Aggregator

Department of Treasury Overstepped its Authority, Fifth Circuit Rules
A U.S. federal appeals court ruled U.S. Department of Treasury exceeded its authority by sanctioning Tornado Cash, a cryptocurrency mixing service used by North Korean hackers to launder more than $455 million. Smart contracts "are not capable of being owned," the court ruled.

Likely Russian Hacker Exploits IoT Vulnerabilities, Many Known for Years
An apparent Russian script kiddie is converting widespread security gaps into powerful botnets capable of launching global-scale distributed denial-of-service attacks. A threat actor with the online moniker "Matrix" is exploiting IoT vulnerabilities such as default credentials and outdated software.

Largest US Telco Blocks Hackers But Warns Other Networks May Be Compromised
T-Mobile disputed claims Wednesday that Chinese state-sponsored hackers breached its systems and stole customer data, warning that some U.S. communications networks may still be compromised and detailing how its layered defenses and third-party cybersecurity partnerships thwarted the attack.

Henna Virkkunen Vows to Boost European innovation, Cut Regulations
Newly appointed EU tech commissioner Henna Virkkunen will lead efforts to establish Europe's tech sovereignty, said European Commission President Ursula von der Leyen, who will start a second term on Dec. 1. Virkkunen was a liberal-conservative Finnish member of the European Parliament.

CVE-2024-36401 GeoServer Remote Code Execution PoC

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Sorb Claims to be Selling the Data of Ze-Camping

A vulnerability was found in SonicWALL SOHO and Pro. It has been classified as critical. This affects an unknown part of the component URL Path Handler. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2005-1006. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component.

​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]

Rey Claims to be Selling the Data of Chinese Domiciles with 274 Million Lines

A Threat Actor Claims to have Leaked the Data from Ekrem Abi

A vulnerability classified as critical was found in Google Android up to 8.1. This vulnerability affects the function String16 of the file String16.cpp. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2017-13323. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android 7/7.1.1/7.1.2/8/8.1. This affects the function mv_err_cost of the file mcomp.c. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2018-9349. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SEO Landing Page Generator Plugin up to 1.66.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11366. The attack may be launched remotely. There is no exploit available.