Aggregator

A vulnerability classified as problematic has been found in Anuko Time Tracker 1.19.23.5311. Affected is an unknown function of the component Password Reset Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2020-27423. Access to the local network is required for this attack. Furthermore, there is an exploit available.

The Python script leverages low-level interactions with the Windows operating system, which imports crucial libraries like `System.Reflection`, `ctypes`, and `wintypes`, enabling it to directly invoke Windows APIs.  It allows the script to manipulate system behavior at a fundamental level, potentially enabling actions like loading malicious payloads, modifying system settings, or evading security measures.  It is […]

The post Weaponized Python Scripts Deliver New SwaetRAT Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

#硬件设备 树莓派预计会在本周宣布推出 16GB 内存版的树莓派 5 和对应的 CM5 计算模块。NotebookCheck 收到的独家消息称树莓派的新版本消息应该在 1 月 8 日

shiro-web 框架分析

A vulnerability has been found in Symantec Endpoint Protection up to 12.1.6 MP4 and classified as critical. This vulnerability affects unknown code of the component TNEF. The manipulation leads to numeric error. This vulnerability was named CVE-2016-3645. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

An attacker with physical access can abruptly restart the device and dump RAM, as analysis of this memory may reveal FVEK keys from recently running Windows instances, compromising data encryption.  The effectiveness of this attack is, however, limited because the data stored in RAM degrades rapidly after the power is cut off. The script flashimage.sh […]

The post Windows 11 BitLocker Bypassed to Extract Encryption Keys appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Attackers published 20 malicious npm packages impersonating legitimate Nomic Foundation and Hardhat plugins, where these packages, downloaded over 1,000 times, compromised development environments and potentially backdoored production systems and resulted in financial losses. They are utilizing Ethereum smart contracts, such as 0xa1b40044EBc2794f207D45143Bd82a1B86156c6b, to store and distribute Command & Control (C2) server addresses to compromised systems, […]

The post Malicious npm Packages Stealing Developers’ Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in PivotX 2.1.0/2.1.1/2.1.2/2.2.0/2.2.1. Affected is an unknown function of the file pivotx/includes/blogroll.php. The manipulation of the argument src leads to cross site scripting. This vulnerability is traded as CVE-2011-0772. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

这些事件不仅暴露了网络安全的薄弱环节，也揭示了数据泄露的严重性以及网络安全防御的紧迫性

2025年1月11日，20:00pm，北京·福浪LIVEHOUSE

2024年，网络攻击的规模和复杂性达到了前所未有的水平，给个人、企业和政府机构带来了前所未有的挑战。数百万人的数据被盗和泄露。从医疗保健提供商到VPN运营商和娱乐公司再到生产力平台，从Ivanti V

由安全419主办，密码资本、元起资本、格尔软件、360漏洞云、HackingClub、边界无限、航天启星、和人广智、华鸿信安、熠数信息、无糖信息、云起无垠、丈八网安等共同协办的摇滚黑客2025演唱会在

A vulnerability classified as critical has been found in MediaTek MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990 and MT8676. Affected is an unknown function of the component V6 DA. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2024-20145. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MediaTek MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6980, MT6985, MT6989, MT6990, MT8370, MT8390 and MT8676. It has been rated as critical. This issue affects some unknown processing of the component V6 DA. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-20144. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

美国卫生局局长上周呼吁为酒精饮品添加致癌风险警告，认为酒精是一种公认的、可预防的致癌因素，美国每年约有 10 万例癌症病例和 2 万例癌症死亡病例与酒精有关。对此啤酒和烈酒制造商已经做好了准备，对于因健康担忧而放弃饮酒的消费者，它们推出了无酒精饮料。盖洛普去年 8 月的调查显示，近半数的美国人表示每天喝一杯或两杯酒对健康有害，这是该调查 23 年以来的最高比例。年轻人最有可能认为饮酒有害健康。调查还显示，只有 58% 的成年人称自己喝酒，低于 2022 年的 67%。对酒精的健康担忧推动了无酒精饮料市场的增长，分析公司预测到 2028 年这一市场将达到 40 亿美元。年轻群体更青睐此类饮料。2021-2024 年间无酒精啤酒的销量增长了 100% 以上。

A vulnerability was found in MediaTek MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390 and MT8676. It has been declared as problematic. This vulnerability affects unknown code of the component V6 DA. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-20143. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MediaTek MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8755, MT8766, MT8768, MT8775, MT8781, MT8796, MT8798 and MT8893. It has been classified as problematic. This affects an unknown part of the component WLAN STA driver. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2024-20152. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.