Aggregator

2023年至2024年间，我国经济总体上逐步显现出复苏迹象，并开始释放向上增长的潜力。在此背景下，网络安全产业也经历了经济环境的深刻影响，不仅实现了阶段性的稳定发展，也展现出较强的韧性与适应能力，为未

A vulnerability was found in Peercast 0.1218 and classified as critical. This issue affects the function http::getauthuserpass. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2008-2040. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabWiki up to 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit.php. The manipulation of the argument userfile as part of Parameter leads to unrestricted upload. This vulnerability is known as CVE-2011-4334. The attack can be launched remotely. Furthermore, there is an exploit available.

In this Help Net Security interview, Gavin Reid, CISO at HUMAN Security, talks about the latest cybersecurity threats and how attackers are becoming more sophisticated. He explains the difficulties organizations encounter in detecting fraud and malicious bots while keeping the user experience intact. Reid also offers advice for CISOs on how to strike a balance between security and business innovation.

The post How CISOs can make smarter risk decisions appeared first on Help Net Security.

About 75% of healthcare sector entities that suffered a ransomware attack over the past year were targeted on a weekend or holiday, highlighting the need for organizations to bolster staffing and related strategies during these vulnerable times, said Jeff Wichman of security firm Semperis.

A vulnerability was found in Mozilla Firefox and Thunderbird. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to uninitialized pointer. This vulnerability was named CVE-2014-1564. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Fedora Koji. This affects an unknown part of the component HTML Tag Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2024-9427. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in skupper. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2024-12582. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in SiliSoftware backupDB 1.2.7a. It has been declared as problematic. Affected by this vulnerability is the function backupDB of the file backupDB.php. The manipulation of the argument onlyDB leads to cross site scripting. This vulnerability is known as CVE-2012-2911. The attack can be launched remotely. Furthermore, there is an exploit available.

Application Security DevOps engineer Twixor | India | On-site – View job details As an Application Security DevOps engineer, you will Implement and oversee application security measures to protect company’s software and infrastructure. Conduct regular security assessments and vulnerability testing. Develop and maintain secure coding practices and standards. Design, implement, and maintain secure CI/CD pipelines. Perform threat modeling and risk assessments. Application Security Engineer Webster Bank | USA | On-site – View job details As … More →

The post Cybersecurity jobs available right now: December 24, 2024 appeared first on Help Net Security.

A vulnerability, which was classified as critical, has been found in PostgreSQL up to 13.0. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is handled as CVE-2020-25695. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PostgreSQL and classified as critical. Affected by this vulnerability is an unknown functionality of the component Execute Permission Handler. The manipulation leads to sql injection. This vulnerability is known as CVE-2019-10208. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in PostgreSQL and classified as critical. This vulnerability affects unknown code of the component Non-Temporary Object Handler. The manipulation leads to sql injection. This vulnerability was named CVE-2022-1552. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PostgreSQL up to 16.0 and classified as very critical. This vulnerability affects unknown code of the component Array Modification Handler. The manipulation leads to integer overflow. This vulnerability was named CVE-2023-5869. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in zziplibv 0.13.77. It has been classified as critical. Affected is the function __zzip_fetch_disk_trailer of the file /zzip/zip.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-39134. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.6. Affected is the function gem_context_register of the component drm. The manipulation leads to use after free. This vulnerability is traded as CVE-2023-52913. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Tianocore EDK II. Affected by this issue is some unknown functionality of the component BIOS Firmware. The manipulation leads to denial of service. This vulnerability is handled as CVE-2021-38576. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in Mozilla Firefox. This affects an unknown part. The manipulation of the argument path leads to improper input validation. This vulnerability is uniquely identified as CVE-2007-1362. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple Mac OS X up to 10.11.4. This affects an unknown part of the component Disk Images. The manipulation leads to race condition (Memory). This vulnerability is uniquely identified as CVE-2016-1807. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.