Aggregator

Published: 22 January 2025 at 14:45 UTC

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US government’s cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). A CISA and FBI published a joint advisory warning that Chinese hackers […]

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

A vulnerability classified as problematic was found in HCL BigFix Patch Management Download Plug-ins up to 1177. This vulnerability affects unknown code. The manipulation leads to download of code without integrity check. This vulnerability was named CVE-2024-42183. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as problematic, was found in HCL BigFix Patch Management Download Plug-ins up to 1177. Affected is an unknown function of the component Download File Handler. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-42187. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as problematic was found in HCL BigFix Patch Management Download Plug-ins up to 1177. Affected by this vulnerability is an unknown functionality of the component File Scheme Handler. The manipulation leads to improper neutralization of encoded uri schemes in a web page. This vulnerability is known as CVE-2024-42184. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as problematic, was found in HCL BigFix Patch Management Download Plug-ins up to 1177. This affects an unknown part. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2024-42186. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Elastic Kibana up to 7.17.22/8.14.x. It has been rated as critical. This issue affects some unknown processing of the file /api/metrics/snapshot of the component Request Handler. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-52972. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Elastic Kibana up to 8.14.x. Affected by this vulnerability is an unknown functionality of the file /api/fleet/health_check. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-43710. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Elastic Fleet Server up to 8.14.x. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-52975. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netscape Navigator 7.0. It has been rated as problematic. Affected by this issue is the function reformatDate of the component JavaScript. The manipulation as part of Regular Expression leads to improper input validation. This vulnerability is handled as CVE-2003-1419. The attack may be launched remotely. Furthermore, there is an exploit available.

De eerste 2  van 4 vernieuwde landingsvaartuigen zijn vandaag overgedragen aan de marine. De zogenoemde Landing Craft Utility’s (LCU’s) hebben een modernisering ondergaan. Dankzij de ingreep gaan de vaartuigen nog tot zeker 2032 mee. De andere komen later dit jaar en in 2026.

A vulnerability, which was classified as critical, has been found in Alexandre Dubus AudiStat 1.3. Affected by this issue is some unknown functionality of the file index.php. The manipulation leads to sql injection. This vulnerability is handled as CVE-2010-1051. The attack may be launched remotely. Furthermore, there is an exploit available.

While Trail of Bits is known for developing security tools like Slither, Medusa,

New York, NY, 23rd January 2025, CyberNewsWire

The post Memcyco Announces Next-Gen, AI Solution to Combat Fraud and Impersonation Attacks in Real Time appeared first on Security Boulevard.

New York, NY, January 23rd, 2025, CyberNewsWireMemcyco’s AI-based solution enables organizatio

Salt Typhoon, a state-sponso

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are