Aggregator

今年早些时候发生在美国UnitedHealth的勒索软件攻击，堪称医疗保健行业的最重大的网络安全事故之一，同时 […]

Sweet Security Unveils First Unified Detection And Response Platform

A vulnerability classified as critical was found in Victure RX1800 WiFi 6 Router EN_V1.0.0_r12_110933. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/luci/admin of the component Ping Utility. The manipulation leads to command injection. This vulnerability is known as CVE-2024-53940. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Victure RX1800 WiFi 6 Router EN_V1.0.0_r12_110933. Affected is an unknown function of the component Telnet Service. The manipulation leads to use of default credentials. This vulnerability is traded as CVE-2024-53937. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Google Android 7/7.1.1/7.1.2/8/8.1. It has been rated as critical. This issue affects the function handle_app_cur_val_response of the file dtif_rc.cc. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2018-9418. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android up to 8.1. It has been declared as critical. This vulnerability affects the function prop2cfg of the file btif_storage.cc. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2018-9430. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Victure RX1800 WiFi 6 Router EN_V1.0.0_r12_110933. It has been classified as critical. This affects an unknown part of the component Telnet Service. The manipulation leads to empty password in configuration file. This vulnerability is uniquely identified as CVE-2024-53938. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply restrictive firewalling.

CACTER云商城 CACTER云商城是CACATER官方线上商城（链接：mall.cacter.com），作 […]

A vulnerability was found in TP-Link Archer, Deco and Tapo and classified as critical. Affected by this issue is the function tmp_get_sites of the component HomeShield. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-53375. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Victure RX1800 WiFi 6 Router EN_V1.0.0_r12_110933 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Wi-Fi PSK Handler. The manipulation leads to same seed in pseudo-random number generator. This vulnerability is known as CVE-2024-53941. The attack needs to be approached within the local network. There is no exploit available.

Japanese crypto service shuts down after theft of bitcoin worth $308 million

A vulnerability, which was classified as critical, was found in Victure RX1800 WiFi 6 Router EN_V1.0.0_r12_110933. Affected is an unknown function of the file /cgi-bin/luci/admin/opsw/Dual_freq_un_apple. The manipulation of the argument name leads to command injection. This vulnerability is traded as CVE-2024-53939. It is possible to launch the attack remotely. There is no exploit available.

这类似于用 Python 或 Ruby 编写恶意软件，恶意分子必须将 python.exe 或 ruby.exe 与其恶意程序一起发送。

由西安市科技局指导、西安高新区管委会主办、四叶草安全承办的“2024科创西安·SSC网络安全大会”2024年11月29日在西安香格里拉大酒店成功举办。

A vulnerability has been found in AWCM AR Web Content Manager 2.2 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Web Content Manager. The manipulation leads to path traversal. This vulnerability was named CVE-2011-0903. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle MySQL Server up to 5.5.38/5.6.19. It has been classified as problematic. Affected is an unknown function of the component Messages. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2012-5615. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

印度与 30 家学术期刊出版商达成了价值 7.15 亿美元的里程碑协议，在全国范围内提供近 1.3 万份期刊的免费访问。被称为 One Nation One Subscription 的协议于 2025 年 1 月生效，将有 1800 万名学生和研究人员从中受益。在印度 6300 家政府资助的研究机构和大学中，只有约 2300 家订阅了 8000 种期刊。新的协议将让缺乏资金订阅大量期刊的大学受益。大学也可以花费自己的资金订阅协议未涵盖的期刊。7.15 亿美元中的一部分被用于支付开放获取期刊的论文发表费用，这些开放获取期刊发表的论文全世界都可以免费访问。

The Dai Lo Announces Acquisition Of Fractal Network

Ошибки дают злоумышленникам полный доступ к SCADA-системам.

攻击者可以通过操控特定的API调用，注入恶意SQL代码，从而获得未授权的访问和控制权限。