Aggregator

A vulnerability was found in Microsoft Windows up to Server 2003 and classified as critical. This issue affects some unknown processing of the component LSASS Request Handler. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2003-0533. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

This article highlights key findings and trends in the 2024 IT and cybersecurity skills gap, from the shortage of cybersecurity talent to the rising demand for certifications and upskilling programs, offering insights into the current state of skills development in the tech industry. Most women in IT work overtime to advance in their careers While 32% of respondents already think that men and women are treated equally in the workplace, 31% of women strongly believe … More →

The post The state of cybersecurity and IT talent shortages appeared first on Help Net Security.

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspi

A vulnerability classified as critical was found in phenotype CMS 3.0. Affected by this vulnerability is the function store of the file Gallery/gal_id/1/image1,1.html. The manipulation leads to sql injection. This vulnerability is known as CVE-2011-0407. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Dell Sonicwall Scrutinizer With Flow Analytics Module up to 8.6.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2012-2962. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in osCommerce Online Merchant. This issue affects some unknown processing. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2012-2991. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in F5 BIG-IP 10.0.0/10.2.4/11.0.0/11.2.1. Affected is an unknown function of the file server.php of the component XML Parser. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2012-2997. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Cisco ASA up to 8.6. Affected is an unknown function of the component IPv6 Transit Traffic Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2012-3058. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Solaris 10. This issue affects some unknown processing of the component Management Console. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2012-3112. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Internet Explorer up to 6 and classified as critical. Affected by this issue is some unknown functionality in the library BR549.DLL of the component Cache. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2003-0530. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Internet Explorer up to 6.0 SP1 and classified as critical. Affected by this issue is some unknown functionality of the component Object Tag Handler. The manipulation of the argument data leads to improper privilege management. This vulnerability is handled as CVE-2003-0532. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Internet Explorer up to 6 and classified as critical. Affected by this issue is some unknown functionality of the component Object Data Handler. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2003-0531. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component Distributed Component Object Model Interface. The manipulation of the argument filename leads to memory corruption. This vulnerability is known as CVE-2003-0528. The attack can be launched remotely. There is no exploit available.

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.

图：在菲律宾拉瓦格国际机场部署的美国新型提丰(Typhon)陆基导弹系统。（2024年9月13日）2024年12月23日，菲律宾军方称计划从美国购买“堤丰”中程导弹系统以保护其海上利益。这意味着菲律宾

近日有报道表明，以色列可能在 2024 年 12 月 15 日对叙利亚塔尔图斯的一个武器库进行空袭中使用了一枚小型战术核弹。据报道，欧盟的放射性环境监测检测到爆炸后土耳其和塞浦路斯的辐射水平增加，一些

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. SafeLine: Open-source web application firewall (WAF) SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. Trapster Community: Open-source, low-interaction honeypot Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities. FuzzyAI: … More →

The post Hottest cybersecurity open-source tools of the month: December 2024 appeared first on Help Net Security.