place in this subreddit, but unfortunately

Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. [...]

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Sun Avoidance’ appeared first on Security Boulevard.

via the c

Cariad, VW Group’s software arm, made this classic error.

The post VW Cars Leak Private Data of 800,000 — ‘Volksdaten’ appeared first on Security Boulevard.

Cariad, VW Group’s software arm, made this classic  error.Personal data from hundreds of thousan

A vulnerability was found in Veritas Data Insight up to 7.1.0. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-46542. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in pglombardo PasswordPusher up to 1.50.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to session fixiation. This vulnerability is handled as CVE-2024-56733. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in better-auth up to 1.1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Email Verification Handler. The manipulation of the argument callbackURL leads to open redirect. This vulnerability is known as CVE-2024-56734. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in tltneon lgsl up to 6.2.1. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument Referer leads to cross site scripting. This vulnerability is traded as CVE-2024-56517. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in RockChinQ free-one-api up to 1.0.1. This issue affects some unknown processing. The manipulation leads to use of weak hash. The identification of this vulnerability is CVE-2024-56516. The attack may be initiated remotely. There is no exploit available.

Его труды помогают исследовать космос и орбиты спутников.

Researchers observed a recent surge in activity from the “FICORA” and “CAPSAICIN,” both variants of Mirai and Kaiten, respectively, which exploit known vulnerabilities in D-Link routers, including those with outdated firmware like DIR-645, DIR-806, GO-RT-AC750, and DIR-845L.  Attackers leverage the HNAP protocol to execute malicious commands remotely on vulnerable devices, which, despite being known for […]

The post New Botnet Exploiting D-Link Routers To Gain Control Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The watering hole attack leverages a compromised website to deliver malware. When a user visits the infected site, their system downloads an LZH archive containing an LNK file, where executing this LNK file triggers a malware infection. An infected website utilizes JavaScript to stealthily download malware onto user systems when specific accounts with Basic authentication […]

The post Hackers Weaponize Websites With LNK File To Deliver Weaponized LZH File appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.