Aggregator

A vulnerability has been found in Rosoftengineering Rosoft Media Player 4.1.8 and classified as critical. This vulnerability affects unknown code of the component Media Player. The manipulation leads to memory corruption. This vulnerability was named CVE-2007-6478. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Mambo Com Quiz up to 0.81. This affects an unknown part of the file index.php. The manipulation of the argument tid leads to sql injection. This vulnerability is uniquely identified as CVE-2008-0799. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in MediaSlide Com Mediaslide 0.5. Affected is an unknown function of the file index.php of the component com_media. The manipulation of the argument albumnum leads to sql injection. This vulnerability is traded as CVE-2008-0802. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in LookStrike Lan Manager 0.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file modules\class\table.php. The manipulation of the argument sys_conf[path][real] leads to code injection. This vulnerability is known as CVE-2008-0803. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Com Mcquiz 0.9 on Joomla. This vulnerability affects unknown code of the file index.php. The manipulation of the argument tid leads to sql injection. This vulnerability was named CVE-2008-0800. The attack can be initiated remotely. Furthermore, there is an exploit available.

The Digital Operational Resilience Act (DORA) is a significant regulation introduced by the European Union, set to take effect on 17 January 2025. While DORA is primarily designed to enhance the operational resilience of financial entities against ICT-related incidents, its impact extends far beyond financial institutions. DORA establishes requirements and principles that financial entities must […]

The post What is DORA (Digital Operational Resilience Act)? appeared first on Cequence Security.

The post What is DORA (Digital Operational Resilience Act)? appeared first on Security Boulevard.

Advisory Warns Iranian Threat Actors Use 'Push Bombing' to Target Critical Sectors
Iranian cyber actors are increasingly using brute force techniques, such as password spraying and multifactor authentication push bombing, to target critical infrastructure sectors, according to a cybersecurity advisory released Wednesday by the Cybersecurity and Infrastructure Security Agency.

Trail Acquisition Brings Enhanced DLP, DSPM Integration, Safeguards Data in Motion
With the $162 million buy of Trail Security, Cyera will offer customers AI-enhanced data loss prevention alongside its DSPM solution. The new platform promises stronger, real-time data protection for sensitive information both in motion and at rest, helping enterprises meet security demands.

Hackers May Have Reverse-Engineered February Patch
Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation. Some security researchers say a February patch may not have fully squashed a flaw.

By collecting, analyzing, and leveraging data from security events, security analytics empowers teams to proactively detect anomalies and pinpoint vulnerabilities to mitigate targeted attacks, insider threats, and advanced persistent threats (APTs).

Security Teams Need Support, Mental Health Resources and a Focus on Resilience
Managing the aftermath of a cybersecurity incident can be grueling, and the intense pressure placed on these individuals can take a toll. Stress in the cybersecurity field, particularly post-incident, is a well-documented issue that many professionals quietly struggle with.

Advisory Warns Iranian Threat Actors Use 'Push Bombing' to Target Critical Sectors
Iranian cyber actors are increasingly using brute force techniques, such as password spraying and multifactor authentication push bombing, to target critical infrastructure sectors, according to a cybersecurity advisory released Wednesday by the Cybersecurity and Infrastructure Security Agency.

Trail Acquisition Brings Enhanced DLP, DSPM Integration, Safeguards Data in Motion
With the $162 million buy of Trail Security, Cyera will offer customers AI-enhanced data loss prevention alongside its DSPM solution. The new platform promises stronger, real-time data protection for sensitive information both in motion and at rest, helping enterprises meet security demands.

New NCSC Chief Also Warns of Threefold Increase in Severe Cyberattacks
The U.K. experienced a 50% spike in cybersecurity incidents posing national security risks this year, according to NCSC CEO Richard Horne. Growing advancements in emerging tech are widening the gap between offensive and defensive cyber capabilities, he warned.

Hackers May Have Reverse-Engineered February Patch
Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation. Some security researchers say a February patch may not have fully squashed a flaw.

A new Akamai white paper explains why you need to prioritize modern Layer 7 DDoS protection ? and details how you can guide your security efforts.

Hono is a web framework that is fast, lightweight, and built using the Web Standards API. Hear the story of Hono by the creator of Hono.

A vulnerability, which was classified as problematic, was found in Acronis Cyber Files on Windows. This affects an unknown part. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is uniquely identified as CVE-2024-49386. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Nokia 7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS and 7210 SAS OS 24. Affected by this issue is some unknown functionality of the component SFTP/SCP. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2023-6729. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.