Aggregator

A vulnerability classified as critical has been found in delabon Live Sales Notification for Woocommerce Plugin up to 3.6.1 on WordPress. This affects an unknown part of the component Cookie Handler. The manipulation of the argument woomotiv_seen_products_ leads to sql injection. This vulnerability is uniquely identified as CVE-2024-12416. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in solwininfotech Timeline Designer Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation of the argument s leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11437. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in tobias_conrad Design for Contact Form 7 Style Plugin up to 1.6.9 on WordPress. This issue affects the function do_shortcode of the component Shortcode Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-12419. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in binsaifullah Duplicate Post, Page and Any Custom Post plugin up to 3.5.3 on WordPress. It has been rated as problematic. This issue affects the function dpp_duplicate_as_draft of the component Password Protected Post Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-12538. The attack may be initiated remotely. There is no exploit available.

Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected […]

Moxa router flaws pose serious risks to industrial environmetsM

ProductsFor Enterprises(B2B)

The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident involving compromised BeyondTrust Remote Support SaaS instances. On the same day, BeyondTrust offered an update on the situation: The forensic investigation into the incident is approaching completion, the company said, and noted that no additional affected customers have been identified since the initial cluster of affected instances … More →

The post CISA says Treasury was the only US agency breached via BeyondTrust appeared first on Help Net Security.

如何让非专业人士“听得懂”专业的网络安全术语，是安全负责人的必修课、基本功，采用类比、比喻的讲解恰巧是一种比较实用、有效的表达方式！

如何让非专业人士“听得懂”专业的网络安全术语，是安全负责人的必修课、基本功，采用类比、比喻的讲解恰巧是一种比较实用、有效的表达方式！

如何让非专业人士“听得懂”专业的网络安全术语，是安全负责人的必修课、基本功，采用类比、比喻的讲解恰巧是一种比较实用、有效的表达方式！

如何让非专业人士“听得懂”专业的网络安全术语，是安全负责人的必修课、基本功，采用类比、比喻的讲解恰巧是一种比较实用、有效的表达方式！

如何让非专业人士“听得懂”专业的网络安全术语，是安全负责人的必修课、基本功，采用类比、比喻的讲解恰巧是一种比较实用、有效的表达方式！

在《布莱恩的一生（Monty Python's Life of Brian）》中，反罗马组织的领袖 Reg 愤怒的质问：“罗马人究竟给我们带来了什么？”现场的围观者小心翼翼的回答：水渠、卫生...Reg 不得不修改他的问题：“除了卫生设施、医药、葡萄酒、公共秩序、灌溉、马路、淡水系统和公共卫生之外，罗马人还给我们带来了什么？”根据发表在 PNAS 期刊上的一项研究，还有铅中毒。罗马帝国时期的金属加工业造成的大规模铅污染导致了整个欧洲的居民认知能力出现了下降。铅被广泛用于水管和烹饪锅，被用于保存和增甜葡萄酒。研究人员利用北极钻取的冰芯分析了罗马时代大气中的铅污染水平。冰芯提供了从公元前 500 年到公元 600 年大气中铅含量的时间线。结果显示，罗马帝国崛起后，公元前 15 年左右铅污染水平开始急剧上升，高铅污染水平一直持续到罗马和平(Pax Romana)走向结束。研究人员估计，期间帝国向大气排放了逾 50 万吨的铅。他们随后利用大气模型研究了铅污染在欧洲的扩散，计算了铅在儿童体内的积累，以及铅中毒对他们 IQ 的影响。研究人员发现，罗马帝国鼎盛时期儿童血液中铅含量可能上升了每分升 2.4 微克，IQ 值因此下降 2.5 到 3 点。罗马帝国鼎盛时期人口逾 8000 万，意味着约四分之一世界人口可能遭受铅污染的影响。大气中的铅污染在罗马帝国后出现了下降，在中世纪盛期（High Middle Ages）后又开始上升，工业革命以及含铅汽油的广泛使用又导致了铅污染大幅提升。根据美国疾控中心在 2021 年的数据，随着含铅汽油被禁，1-5 岁儿童血液中的铅含量从 15.2 微克/分升下降到 2016 年的 0.83 微克/分升。

在《布莱恩的一生（Monty Python's Life of Brian）》中，反罗马组织的领袖 Reg 愤怒的质问：“罗马人究竟给我们带来了什么？”现场的围观者小心翼翼的回答：水渠、卫

About Bruce SchneierI am a public-interest technologist, working at the intersection of security,

As cybercriminals turn to AI to orchestrate attacks at scale, there’s a distinct group of companies taking bold steps to fight back against advanced cyber threats—what we call “AI Enthusiasts.” These enterprises have not just embraced AI but are actively deploying it to detect and stop the most sophisticated attacks in real time. The results? […]

The post Three Things AI Enthusiasts Can Teach Your Business About How to Combat the Most Sophisticated Threats appeared first on Security Boulevard.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability
• CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability
• CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.