Aggregator

俄罗斯堪察加半岛7月29日发生8.8级强震，引发海啸警报。日本多地观测到40厘米高海浪。这是2011年以来最强地震，目前无人员死亡报告。

美国地质勘探局(USGS)报告，俄罗斯堪察加半岛 7 月 29 日 23:24 UTC 发生 M8.8 级地震。太平洋沿海地区发布海啸警报，据日本共同社报道，第一波海啸已经抵达日本海岸，北海道十胜港观测到了 40 厘米高的海啸。这次大地震是 2011 年日本东北地方太平洋近海地震（M9.1）以来的最强地震，为有记录以来第六强地震。目前暂无死亡报告。

A vulnerability classified as problematic was found in Cisco IOS and IOS XE 16.3.1. Affected by this vulnerability is an unknown functionality of the component Autonomic Networking Infrastructure. The manipulation leads to improper access controls. This vulnerability is known as CVE-2017-6663. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Cisco IOS 15.0/15.1/15.2/15.3/15.4 and classified as problematic. Affected by this issue is some unknown functionality of the component VPLS. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2017-12238. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Intel Ethernet Diagnostics Driver up to 1.3.0 on Windows. It has been rated as critical. This issue affects some unknown processing of the file IQVW32.sys/IQVW64.sys. The manipulation as part of IOCTL Call leads to improper input validation. The identification of this vulnerability is CVE-2015-2291. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Java SE 6u101/7u85/8u60. Affected by this issue is some unknown functionality of the component Deployment. The manipulation leads to denial of service. This vulnerability is handled as CVE-2015-4902. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Как Raven Stealer превратил Telegram в командный пункт для кражи данных.

ColoCrossing推出低价洛杉矶/纽约独立服务器，采用英特尔至强处理器，起售价129美元/年。这些物理机性能优越但需自行安装系统且不支持退款。型号多样，配置包括不同内存、存储和带宽。购买后需5-7天配置硬件。

Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report from SpecterOps makes the case that traditional tools like identity governance, PAM, and MFA aren’t enough. They help manage access, but they miss the bigger problem: how identity and privilege sprawl across the environment in ways that attackers can string together. Attack Path Management (APM) is a continuous security … More →

The post Why CISOs should rethink identity risk through attack paths appeared first on Help Net Security.

A vulnerability has been found in PHP Melody 2.7.1 and classified as critical. This vulnerability affects unknown code of the file ajax.php. The manipulation of the argument playlist as part of Parameter leads to sql injection (Time-Based). This vulnerability was named CVE-2018-5211. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Photography CMS 1.0. This affects an unknown part of the file clients/resources/ajax/ajax_new_admin.php. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2018-5969. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in PHP Proxy 3.0.3. This issue affects some unknown processing of the file index.php?q=file://. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2018-19458. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in PEAR Archive_Tar up to 1.4.3. Affected by this vulnerability is an unknown functionality. The manipulation of the argument $v_header[filename] as part of Parameter leads to deserialization (Unserialize). This vulnerability is known as CVE-2018-1000888. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tubigan Welcome to our Resort 1.0. It has been classified as critical. This affects an unknown part of the file index.php?p=accomodation. The manipulation of the argument q leads to sql injection. This vulnerability is uniquely identified as CVE-2018-18800. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Menlo Park, United States, July 30th, 2025, CyberNewsWire AccuKnox, Inc., the Zero Trust Cloud-Native Application Protection Platform (CNAPP) leader, has announced deployment in the UAE banking sector through its strategic partnership with cybersecurity VAD CyberKnight. The deal, secured with a major Abu Dhabi-based financial institution [market cap $30 billion], marks a milestone in AccuKnox’s regional expansion. The deployment […]

The post AccuKnox Partners With CyberKnight To Deliver Zero Trust Security For A Leading Global Bank In The UAE. appeared first on Cyber Security News.

National Instrumentsが提供するLabVIEWには、複数のメモリバッファ―エラーの脆弱性が存在します。

Samsungが提供するHVAC DMSには、複数の脆弱性が存在します。

Атака ToolShell поразила государственные структуры и банки сразу в пяти странах.

A vulnerability was found in Linux Kernel up to 5.19.3. It has been rated as critical. This issue affects the function iavf_get_link_ksettings. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-50054. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.19.3. Affected by this issue is the function vdpa_sim_blk. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2022-50058. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.