Aggregator

SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. [...]

Authors/Presenters:Khaled Serag, Rohit Bhatia, Akram Faqih, and Muslum Ozgur Ozmen, Purdue University; Vireshwar Kumar, Indian Institute of Technology, Delhi; Z. Berkay Celik and Dongyan Xu, Purdue University

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – ZBCAN: A Zero-Byte CAN Defense System appeared first on Security Boulevard.

A vulnerability, which was classified as very critical, was found in Mobotix P3 D24M, P3 M24M, P3 Q24M, P3 T24M, P3 D14Di, P3 S14, P3 V14D, P3 i25, P3 c25, P3 p25, P3 v25, P3 D25M, P3 M25M, P3 Q25M, P3 T25M, P3 D15Di, P3 M15, P3 M15-Thermal, P3 S15, P3 V15D, Mx6 D16, Mx6 M16, Mx6 S16, Mx6 V16, Mx6 D26, Mx6 M26, Mx6 Q26, Mx6 S26, Mx6 T26, Mx6 c26, Mx6 i26, Mx6 p26 and Mx6 v26. Affected is an unknown function of the component tcpdump. The manipulation leads to improper neutralization of expression/command delimiters. This vulnerability is traded as CVE-2023-34873. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in File Manager Pro Plugin up to 8.3.7 on WordPress. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-7559. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in honojs hono up to 4.5.7. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-43787. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in rexml Gem up to 3.3.5 on Ruby. This affects the function REXML::Document.new of the component API Parser. The manipulation leads to xml entity expansion. This vulnerability is uniquely identified as CVE-2024-43398. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Byron gitoxide up to 0.37.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of escape, meta, or control sequences. This vulnerability is handled as CVE-2024-43785. The attack may be launched remotely. There is no exploit available.

Кибератаки становятся умнее: сотрудники на передовой линии угроз.

A vulnerability was found in Swissphone DiCal-RED 4009. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component FTP Service. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-36443. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

QNAP has released the QTS 5.2 NAS operating system. A standout feature of this release is the debut of Security Center, which actively monitors file activities and thwarts ransomware threats. Additionally, system security receives a boost with the inclusion of support for TCG-Ruby self-encrypting drives (SED). Extensive optimizations have been implemented to streamline operations, configuration, and management processes, significantly elevating the overall user experience. “We greatly appreciate the invaluable feedback provided by our dedicated QTS … More →

The post QNAP releases QTS 5.2 to prevent data loss from ransomware threats appeared first on Help Net Security.

The US FAA has proposed new rules for aircraft to address cyber vulnerabilities caused by the increased interconnectivity of critical systems

KCon 2024就等你了！

KCon 2024就等你了！

KCon 2024就等你了！

KCon 2024就等你了！

KCon 2024就等你了！

索尼 2015 年在中国推出 PS4，2021 年推出 PS5。任天堂也于 2019 年与腾讯合作，在中国发售了 Switch。尽管两家企业都希望在中国扩大销售，但实际情况是销量并未像预期的那样增长。对中国国家新闻出版署发布的数据进行统计后发现，迄今为止获批的 Switch 游戏，从日本等地区进口的游戏只有约 30 款，在中国开发的游戏仅约 20 款。PS5 也一样，从上市以后获批的游戏来看，进口游戏仅为 10 款，在中国本地开发的游戏只有 8 款。截至 2024 年 3 月，任天堂 Switch 在日本共推出了 1900 款游戏，在美洲推出了约 2300 款游戏。相比之下，在中国推出的游戏数量太少了。Switch 的主力游戏《塞尔达传说》未能在中国上市。中国游戏公司员工透露：“是因为游戏中出现的骸骨被判定为不当”。

Enzoic released the latest version of Enzoic for Active Directory. The solution provides a frictionless way to continuously monitor, identify and remediate unsafe credentials by screening username and password combinations in Active Directory against Enzoic’s dynamic database. This helps organizations eliminate weak, exposed, or shared passwords, reducing the risk of a successful account takeover. The Verizon DBIR identified that compromised credentials remain a leading way for cybercriminals to access an organization, and Active Directory is … More →

The post Enzoic for Active Directory enhancements help teams identify and remediate unsafe credentials appeared first on Help Net Security.

We’re excited to announce wildcard support across our Ruleset Engine-based products and our open-source wildcard crate in Rust. Configuring rules has never been easier, with powerful pattern matching enabling simple and flexible URL redirects and beyond for users on all plans.