Aggregator

Authors/Presenters: Thomas Sermpinis

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

The post DEF CON 32 – The Hack, The Crash And Two Smoking Barrels appeared first on Security Boulevard.

Defensie verkleint het aantal onderzoekslocaties voor de noodzakelijke uitbreiding van militaire activiteiten in Nederland. Dat gebeurt binnen het Nationaal Programma Ruimte voor Defensie. De militaire organisatie nam dit besluit op basis van de eerste resultaten van de milieueffectrapportage (planMER), bestuurlijke overleggen in alle provincies en gesprekken met inwoners in heel het land.

Adaptive Shield is the third security posture management provider the company has acquired in the past 14 months as identity-based attacks continue to rise.

Microsoft has released the KB5046613 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes ten changes and fixes, including the new Microsoft account manager on the Start menu and fixes for multi-function printer issues. [...]

A vulnerability was found in AFI Plugin up to 1.92.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-10877. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in TIBCO Hawk and Operational Intelligence. It has been classified as problematic. This affects an unknown part of the file mar.jar of the component Monitoring Archive Utility. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10218. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TIBCO Hawk and Operational Intelligence and classified as problematic. Affected by this issue is some unknown functionality of the file mar.jar of the component Monitoring Archive Utility. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10217. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Citrix Session Recording and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-8068. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Fortinet FortiClientMac up to 6.4.10/7.0.10/7.2.4/7.4.0 on macOS. Affected is an unknown function. The manipulation leads to improper verification of cryptographic signature. This vulnerability is traded as CVE-2024-40592. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Citrix NetScaler ADC and NetScaler Gateway up to 29.71/37.206/55.33/55.320. This issue affects some unknown processing of the component VPN Vserver. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-8534. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Bridge up to 13.0.9/14.1.2. This vulnerability affects unknown code. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-47458. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Illustrator up to 28.7.1. This affects an unknown part. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-47457. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fortinet FortiClientWindows up to 6.4.10/7.0.12/7.2.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component LUA Auto Patch Script Handler. The manipulation leads to privilege context switching error. This vulnerability is handled as CVE-2024-36513. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fortinet FortiWeb up to 6.3.23/7.0.10/7.2.10/7.4.3/7.6.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Log Access Event Page. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is known as CVE-2024-36509. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in End-User Portal Module up to 1.0.64 on FreeScout. It has been classified as critical. Affected is an unknown function of the file /auth. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2023-52268. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Dynamic Systems Inc Has Been Claimed a Victim to MEDUSA Ransomware

A vulnerability was found in Adobe Illustrator up to 28.7.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-47452. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Illustrator up to 28.7.1 and classified as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-47451. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.