Aggregator

Trasparenza e privacy nei concorsi pubblici: c’è ancora qualcosa da sistematizzare

Sistemi XDR (eXtended Detection and Response): a cosa servono, come funzionano, i più efficaci

NIS 2 e ISO 9001: modello ibrido per la gestione integrata della qualità e della cyber security

A vulnerability, which was classified as problematic, has been found in Rapid7 Insight Platform. Affected by this issue is some unknown functionality of the component Password Policy Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-11401. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

ISC Stormcast For Wednesday, December 11th, 2024 https://isc.sans.edu/podcastdetail/9250, (Wed, Dec 11th)

A vulnerability classified as problematic was found in Ninja Team Notibar Plugin up to 2.1.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-54269. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Schneider Electric PowerChute Serial Shutdown up to 1.2.0.301. Affected is an unknown function of the file /accessdenied of the component Web Interface. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-10511. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

从零开始学习浏览器漏洞利用，掌握oob技术、JIT编译原理

WPForms插件漏洞允许订阅者级别用户执行Stripe退款，建议尽快升级至1.9.2.2版本。

看雪论坛作者ID：小傲骨

A vulnerability was found in TeamViewer Patch & Asset Management up to 24.11 on Windows. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to incorrect permission assignment. The identification of this vulnerability is CVE-2024-12363. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Schneider Electric Modicon Controllers M241, Modicon Controllers M251, Modicon Controllers M258 and Modicon Controllers LMC058. It has been declared as very critical. This vulnerability affects unknown code of the component Modbus Handler. The manipulation leads to improper input validation. This vulnerability was named CVE-2024-11737. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

多云环境下的安全管理，唯一入选！

Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)

Выявленные проблемы могут стать причиной беспрецедентных атак.

Patch Tuesday, December 2024 Edition

США нанесли серьезный удар по кибершпионажу Китая.

本周，互联网网络安全态势整体评价为良。

2024年12月11日，深瞳漏洞实验室监测到一则Ivanti Cloud Services Application (CSA)组件存在身份验证漏洞漏洞的信息，漏洞编号：CVE-2024-11639，漏洞威胁等级：严重。