Aggregator

Ключевой момент для индустрии информационной безопасности.

The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the

Cybersecurity / ComplianceThe United States Department of Health and Human Services' (HHS) Office

kubernetes

A vulnerability, which was classified as problematic, has been found in Todd Miller sudo 1.8.6p6. This issue affects some unknown processing of the component Authentication Handler. The manipulation as part of Time Reset leads to improper access controls. The identification of this vulnerability is CVE-2013-1775. An attack has to be approached locally. Furthermore, there is an exploit available. Due to its background and reception, this vulnerability has an historic impact. It is recommended to upgrade the affected component.

A vulnerability has been found in lm-sys fastchat and classified as critical. This vulnerability affects unknown code of the file /worker_generate_stream of the component API Endpoint. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2024-10044. The attack can be initiated remotely. There is no exploit available.

声明：该公众号大部分文章来自作者日常学习笔记，未经授权，严禁转载，如需转载，联系洪椒攻防实验室公众号。请勿利用文章内的相关技术从事非法测试，如因此产生的一切不良后果与文章作者和本公众号无关。

S声明：该公众号大部分文章来自作者日常学习笔记，未经授权，严禁转载，如需转载，联系洪椒攻防实验室公众号。请勿利用文章内的相关技术从事非法测试，如因此产生的一切不良后果与文章作者和本公众号无关。0x00

A vulnerability classified as critical was found in SAP HANA 1.00.095. This vulnerability affects unknown code of the component hdbindexserver. The manipulation leads to memory corruption. This vulnerability was named CVE-2015-7986. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Visale 1.0. This issue affects some unknown processing of the file pbpgst.cgi. The manipulation of the argument listno leads to basic cross site scripting. The identification of this vulnerability is CVE-2006-1946. The attack may be initiated remotely. Furthermore, there is an exploit available.

Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in

Cybersecurity / Hacking NewsEvery week, the digital world faces new challenges and changes. Hacker

About Bruce SchneierI am a public-interest technologist, working at the intersection of security,

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-3393 Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

A vulnerability was found in Apple Safari 6.0. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to improper resource management. This vulnerability is known as CVE-2013-2842. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordPress up to 5.7.0. It has been rated as critical. This issue affects some unknown processing of the component Media Library Parser. The manipulation leads to xml external entity reference. The identification of this vulnerability is CVE-2021-29447. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in webTareas up to 2.4p3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file editapprovalstage.php of the component POST Parameter Handler. The manipulation of the argument uq leads to sql injection. This vulnerability is known as CVE-2021-43481. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in osCSS 1.0/1.1/1.2.2/2.10 and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument _ID leads to path traversal. This vulnerability was named CVE-2011-4713. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in DCP-Portal 5.3.1. Affected by this issue is some unknown functionality of the file search.php/calendar.php. The manipulation of the argument q/year leads to cross site scripting. This vulnerability is handled as CVE-2003-1536. The attack may be launched remotely. Furthermore, there is an exploit available.