Aggregator

Qualys has confirmed it was impacted by a widespread supply chain attack that targeted the Salesloft Drift marketing platform, resulting in unauthorized access to a portion of its Salesforce data. The breach originated from a sophisticated cyberattack campaign targeting Salesloft Drift, a third-party Software-as-a-Service (SaaS) application used by Qualys to automate sales workflows and manage […]

The post Qualys Confirms Data Breach – Hackers Accessed Salesforce Data in Supply Chain Attack appeared first on Cyber Security News.

失效后不要再找我，我不会回复的

Red Hat 准备将大量后台业务员工及相关支持团队迁移到母公司 IBM。IBM 是在 2019 年以 340 亿美元收购了 Red Hat，之后一直独立运营，但情况正在发生变化。这次迁移预计在 2026 年初生效，公司员工本月初收到了通知。Red Hat 的人力资源、财务、会计和法务等行政及行政管理部门的大部分员工将加入 IBM。Red Hat 没有披露行政及行政管理团队的人员规模，它的全球员工总数约为 19,000 人，大部分人任职于工程、销售和支持部门。对于这次迁移，工程、产品、销售和市场营销团队不受影响，至少目前是如此。

A rare breach attributed to a North Korean–affiliated actor named “Kim” by the leakers has unveiled unprecedented insight into Kimsuky (APT43) operations. Dubbed the “Kim” dump, the 9 GB dataset includes active bash histories, phishing domains, OCR workflows, custom stagers, and Linux rootkit evidence—revealed a hybrid campaign that leverages Chinese-language tooling and infrastructure to target […]

The post Kimsuky Hackers’ Playbook Uncovered in Exposed ‘Kim’ Data Dump appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

上周四尼泊尔政府封禁了包括 Facebook、WhatsApp、X、Instagram 和 YouTube 在内的 26 个社交媒体网站，理由是它们未能在规定期限内向政府登记注册。本周一，包括学生在内的数千年轻人在首都议会大厦前进行抗议，要求立即撤销禁令。当部分抗议者进入议会大厦时，示威活动演变成暴力冲突。当地媒体援引医院报告称有 14 人死亡，尼泊尔官方没有公布伤亡人数。

A vulnerability described as critical has been identified in Moodle up to 3.6.2. Affected by this issue is the function get_with_capability_join/get_users_by_capability. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2019-3852. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Moodle up to 3.5.7/3.6.5/3.7.1. Affected by this vulnerability is an unknown functionality of the component Course Handler. Performing manipulation results in improper authorization. This vulnerability is identified as CVE-2019-14828. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability classified as problematic was found in libming 0.4.8. This affects the function getString of the file decompile.c. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2019-9113. The attack can be executed remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in Moodle up to 3.1.16/3.4.7/3.5.4/3.6.2. Affected is an unknown function of the component Submission Comment Handler. The manipulation results in open redirect. This vulnerability is known as CVE-2019-3850. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Helm 3.1.x. This affects an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2020-11013. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Code::Blocks 17.12. Affected by this vulnerability is an unknown functionality. The manipulation as part of Project File leads to buffer overflow. This vulnerability is listed as CVE-2020-10814. The attack must be carried out locally. There is no available exploit.

A vulnerability has been found in Elasticsearch up to 6.8.11/7.8.x and classified as problematic. This impacts an unknown function of the component Field Level Security. The manipulation leads to privilege context switching error. This vulnerability is uniquely identified as CVE-2020-7019. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Moodle up to 3.5.16/3.8.7/3.9.4/3.10.1. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Online Users Block. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2021-20281. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in libming up to 0.4.8. This affects the function parseSWF_ACTIONRECORD of the file util/parser.c. Executing manipulation as part of SWF File can lead to memory corruption. This vulnerability is registered as CVE-2019-7581. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in libming up to 0.4.8. This vulnerability affects the function readBytes of the file util/read.c. The manipulation as part of SWF File leads to memory corruption. This vulnerability is documented as CVE-2019-7582. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Moodle up to 3.5.7/3.6.5/3.7.1. Affected by this issue is some unknown functionality of the component Activity Creation Handler. Executing manipulation can lead to improper following of specification by caller. This vulnerability is tracked as CVE-2019-14829. The attack is only possible within the local network. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability labeled as problematic has been found in MongoDB up to 3.6.19/4.0.20/4.2.9. Impacted is an unknown function. Executing manipulation can lead to improper output neutralization for logs. This vulnerability is tracked as CVE-2021-20333. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical was found in LinuxVNC and VNCommand up to 0.9.10. Affected is the function vcSetXCutTextProc of the file VNConsole.c. Executing manipulation can lead to integer overflow. This vulnerability is handled as CVE-2018-7226. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in libming 0.4.8. The affected element is the function strlenext of the file util/decompile.c. This manipulation causes memory corruption. This vulnerability is handled as CVE-2018-7874. The attack can be initiated remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in libming 0.4.8. This issue affects the function strlenext of the file decompile.c. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2018-20428. The attack may be initiated remotely. There is no available exploit.