Aggregator

A vulnerability classified as critical was found in beContent 0.3.1. Affected by this vulnerability is an unknown functionality of the file news.php. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2008-0921. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in PHP-Nuke Manuales 0.1. Affected by this issue is some unknown functionality of the file modules.php. The manipulation of the argument cid leads to sql injection. This vulnerability is handled as CVE-2008-0922. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 and classified as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-6966. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Hostforest Forest Blog 1.3.2. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2008-5780. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Bite It! 1.1.8. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7762. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in sincerely Ink Cards 2.0.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-7761. The attack can only be done within the local network. There is no exploit available.

Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...]

Agency Details AI Cybersecurity Risks, Prevention, Mitigation Strategies
Financial regulators with the state of New York on Wednesday published guidance to help organizations identify and mitigate cybersecurity threats related to artificial intelligence. The New York State Department of Financial Services said it's not imposing new requirements.

Also: Radiant Capital Hack and TD Bank Secrecy Act Guilty Plea
This week, an arrest in the U.S. SEC X account hack, a Radiant Capital hack, market manipulation charges on 18 entities, Bitfinex update, Forcount promoter sentenced, Mt. Gox pushed repayment, an alleged fraudster fled, SEC charged Cumberland and TD Bank pleased guilty to BSA violations.

Data Thefts, Leaks Follow Continuing Trend in Healthcare: Expert
A network of family health centers, a public medical center and a plastic surgery practice with nearly 180 years of combined service are among the latest healthcare groups reporting major data theft incidents to regulators. The three hacks affected nearly 740,000 patients and employees.

Also: Internet Archive Limps Back Online, Beware Kerbertoasing and Passkey Takeup
This week, Brazilian police arrested USDoD, Internet Archive is recovering, a Microsoft warning over Kerberoasting and of mounting phishing attacks, Google touted memory safety efforts, Volkswagen said no harm after ransomware attack, and Amazon reported over 175 million customers using passkeys.

一则国家安全部的泄密提醒引来诸多企业回应。10月16日，国家安全部微信公众号发文称，近年来，随着国家安全机关加大对非法测绘活动的打击力度，部分境外组织逐步转向与国内企业开展所谓项目合作逃避监管，非法采