Aggregator

A vulnerability was found in expressjs basic-auth-connect up to 1.0.x. It has been classified as problematic. This affects an unknown part. The manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2024-47178. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in cvat-ai cvat up to 2.18.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-47064. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in cvat-ai cvat up to 2.19.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2024-47172. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in zopefoundation RestrictedPython up to 7.2. Affected is the function RestrictedPython.Utilities.utility_builtins. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-47532. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Компания 23andMe отчаянно ищет пути спасения бизнеса.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.11/6.11.0. This issue affects some unknown processing of the component btintel_pcie. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-46869. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Gitxray是一款基于GitHub REST API的网络安全工具，支持利用公共 GitHub REST API 进行OSINT、信息安全取证和安全检测等任务。

该工具支持查找并修复 400 多种类型的硬编码敏感数据和 70 多种类型的基础设施即代码配置错误。

This ExecBrief provides a summary of the state of ransomware and articulates an approach for businesses to collectively respond.

The post PinnacleOne ExecBrief | Financially-Motivated Threats appeared first on SentinelOne.

A widespread Verizon outage is causing iPhones and Android devices to enter SOS mode, preventing them from making mobile calls unless they use WiFi calling. [...]

利用过期域名实现劫持海量邮件服务器和TLS/SSL证书 by ourren

网络流量大模型TrafficLLM by ourren

更多最新文章，请访问SecWiki

AMD 正在释出新 BIOS 更新，以改进 Ryzen 9600X / 9700X CPU 的性能，同时改善延迟问题。Zen 5 CPU 释出之后被评测者广泛认为性能未达到预期。AMD 释出了 AGESA PI 1.2.0.2 固件，解决了部分极端用例——当信息在 Ryzen 9 9000 系列处理器的不同部分之间共享时，需要两个事务读取写入，新固件将需要的事务数量减少一半，减少了多 CCD 型号的内核到内核延迟。BIOS 更新还包括一个新的 105 瓦 cTDP 选项，将 Ryzen 9600X 和 9700X 的性能提升约 10%。AMD 表示这不会导致保修失效。

Connected cars considered crud: Kia promises bug never exploited. But even 10-year-old cars were vulnerable.

The post Kia’s Huge Security Hole: FIXED (Finally) appeared first on Security Boulevard.

Poor DNS hygiene can leave your organization vulnerable to threats like subDoMailing, DNS spoofing, domain hijacking and other threats. In addition to putting domain security at risk, these vulnerabilities can have long-term effects on domain reputation. Here are ten DNS best practices businesses can implement to protect their domains and their entire business.

The post 10 DNS best practices to keep your Domain Reputation in check appeared first on Security Boulevard.

A vulnerability was found in NASA Universe Wallpapers Xeus 1. It has been classified as critical. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-7113. Access to the local network is required for this attack to succeed. There is no exploit available.

知己知彼，百战不殆。

The newly identified vulnerabilities exploit improper input validation when managing printer requests over the network

Прокси-серверы и VPN попадают под прицел невидимых цифровых сил.

A vulnerability was found in ZCMS 1.1. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2015-7346. The attack can be initiated remotely. Furthermore, there is an exploit available.

Discover why API security is crucial in Forrester's CISO 2025 Budget Planning Guide. Learn how to prioritize investments and justify your budget.

The post Forrester’s CISO Budget Planning Guide for 2025: Prioritize API Security appeared first on Security Boulevard.