Aggregator

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. This vulnerability was named CVE-2024-9514. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. This vulnerability was named CVE-2024-9532. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The identification of this vulnerability is CVE-2024-9533. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. This vulnerability is traded as CVE-2024-9534. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. This vulnerability is known as CVE-2024-9535. The attack can be launched remotely. Furthermore, there is an exploit available.

图片来源：Cybernews 据悉，尼日利亚的金融科技公司BestFin Nigeria泄露了近846000名客户及其紧急联系人的信息数据，甚至包括私人通信。 在一些国家，贷款应用程序几乎能够收集到客户的各种信息。2024年7月2日，Cybernews调研团队发现了一个隶属于BestFin Nigeria Limited的开放数据库，该数据库正是背靠iCredit应用程序获取信息。调研人员对其数据收集程度感到惊讶，因为这个数据箱容量超过300GB，包含846,000名客户的敏感个人数据，且开放共享。 该服务收集了以下数据： 个人数据，包括姓名、性别、电话号码、电子邮件地址、家庭住址、出生日期、工资范围和婚姻状况 紧急联系人 用户设备上安装的应用程序列表 保存在他们手机上的联系人列表 设备标识符，如IMEI、模型和IP地址 用户发送和接收的任何短信，包括与付款无关的个人消息、一次性密码以及金融和非金融账户的临时密码 银行验证号码（BVN）验证日志 Cybernews调研团队表示：“虽然BestFin是尼日利亚经批准的贷款人，但其贷款回收和筛选做法明确违反了尼日利亚的数据隐私条例。该条例禁止程序访问用户联系人列表和私人消息历史。因为如果掌握了这些信息，攻击者就可以访问在线帐户或窃取受害者的身份和资金。” 而这却是尼日利亚国内的常见做法。尼日利亚政府意识到了这个问题，并承诺在2024年通过新的立法进一步解决此情况。 图片来源：Cybernews 在此虽只解读了这一起案例，但数字贷款应用程序所带来的客户信息泄漏却是毋庸置疑的。 研究人员表示：“公司声称他们收集敏感的用户数据，是为了评估贷款资格并遏制欺诈行为。而现实却是，公司的做法恰好为网络犯罪分子打开了非法滥用和金融剥削的大门。” 图片来源：Cybernews iCredit应用程序的用户逐渐意识到了他们的数据发生了泄露，作为预防，需要警惕网络钓鱼诈骗、可疑消息、电话和试图访问其帐户的一切行为。 7月4日，Cybernews调研团队披露了MongoDB数据库暴露的问题。经过多次后续尝试，该数据库最终得到保护，从8月26日起不能再被公开访问。 Cybernews调研团队已联系BestFin Nigeria征求意见，但尚未收到回复。     消息来源：Cybernews，译者：XX；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

North Korean hackers posing as job recruiters are using updated strains of malware to steal victim

A vulnerability, which was classified as problematic, has been found in GNU C Library up to 2.1.3-15. This issue affects some unknown processing in the library /etc/ld.so.cache. The manipulation of the argument LD_PRELOAD as part of Environment Variable leads to improper privilege management. The identification of this vulnerability is CVE-2001-0169. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development ensures compliance and enhances efficiency and effectiveness. He also addresses common challenges organizations face, particularly those with legacy systems, while advocating for a culture of awareness and continuous improvement in privacy and security practices. Belušić … More →

The post Investing in Privacy by Design for long-term compliance appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in CFBB 1.1.0. This issue affects some unknown processing of the file index.cfm. The manipulation of the argument page leads to basic cross site scripting. The identification of this vulnerability is CVE-2005-2560. The attack may be initiated remotely. Furthermore, there is an exploit available.

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8), has been described as a use-after-free bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a

这篇文字来自 heige 投稿，我好像很久都没打理本懒号了，突然感觉也挺对得起本懒号的名字...

这篇文字来自 heige 投稿，我好像很久都没打理本懒号了，突然感觉也挺对得起本懒号的名字...

A vulnerability was found in unclebob FitNesse. It has been classified as critical. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-28125. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.10.9. It has been classified as critical. Affected is the function group_create. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-46837. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.109/6.6.50/6.10.9 and classified as problematic. This issue affects some unknown processing of the component aspeed_udc. The manipulation leads to improper validation of array index. The identification of this vulnerability is CVE-2024-46836. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.10.225/5.15.166/6.1.109/6.6.50/6.10.9. This vulnerability affects the function get_c0_compare_int of the file kernel/locking/mutex.c of the component Function Call Handler. The manipulation leads to incorrect comparison. This vulnerability was named CVE-2024-46832. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.6 and classified as critical. Affected by this vulnerability is the function dispose_list of the component vfs. The manipulation leads to deadlock. This vulnerability is known as CVE-2024-45003. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.6 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to uninitialized pointer. This vulnerability is handled as CVE-2024-45004. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.