Aggregator

A vulnerability was found in ESAFENET CDG v5 and classified as critical. This issue affects the function NavigationAjax. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-46510. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in StarCitizenTools mediawiki-skins-Citizen up to 2.30.x and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation of the argument real name leads to basic cross site scripting. This vulnerability was named CVE-2024-47536. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Atos Eviden iCare up to 2.7.11. This affects an unknown part of the component Web Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-42017. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Clinical-Genomics scout up to 4.88.1. Affected by this issue is some unknown functionality of the component VCF File Handler. The manipulation leads to injection. This vulnerability is handled as CVE-2024-47531. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Clinical-Genomics scout up to 4.88. Affected by this vulnerability is an unknown functionality of the file /login of the component VCF File Handler. The manipulation of the argument next leads to open redirect. This vulnerability is known as CVE-2024-47530. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in TP-Link Kasa KP125M and Tapo P125M 1.0.0. Affected is an unknown function of the component Telemetry. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-35495. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Kasa Tapo P125M and Kasa KP125M 1.0.3. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2024-46548. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Emlog Pro up to 2.3.14. It has been declared as critical. This vulnerability affects unknown code of the file /admin/store.php of the component File Download Handler. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-46540. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Ученые наблюдали фотоны, которые выходят из материала раньше, чем входят.

by Source Defense A new report by Recorded Future’s Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.

The post Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace appeared first on Source Defense.

The post Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace appeared first on Security Boulevard.

URL rewriting, a service designed to neutralize malicious URLs by redirecting users to a safe environment, has been a common practice in email security. However, as cyberthreats evolve, it’s becoming clear that this approach has limitations and potential vulnerabilities. Contact us to learn more. The Origin of URL Rewriting  URL rewriting emerged as a creative […]

The post The Hidden Risks of URL Rewriting and the Superior Alternative for Email Security first appeared on SlashNext.

The post The Hidden Risks of URL Rewriting and the Superior Alternative for Email Security appeared first on Security Boulevard.

Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

The post Randall Munroe’s XKCD ‘Late Cenozoic’ appeared first on Security Boulevard.

Sonatype's co-founder and Chief Technology Officer, Brian Fox, has been appointed to the newly formed Cyber and Technology Resilience Experts (CTREX) Panel, established by the Monetary Authority of Singapore (MAS).

The post Sonatype CTO appointed to cyber resilience experts panel amidst growing financial compliance demands appeared first on Security Boulevard.

英国周一关闭了最后一座燃煤火电站。这座燃煤火电站位于 Ratcliffe-on-Soar，其运营始于 1967 年，它于周一关闭。煤炭是燃烧时产生温室气体最多的化石燃料。英国是煤电的发源地，它现在成为第一个放弃煤电的主要经济体。到 2024 年上半年，英国可再生能源在总发电量中的比例已超过 50%。

The vulnerability, discovered by Wiz researchers, affects both cloud-based and on-premises AI applications using the toolkit