Aggregator

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of

A vulnerability, which was classified as critical, has been found in Microsoft Edge. This issue affects some unknown processing of the component Scripting Engine. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-11873. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Новая модель проводит эксперименты и пишет впечатляющие статьи, но стоит ли ей верить?

胡金鱼

ISC2 found that the cybersecurity workforce gap is now at 4.8 million, a 19% increase from 2023

企业资讯

Recently, Eric Parker, a cybersecurity expert and YouTuber, released a new video on ANY.RUN’s interactive sandbox. We recommend you take a look at his tutorial, as it offers a step-by-step guide on how to use the service and save time on reverse engineering. Here’s our overview of the key highlights from the video.  About malware […]

The post How to Analyze Malware in ANY.RUN Sandbox: Eric Parker’s Guide appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in Microsoft Edge. It has been classified as critical. This affects an unknown part of the component Security Feature. The manipulation leads to 7pk security features. This vulnerability is uniquely identified as CVE-2017-11872. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Vidco Software VOC TESTER and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-7609. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in SGI IRIX 6.2. This issue affects some unknown processing of the component netprint. The manipulation of the argument -n leads to improper privilege management. The identification of this vulnerability is CVE-2001-0485. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

银狐最新攻击样本使用MSC文件传播

三年前美国亿万富翁艾萨克曼（Jared Isaacman）带领第一个全私人宇航员团队进入轨道，创造历史。如今 SpaceX 把 4 名宇航员送入自阿波罗时代以来最高的轨道，他们将在太空中停留 5 天，并打开舱门完成私人宇航员的首次太空行走。这项任务被称为“北极星黎明”（Polaris Dawn），除了艾萨克曼，其他三人是退役空军中校兼战斗机飞行员 Scott“Kidd”Poteet 和两名 SpaceX 员工，其中 Sarah Gillis 负责 SpaceX 的宇航员培训计划 ，Anna Menon 是这次任务的主管兼任务控制中心宇航员通讯员。“北极星黎明”是艾萨克曼委托 SpaceX 开展的三次北极星飞行任务中的第一次，9 月 12 日将开展全球首次私人太空行走。艾萨克曼并未透露此次飞行向 SpaceX 支付了多少钱。本次任务的关键目标之一是测试 SpaceX 的宇航服。SpaceX 耗时两年多开发了新太空服，保护宇航员免受辐射和极端温度的伤害，确保宇航员自由移动、与彼此和地面控制人员通信。新的宇航服将尝试通过激光脉冲而非无线电信号。

Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use it as a beachhead for burrowing into corporate networks and devices. The fixes CVE-2024-29847 affects the agent portal of Ivanti Endpoint Manager versions 2024 (with the September update) and 2022 SU5 and earlier, and stems from the application’s improper … More →

The post Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. This vulnerability is uniquely identified as CVE-2024-8694. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

探索 Goja：Golang 中的 JavaS

A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input <script>alert('XSS')</script> leads to cross site scripting. This vulnerability is handled as CVE-2024-8693. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #401858 / VDB-277167

A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2024-8692. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #402043 / VDB-277166