Aggregator

A vulnerability was found in Espressif esp-now up to 2.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to acceptance of extraneous untrusted data with trusted data. This vulnerability is handled as CVE-2024-42483. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in No-IP Dynamic Update Client 3.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/default/noip-duc. The manipulation leads to missing encryption of sensitive data. This vulnerability is known as CVE-2024-40457. Local access is required to approach this attack. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

13 сентября - дедлайн для банка в битве с хакерами.

A vulnerability was found in MindsDB. It has been classified as problematic. Affected is an unknown function of the component ML Engine. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-45856. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Utarit Information SoliClub up to 4.3.x/5.2.0 on Android/iOS and classified as critical. This issue affects some unknown processing. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2024-3306. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Espressif esp-now up to 2.5.1 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument addrs_num leads to out-of-bounds read. This vulnerability was named CVE-2024-42484. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Rockwell Automation FactoryTalk View Site Edition up to 14.0. This affects an unknown part. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-45824. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Utarit Information SoliClub up to 4.3.x/5.2.0 on Android/iOS. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-3305. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. [...]

与美元 1:1 挂钩的稳定币泰达币（Tether）是目前交易量最大的加密货币，它隶属于总部位于英属维京群岛的 iFinex 公司。泰达币网络一年的资金流动量与 Visa 相差无几，它已成为全球金融体系重要一环，每天处理的交易量高达 1900 亿美元。泰达币已经深入地下金融世界，让一个在美国执法管辖范围外运行的平行经济成为可能。在美国制裁的国家如伊朗、委内瑞拉、俄罗斯，泰达币已成为它们交易广泛使用的影子美元。俄罗斯寡头和军火商利用泰达币在国外购买房地产，支付被制裁商品的费用。委内瑞拉被制裁的国有石油公司用泰达币支付货物费用。毒贩、诈骗团伙和哈马斯等用它洗钱。功能失调的经济体如阿根廷和土耳其，由于恶性通货膨胀和硬通货短缺，当地居民将泰达币用于日常消费的支付，以及作为保护其储蓄的一种方式。泰达币公司也因此变得极其富有，它拥有 1200 亿美元资产，大部分是美国国库券。去年它盈利 62 亿美元，比贝莱德 (BlackRock) 高 7 亿美元。

A vulnerability classified as critical was found in MindsDB up to 23.10.3.0. Affected by this vulnerability is an unknown functionality of the component Inhouse Model Handler. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-45854. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as very critical has been found in Refuel Autolabel up to 0.0.8. Affected is an unknown function of the component CSV File Handler. The manipulation leads to improper neutralization of directives in dynamically evaluated code ('eval injection'). This vulnerability is traded as CVE-2024-27320. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in MindsDB up to 23.10.2.0. It has been rated as critical. This issue affects some unknown processing of the component Inhouse Model Handler. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-45853. The attack may be initiated remotely. There is no exploit available.

Global end-user spending on information security is projected to hit $212bn next year, an increase of 15% from 2024, according to Gartner. Yet at the same time, data breach costs continue to spiral. The latest IBM report now puts the global average at nearly $4.9n per incident. This raises the question: are organizations spending their cybersecurity budgets in the right areas?

The post Threat Actors Are Finding it Easier Than Ever to Breach Cyber-Defenses: Enter Data-Centric Security appeared first on Security Boulevard.

A vulnerability was found in cleanlab 2.4.0. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2024-45857. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in MindsDB up to 24.7.4.0. It has been classified as very critical. This affects an unknown part of the component Microsoft SharePoint Integration. The manipulation leads to improper neutralization of directives in dynamically evaluated code ('eval injection'). This vulnerability is uniquely identified as CVE-2024-45851. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation ThinManager up to 13.1.2/13.2.1 and classified as critical. Affected by this issue is some unknown functionality of the component Executable File Handler. The manipulation leads to externally controlled reference. This vulnerability is handled as CVE-2024-45826. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Progress LoadMaster up to 7.2.60.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-6658. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Exploiting memory corruption vulnerabilities in server-side software often requires knowledge of the binary and environment, which limits the attack surface, especially for unknown binaries and load-balanced environments.  Successful exploitation is challenging due to the difficulty of preparing the heap and deploying ROP chains without this information.  Researchers discovered vulnerabilities in the Kakadu JPEG 2000 library, […]

The post Critical Vulnerabilities in JPEG 2000 Library Let Attackers Execute Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

首页抗疫专栏牛闻牛评行业动态 术有