Aggregator

Submit #619358 / VDB-317097

Submit #619313 / VDB-317096

Обещали шифрование, но не спросили даже пароля. Спасибо, Fitify.

Submit #619280 / VDB-271388

Submit #619278 / VDB-317095

A vulnerability was found in Turtek Eyotek. It has been classified as problematic. Affected is an unknown function. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2025-1469. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Canonical MAAS up to 3.1.3/3.2.10/3.3.7/3.4.3/3.5.0 and classified as critical. This issue affects some unknown processing of the component RPC Command Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-6107. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in ASUS MyASUS and classified as critical. This vulnerability affects unknown code. The manipulation leads to hard-coded credentials. This vulnerability was named CVE-2025-4570. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in ASUS MyASUS. This affects an unknown part. The manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2025-4569. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Signum FARA up to 5.0.80.34. Affected by this issue is some unknown functionality of the component SQLite Database. The manipulation leads to hard-coded credentials. This vulnerability is handled as CVE-2025-4049. The attack needs to be approached locally. There is no exploit available.

微软鼓励Windows 11用户通过反馈中心提交性能问题，并附加系统转储日志以帮助改进。此功能目前仅适用于Windows Insider预览版用户，正式版用户的日志不会被自动收集。

Submit #619183 / VDB-199684

A critical vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Instant On Access Points could allow attackers to bypass device authentication mechanisms completely.  The vulnerability, tracked as CVE-2025-37103, stems from hardcoded login credentials embedded within the devices’ software, presenting a severe security risk with a maximum CVSS score of 9.8.  Key Takeaways1. HPE Aruba Access […]

The post HPE Warns of Aruba Hardcoded Credentials Allowing Attackers to Bypass Device Authentication appeared first on Cyber Security News.

英伟达发布适用于Linux系统的稳定版驱动程序570.172.08，提供更好的稳定性和错误修复。新增对RTX5050显卡的支持，并可能包含安全改进。尽管Rowhammer漏洞被曝光，英伟达尚未提供详细信息。

文章介绍了网络安全领域的名人堂书籍——Cybersecurity Canon及其精选书单，旨在为专业人士提供核心读物；联合创始人Helen Patton分享了Canon的发展历程，并介绍了她的著作《Navigating the Cybersecurity Career Path》；同时讨论了行业观点及企业安全动态。

Cybersecurity officers need to remember that the reality is, most attacks don’t begin with a dramatic break-in… they start with a login.

The post Cybersecurity Isn’t Just an IT Line Item — It’s a Business Imperative  appeared first on Security Boulevard.

文章指出工业环境中的数字访问控制薄弱导致网络安全风险增加。现有远程访问工具如VPN和跳转服务器存在安全隐患。建议采用身份认证、时间限制和细化策略来加强安全，并由领导层负责监督。

Минкультуры получило кнопку «удалить» для всего интернета.

Security researchers at Varonis Threat Labs have identified a subtle but significant vulnerability in Microsoft’s AppLocker security feature that could allow malicious applications to bypass established security restrictions. While not classified as a critical vulnerability, the discovery highlights important gaps in enterprise security configurations that organizations should address. AppLocker serves as Microsoft’s enterprise-grade application control […]

The post Microsoft AppLocker Flaw Lets Malicious Apps Bypass Security Restrictions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.