Aggregator

建议用户定期根据排查步骤对 X 账号进行授权排查，加强账号的安全性。

A sophisticated phishing campaign with Tycoon 2FA Phish-kit has been identified, leveraging Amazon Simple Email Service (SES) and a series of high-profile redirects to steal user credentials. The attack chain, meticulously designed to evade detection, involves multiple stages and utilizes various compromised domains and services. According to the Phishing sample analysis, The phishing attack begins […]

The post Beware! Tycoon 2FA Phish-kit Exploits Amazon SES to Steal User Credentials appeared first on Cyber Security News.

Security researchers have uncovered a critical vulnerability affecting over one million websites. The vulnerability combines OAuth implementation flaws with cross-site scripting (XSS) attacks. The vulnerability stems from the interaction between OAuth, a widely used authentication protocol, and XSS, a long-standing web security issue. While XSS attacks have become less prevalent due to improved security measures, […]

The post Critical OAuth Vulnerability Exposes 1 Million Sites to XSS Attacks appeared first on Cyber Security News.

美国消费者产品安全委员会 (CPSC) 的测试发现，亚马逊平台销售的逾 40 多万件第三方产品存在严重安全风险，会导致死亡和触电，但亚马逊未能充分警告其客户。CPSC 投票一致决定让亚马逊对第三方卖家的缺陷产品承担法律责任，亚马逊被要求制定召回这些危险商品的计划，该计划将需要获得 CPSC 的批准，相关产品包括了高度易燃的儿童睡衣、有故障的一氧化碳探测器，可能导致触电的不安全吹风机，CPSC 担心这些问题商品在美国家庭中仍然被广泛使用。对这一裁决亚马逊已经表示将上诉。相关商品的销售发生在 2018-2021 年之间，亚马逊没有召回而是发出了警告，向受影响客户提供了礼品卡，让他们自行销毁商品。

2024年巴黎奥运会的应用程序正在追踪用户、提取私人数据，并将其出售给广告商和大型科技公司。

A vulnerability was found in CoolKit eWeLink Cloud Service up to 2.18.x. It has been rated as problematic. This issue affects some unknown processing of the component Homepage Module. The manipulation leads to insertion of sensitive information into sent data. The identification of this vulnerability is CVE-2024-7205. The attack may be initiated remotely. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves. It is recommended to upgrade the affected component.

Экстремальные условия позволили смоделировать формирование уникального вещества.

A vulnerability was found in HTML Forms Plugin up to 1.3.33 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-6412. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

SolarWinds has recently addressed 8 critical vulnerabilities pertaining to its Access Rights Manager (ARM) software. This SolarWinds patch has been released prior to the SolarWinds security flaws being exploited in the wild. In this article, we’ll focus on what that patch entails and what the consequences would have been if the vulnerabilities were exploited. SolarWinds […]

The post SolarWinds Patch: Critical ARM Flaws Fixed Before Exploits appeared first on TuxCare.

The post SolarWinds Patch: Critical ARM Flaws Fixed Before Exploits appeared first on Security Boulevard.

A vulnerability was found in User Profile Builder Plugin up to 3.11.8 on WordPress. It has been classified as critical. This affects an unknown part of the component User Registration Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-6695. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in 10Web Slider Plugin up to 1.2.56 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-6408. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SpiderContacts Plugin up to 1.1.7 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6272. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WANotifier Plugin up to 2.6.0 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-6165. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Homebrew brew up to 4.2.19. This issue affects some unknown processing of the file os/linux/elf.rb of the component ELF File Handler. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2024-42381. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

青藤，让云更安全

直播预告 | ISC.AI 2024 数转智改驱动行业创新变革论坛

近日，网宿安全发布《2023年互联网安全报告》，本次报告围绕“体系化主动安全能力建设”这一主题。

采用全面DevOps方法的组织能够有效避免容器化的潜在风险，并保障其在面对日益增加的网络安全威胁时的系统和数据的安全性。

社招、TopSeed校招、实习岗位均有开放，期待你的加入

Куда попадают фотографии, которые вы загружаете на Facebook?