Aggregator
CVE-2024-40897 | GStreamer ORC up to 0.4.38 File orcparse.c stack-based overflow (Nessus ID 208983)
CVE-2024-2236 | libgcrypt RSA timing discrepancy (Nessus ID 208981)
CVE-2020-7071 | PHP up to 7.3.25/7.4.13 URL Validation filter_var input validation (Bug 77423 / Nessus ID 208984)
CVE-2024-9026 | PHP up to 8.1.29/8.2.23/8.3.11 PHP-FPM SAPI null byte or nul character (GHSA-865w-9rf3-2wh5 / Nessus ID 208984)
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
CVE-2024-48822 | Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 FtpConfig.php Privilege Escalation
U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog
Minutes Network Appoints Gaming And Web3 Veteran Jamie King, Former Rockstar Co-Founder, as CMO
El Dorado
CVE-2000-0794 | SGI IRIX 6.2 gmemusage/gr_osview HOME memory corruption (EDB-20127 / XFDB-5063)
CVE-2014-7694 | Fastappz Corvette Museum 1.399 X.509 Certificate cryptographic issues (VU#582497)
How nation-states exploit political instability to launch cyber operations
In this Help Net Security interview, Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, discusses the impact of geopolitical tensions on the frequency and sophistication of cyberattacks. He explains how nation-states and politically motivated groups exploit unrest for strategic advantages, providing examples of recent conflicts and their cyber implications. How do geopolitical tensions directly affect the frequency and sophistication of cyberattacks? Can you give examples of how nation-states or politically motivated groups … More →
The post How nation-states exploit political instability to launch cyber operations appeared first on Help Net Security.
CVE-2016-1352 | Cisco Unified Computing System up to 1.3(1b) HTTP Request os command injection (CSCuv33856 / Nessus ID 93108)
CVE-2016-1362 | Cisco AireOS up to 7.4.120.0/7.5.x/7.6.100.0 on WLC HTTP Request resource management (CSCun86747 / Nessus ID 90893)
CVE-2016-2184 | Linux Kernel 3.10.0-229.20.1.el7.x86_64 snd-usb-audio Driver null pointer dereference (USN-2969-1 / EDB-39555)
The dark side of API security
APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori MacVittie, a Distinguished Engineer at F5, discusses the current state of API security. A recent F5 State of Application Strategy report found that: Most organizations’ API estates are expected to expand by 10% over the next two to three years, making security a major priority. Less than 70% … More →
The post The dark side of API security appeared first on Help Net Security.
Congress Seeks Urgent Action After Chinese Telecom Hack
Congress is demanding answers from AT&T, Verizon, and Lumen after reports revealed that Chinese hackers breached U.S. telecom infrastructure, targeting systems linked to court-authorized wiretaps, as the FBI and the Cybersecurity and Infrastructure Security Agency investigate the Salt Typhoon group.
Revenue Cycle Vendor Notifying 400,000 Patients of Hack
A Texas-based revenue cycle management firm is notifying about 400,000 individuals of a hacking incident it says originated with another third party. The incident is among a growing list of major breaches implicating vendors and cumulatively affecting tens of millions of patients so far this year.
Oil and Gas Firms Aware of Cyber Risks
The oil and gas industry has high levels of cyber awareness and low levels of cyber insurance, says a sectoral assessment from credit rating agency Moody's. The sector has experienced a clutch of high-profile attacks including a high-profile 2021 incident at Colonial Pipeline.