Aggregator

Google addressed the ninth actively exploited Chrome zero-day this yearGoogle released emergen

Google released emergency security updates to fix the ninth actively exploited Chrome zero-day vulnerability this year. ​​Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited. The vulnerability is a type confusion issue that resides in Chrome’s V8 JavaScript engine. “Google is aware that an exploit for CVE-2024-7971 […]

Всего одна ошибка в настройке сделает ваш сервер магнитом для злоумышленников.

A vulnerability was found in Mage AI. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Terminal Server Command History Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-8072. The attack can be launched remotely. There is no exploit available.

键盘鼠标都最低，派商店 Keychron 系列清仓促销专场 利益相关声明： 文中包含营销（如促销活动）和推广（如返利链接）信息 活动时间：即日起至 8.29省流版：少数派定制 Keychron K3

A vulnerability was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. It has been classified as problematic. Affected is an unknown function of the component User Management Page. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-40886. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 and classified as critical. This issue affects some unknown processing of the component Shared Channel Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-32939. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 and classified as critical. This vulnerability affects the function manage_system. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-8071. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. This affects an unknown part of the file /api/v4/users. The manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2024-42411. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. Affected by this issue is some unknown functionality of the component Email Notification Handler. The manipulation leads to protection mechanism failure. This vulnerability is handled as CVE-2024-39836. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 9.5.7/9.10.0/9.11.0. Affected by this vulnerability is an unknown functionality of the file /dev/zero of the component ElasticSearch Configuration Handler. The manipulation of the argument CA path leads to resource consumption. This vulnerability is known as CVE-2024-39810. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mattermost up to 9.5.7/9.10.0/9.11.0. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-43813. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

根据知情人士的消息，美国油服巨头 Halliburton 遭到网络攻击，影响休斯顿园区和部分全球网络的业务运营。Halliburton 据没有证实也没有否认网络攻击，只是表示公司部分系统发现问题，正在评估原因和潜在影响。知情人士称，Halliburton 要求部分员工不要连上内网。总部位于休斯顿的 Halliburton 是全球最大的油服公司之一，为全球主要能源公司提供钻井服务和设备，有近 48,000 名员工。

Один пароль на ход следствия против «Пирата Неизвестности».

研究人员最近发现了一种新型的恶意软件，名为Banshee Stealer，它专门针对苹果macOS系统。

HVV 遇到了邮件钓鱼，有个样本挺有趣，自己又没分析过样本，于是便想尝试分析一下，并记录下来，同时学习一下红队大佬们的思路，大佬勿喷，讲的比较哆嗦。

葡萄牙足球球星 C 罗（Cristiano Ronaldo）开设了自己的 Youtube 频道 UR·Cristiano，上线半天时间订阅量超过 1000 万，成为史上最快达此成就的 Youtube 主播。C 罗在各大社交平台拥有逾 9 亿粉丝，是 Meta 旗下平台 Instagram 上关注者最多的名人，有逾 6.3 亿粉丝。目前他的 Youtube 频道订阅者人数已经超过了 1500 万。目前人数订阅最多的 Youtube 频道是 MrBeast，有 3.1 亿订阅。以 C 罗现在的走势，相信成为全球最多人订阅的频道是指日可待（已经有人开设对比 C 罗和 MrBeast 订阅人数变化的直播视频）。C 罗承诺会透过 Youtube 频道让球迷以前所未有的方式去了解他的生活，而分享内容不只涉及足球，还会有家庭、健康、营养、教育、事业等题材。

当这家网络安全公司首次提出推动整合、远离单点产品时，投资者担心此举会影响收入，导致公司股价大幅下跌。