Aggregator

HKCERT CTF 2024 Web/Misc/Forensics Write up

A vulnerability was found in mdedev Run Contests, Raffles, and Giveaways with ContestsWP Plugin up to 2.0.3 on WordPress. It has been rated as problematic. Affected by this issue is the function add_query_arg. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11456. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in slimndap Theater Plugin up to 0.18.6.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function add_query_arg. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11371. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in cservit affiliate-toolkit Plugin up to 3.6.7 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10675. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in themeum Tutor LMS Plugin up to 2.7.6 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation of the argument rating_filter leads to sql injection. The identification of this vulnerability is CVE-2024-10400. The attack may be initiated remotely. There is no exploit available.

Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been

Vanta announced a number of new and upcoming products enabling customers to build, demonstrate and enhance their GRC and trust programs. The new offerings include Vanta for Marketplaces to strengthen trust across a company’s entire ecosystem; adaptive scoping; AI-powered chat for Trust Centers; developer-first workflows for faster remediation; and expanded reporting capabilities. The announcements coincide with a number of highlights for the company in 2024: Now continuously monitoring over 92 million resources across customers—from laptops … More →

The post Vanta announces new products to enhance GRC and trust programs appeared first on Help Net Security.

Всё больше незащищённых устройств открывают новые двери для атакующих.

分享我实验室白泽智能团队被CCS2024 录用的最新研究 Neural Dehydration，该工作提出了一种与水印类型无关的通用移除攻击，成功破解了当下10款主流的黑盒模型水印，在保持目标模型可用性的同时，对数据的依赖性也极低。

MITRE收集、分析了2023年6月至2024年6月之间披露3.1万个漏洞，并发布了2024年最危险的软件漏洞TOP 25名单。

这段时间，B站的知名UP主“老师好我叫何同学”因为一则《我用36万行备忘录做了个动画…》的视频备受争议，将这名UP主再次推上了舆论的风口浪尖。

Deep Instinct launched Deep Instinct DSX for Cloud Amazon S3. As organizations increasingly rely on the cloud to power their digital transformation, businesses are generating and storing record amounts of data in the cloud. Cybercriminals know this and are leveraging generative AI to create sophisticated malware that evades existing security tools and takes advantage of the “assume breach” mindset. DSX for Cloud enables businesses to protect sensitive data across cloud storage environments by preventing and … More →

The post Deep Instinct delivers malware and ransomware prevention for cloud data stored in S3 buckets appeared first on Help Net Security.