Aggregator

A vulnerability was found in Alain Barbet Filesys Smbclientparser up to 2.6. It has been rated as very critical. This issue affects the function filesys::smbclientparser of the component SMB Server. The manipulation leads to code injection. The identification of this vulnerability is CVE-2008-3285. The attack may be initiated remotely. Furthermore, there is an exploit available.

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week. The

A vulnerability classified as problematic was found in Oracle Secure Global Desktop 5.4. Affected by this vulnerability is an unknown functionality of the component Application Server. The manipulation leads to open redirect. This vulnerability is known as CVE-2018-11784. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Событие уже называют поворотным моментом для разработчиков и пользователей.

A vulnerability was found in Nicholas Berry CANDID. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument image_id leads to cross site scripting. This vulnerability is handled as CVE-2010-4978. The attack may be launched remotely. Furthermore, there is an exploit available.

2024年，多达768个带有CVE标识的漏洞被报告为在野外被利用，较2023年的639个CVE增长了20%。VulnCheck将2024年描述为“威胁行为者针对漏洞利用的又一个丰收年”，并指出23.6%的已知被利用漏洞（KEV）在其CVE公开披露当天或之前就被武器化。 这一比例较2023年的26.8%略有下降，表明漏洞利用尝试可能在漏洞生命周期的任何时间发生。VulnCheck的Patrick

A vulnerability was found in Sun SDKJDK and JRE up to 6u10. It has been classified as very critical. Affected is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2008-5353. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Изощренная схема обмана на сайте Casio озадачила ИБ-специалистов.

US Sen. Ron Wyden warns of national security risks after Elon Musk ’s DOGE was given full access to sensitive Treasury systems. Sen. Ron Wyden warned of national security risks after Elon Musk ’s team, Department of Government Efficiency (DOGE), was granted full access to a sensitive U.S. Treasury payments system. Sen. Ron Wyden stated […]

A vulnerability, which was classified as critical, was found in OpenEMR 4.1.0. Affected is an unknown function. The manipulation of the argument file leads to improper input validation. This vulnerability is traded as CVE-2012-0992. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Почему хакеры пропадают с радаров быстрее, чем их успевают вычислить?

More needs to be done to prevent the cycle of burnout and churn which affects leaders, their teams and the overall security of the organization.

The post Under Pressure: Why Companies Must Mitigate the Churn of Cybersecurity Leaders   appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in OpenEMR 4.1.0. This issue affects some unknown processing. The manipulation of the argument formname leads to path traversal. The identification of this vulnerability is CVE-2012-0991. The attack may be initiated remotely. Furthermore, there is an exploit available.

Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important. In this

Вредоносные пакеты были загружены в главный репозиторий Python.

In the ever-evolving landscape of cybercrime, bulk SMS platforms like Devil-Traff have emerged as powerful tools for phishing campaigns, exploiting trust and compromising security on a massive scale. Employees in organizations today face an increasing volume of communications emails, instant messages, and ticket updates, providing fertile ground for phishing scams to blend seamlessly into routine […]

The post Devil-Traff: Emerging Malicious SMS Platform Powering Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Adobe Photoshop CC. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-0953. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Экономия на безопасности обернулась катастрофой для компании и ее партнеров.

The Indonesian hacker group “INDOHAXSEC” has allegedly breached the National Tuberculosis Registry (NTBR) of Malaysia, managed by the Ministry of Health. The group announced their claim via a post on a hacking forum, stirring fears over the safety of sensitive health data in the country. The cyberattack came to light after INDOHAXSEC boasted about the […]

The post INDOHAXSEC Hacker Group Allegedly Breaches Malaysia’s National Tuberculosis Registry appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.