Aggregator

A vulnerability was found in WPOPAL Opal Woo Custom Product Variation Plugin up to 1.1.3 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-52444. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Official Pro Coders nBlocks Plugin up to 1.0.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2024-52450. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Bueno Labs Xpresslane Fast Checkout Plugin up to 1.0.0 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-52440. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mark O'Donnell Team Rosters Plugin up to 4.6 on WordPress. This affects an unknown part. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-52439. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Nerijus Masikonis Geolocator Plugin up to 1.1 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2024-52443. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Modeltheme QRMenu Restaurant QR Menu Lite Plugin up to 1.0.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-52445. The attack may be launched remotely. There is no exploit available.

Бизнес обяжут поддержать образование

A vulnerability classified as critical was found in Rajesh Thanoch Quick Learn Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is an unknown functionality of the component Object Prototype Handler. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-52441. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in WebCodingPlace Ultimate Classified Listings Plugin up to 1.4 on WordPress. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-52448. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Navneil Naicer Bootscraper Plugin up to 2.1.0 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-52449. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Linux Kernel up to 2.4.28/2.6.9. This affects the function ip_options_get. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2004-1335. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Moodle. It has been classified as problematic. This affects an unknown part of the component oauth2. The manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2024-45690. The attack needs to be done within the local network. There is no exploit available.

印度外包巨头 Infosys 联合创始人 Narayama Murthy 重申了他早先的言论：印度需要每周工作 70 小时，周末是一种错误。他再次宣称不相信工作和生活的平衡。他表示会将自己的观点一直带到坟墓里。Murthy 及其有同样想法的人所坚持的观点是：印度是一个贫穷的国家，需要努力提高自己，工作与生活之间的平衡可以等等再说。他称，坦白地说，印度在 1986 年将每周工作六天改为工作五天时他感到失望。Murthy 声称在退休前自己每周工作六天半，每天通常工作 14 小时 10 分钟，早上 6:20 打卡上班，晚上 8:30 下班。

A vulnerability classified as critical has been found in Mitsubishi Electric MELSEC iQ-F FX5-ENET IP. Affected is an unknown function of the component SLMP Packet Handler. The manipulation leads to improper validation of specified type of input. This vulnerability is traded as CVE-2024-8403. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Sirv Plugin up to 7.3.0 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-10855. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in MStore API Plugin up to 4.15.7 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11179. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Yaad Sarig Payment Gateway for WC Plugin up to 2.2.4 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the component Log Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-10665. The attack may be launched remotely. There is no exploit available.

San Francisco, California – Today the U.S. Department of Commerce and U.S. Department of State are co-hosting the inaugural convening of the International Network of AI Safety Institutes, a new global effort to advance the science of AI safety and

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. 

USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. 

This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report. 

For more information about phishing-resistant MFA, visit Phishing-Resistant MFA is Key to Peace of Mind and Implementing Phishing-Resistant MFA. 

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian.

The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024.

BianLian is likely based in Russia, with Russia-based affiliates, and has affected organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors, professional services, and property development.

CISA and partners encourage infrastructure organizations and small- to medium-sized organizations implement mitigations in this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents. These mitigations align with the Cross-Sector Cybersecurity Performance Goals developed by CISA and the National Institute of Standards and Technology.

This advisory is part of CISA’s ongoing #StopRansomware effort.