Aggregator

A vulnerability classified as critical was found in Neogallery 1.1 on Joomla. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument catid leads to sql injection. This vulnerability is known as CVE-2008-0752. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Com Noticias 1.0 on Joomla. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2008-0670. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in PowerScripts PowerNews 2.5.6. This affects an unknown part of the file categories.inc.php. The manipulation of the argument page leads to path traversal. This vulnerability is uniquely identified as CVE-2008-0742. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors. [...]

A vulnerability was found in Freedesktop spice-gtk and classified as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2012-4425. An attack has to be approached locally. Furthermore, there is an exploit available.

Brazil’s Polícia Federal has arrested hacker USDoD, the hacker behind the National Public Data and InfraGard breaches. Brazil’s Polícia Federal (PF) announced the arrest in Belo Horizonte/MG of the notorious hacker USDoD. In August, a CrowdStrike investigation revealed that the hacker USDoD (aka EquationCorp), who is known for high-profile data leaks, is a man from Brazil. The […]

A vulnerability was found in McAfee Cloud Single Sign On. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2014-2586. The attack can be launched remotely. Furthermore, there is an exploit available.

Security Teams Need Support, Mental Health Resources and a Focus on Resilience
Managing the aftermath of a cybersecurity incident can be grueling, and the intense pressure placed on these individuals can take a toll. Stress in the cybersecurity field, particularly post-incident, is a well-documented issue that many professionals quietly struggle with.

New Features From Structure101 Simplify Code Structure, Future-Proof Development
Sonar has integrated Structure 101's design expertise into its platform, enhancing code architecture and reducing dependency issues. This update helps developers streamline workflows and minimize long-term software evolution costs, ensuring good code management across multiple programming languages.

FBI Disrupted DDoS Group in March
Two Sudanese brothers are under criminal indictment in the United States for their role in distributed denial-of-service attacks launched under the moniker of Anonymous Sudan. Among the group's targets were a major Los Angeles hospital and Microsoft.

Most IT Restored, But UHG Is Still Catching Up and Aiming to Win Back Clients
UnitedHealth Group has raised its estimates to nearly $2.9 billion for the total costs this fiscal year of the cyberattack on its Change Healthcare IT services unit. UHG said it is also working to catch up with claims processing and to win back clients disenfranchised by the attack.

New NCSC Chief Also Warns of Threefold Increase in Severe Cyberattacks
The U.K. experienced a 50% spike in cybersecurity incidents posing national security risks this year, according to NCSC CEO Richard Horne. Growing advancements in emerging tech are widening the gap between offensive and defensive cyber capabilities, he warned.

A vulnerability has been found in Deceiver Anahi A Adopter FR 0.1 and classified as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7739. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in FMAC Federation Culinaire 1. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7737. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in 2rv Dr. Sheikh Adnan Ibrahim 1. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7735. Access to the local network is required for this attack to succeed. There is no exploit available.

Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. [...]

A vulnerability, which was classified as critical, was found in Tu-braunschweig libsmi 0.4.8. This affects the function smiGetNode in the library lib/smi.c. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2010-2891. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Adobe Flash Player. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4160. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in "Operation Data Breach". [...]