Aggregator

A vulnerability was found in Linux Kernel up to 6.1.7. It has been classified as critical. Affected is an unknown function of the component poll. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2023-52895. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.6. Affected is the function destroy_pinned_context of the component drm. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2022-48893. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.6. It has been classified as critical. Affected is the function iommu_device_unregister. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-48894. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.228/5.10.163/5.15.88/6.1.6. It has been declared as critical. Affected by this vulnerability is the function pci_get_domain_bus_and_slot of the component ixgbe. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2022-48896. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.6. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2022-48897. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Conducting an external website scan for indicators of compromise is one of the easiest ways to  iden

A vulnerability, which was classified as critical, has been found in Alhazai Leadership Newspapers 1.2. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6657. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in Drar-eym 0.1. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6656. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in GraphicsMagick 1.3.26. It has been classified as problematic. Affected is the function ReadOneJNGImage of the file coders/png.c. The manipulation of the argument height/width leads to use after free. This vulnerability is traded as CVE-2017-15238. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

乌克兰安全局（SBU）拘留了一名当地公民，他涉嫌在关键基础设施附近安装监控摄像头，据称允许俄罗斯情报部门监视这些地点。 乌克兰安全局周一在一份声明中表示，据报道，这名嫌疑人居住在乌克兰东北部城市哈尔科夫，俄罗斯军事情报局 (GRU) 通过社交消息应用程序 Telegram 招募了他，并承诺给他“轻松”的钱。 乌克兰执法部门在基辅逮捕了这名涉嫌俄罗斯间谍的人，他在基辅租了几套可以俯瞰当地能源设施的高层建筑中的公寓。 据乌克兰安全局称，嫌疑人利用这些公寓安装了带有远程访问软件的摄像头，据称可以让俄罗斯人实时监控关键基础设施。 俄罗斯可能利用这些录像来评估其最近对基辅地区空袭的影响，并确定乌克兰防空系统的位置。 乌克兰安全局称，嫌疑人在基辅设立这些“观察站”后，以探望父母为幌子返回哈尔科夫，但实际上是为了纵火焚烧战略铁路线上的继电器柜。 安全部门表示，他们记录了他的一举一动，并最终将他拘留在基辅的一间出租公寓中。被捕时，嫌疑人正在安装一台新的闭路电视 (CCTV) 摄像机，以记录对该市的空袭。 在搜查过程中，执法人员缴获了他的手机和摄像机，其中包含俄罗斯“情报和颠覆活动”的证据。 嫌疑人目前已被拘留。乌克兰安全局表示，他将面临终身监禁和没收财产。 流行的间谍工具 俄罗斯和乌克兰都广泛使用监控摄像头进行间谍活动。它们通常安装在关键基础设施附近，或用于识别部队、防空系统或军事装备的位置。 今年8月，俄罗斯当局警告乌克兰攻击风险地区的居民停止使用监控摄像头，担心它们可能被用于情报收集。 根据俄罗斯内务部（MVD）的声明，乌克兰军队正在远程连接不受保护的闭路电视摄像机，“监视从私人庭院到具有战略意义的道路和高速公路的一切”。 今年 1 月，乌克兰安全官员称，他们关闭了两台在线监控摄像头，据称这些摄像头遭到俄罗斯黑客攻击，用于监视基辅的防空部队和关键基础设施。 这些摄像头安装在基辅的居民楼上，最初供居民监控周边地区和停车场。据称，俄罗斯情报部门在入侵这些摄像头后，获得了远程访问权限，改变了摄像头的视角，并将其连接到 YouTube 以播放敏感视频。 这些画面可能帮助俄罗斯在对乌克兰进行大规模导弹袭击期间向基辅发射无人机和导弹。   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/sRU6TCWNfy9m0WwFKG25AA 封面来源于网络，如有侵权请联系删除

Santa Rita USD’s IT Team Partners with ManagedMethods to Improve Google Security and SafetySanta R

Criminal IP, a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of the most visited IP analysis and lookup tools on the internet. Through the integration, IPLocation.io, a prominent IP address geolocation tracker platform with […]

The post Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Federal civilian agencies across the U.S. government have until the end of the month to fix four ke

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. This vulnerability is known as CVE-2024-7585. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Huawei HarmonyOS and EMUI. It has been declared as problematic. This vulnerability affects unknown code of the component Account Module. The manipulation leads to business logic errors. This vulnerability was named CVE-2024-42034. An attack has to be approached locally. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Huawei HarmonyOS and EMUI. Affected by this issue is some unknown functionality of the component App Multiplier Module. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-42035. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Avaya Aura System Manager 10.1.x.x/10.2.x.x. It has been declared as critical. This vulnerability affects unknown code of the component Command Line Interface. The manipulation leads to sql injection. This vulnerability was named CVE-2024-7477. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Avaya Aura System Manager 10.1.x.x/10.2.x.x. It has been rated as problematic. This issue affects some unknown processing of the component Command-Line Interface. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2024-7480. The attack needs to be approached locally. There is no exploit available.

A vulnerability has been found in NVIDIA Mellanox OS, ONYX, Skyway, MetroX-3 XC and MetroX-2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LDAP AAA Component. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-0104. The attack can be launched remotely. There is no exploit available.