Aggregator

Sophos X-Ops explores the distribution and capabilities of the Atomic macOS Stealer (AMOS)

天津高新区携手360，打造大模型办公业务平台

2024网安周即将启幕 360与您不见不散

Чьи секреты окажутся следующим трофеем злоумышленников?

刀刀见血。

只有安全生产才能保障扩大规模

美国联邦检方起诉了六名俄罗斯人，他们被控在战前合谋入侵乌克兰政府及其盟友的计算机网络，窃取或破坏敏感数据。其中五人是总参情报总局第 29155 部队的军官。微软早在 2022 年 1 月就披露了被称为 WhisperGate 的破坏性恶意软件，感染了数十家乌克兰政府、非营利组织和 IT 组织。它伪装成勒索软件，但实际上会通过擦除主引导记录（Master Boot Record）永久性破坏计算机及其数据。2022 年 4 月微软发布新报告称，WhisperGate 是更广泛行动的一部分，旨在通过破坏乌克兰基础设施帮助俄罗斯发动进攻。被美国起诉的六人包括了 29155 部队网络行动指挥官 Yuriy Denisov 上校，他手下的 Vladislav Borokov 中尉、Denis Denisenko 中尉、Dmitriy Goloshubov 中尉、Nikolay Korchagin 中尉，以及一位参与合谋的平民 Amin Stigal。

A vulnerability classified as problematic was found in Ivory Search Plugin up to 5.5.6 on WordPress. This vulnerability affects unknown code of the component AJAX Search Form. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-6835. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as problematic, was found in FreeBSD. This affects an unknown part of the component nvlist Array String Handler. The manipulation leads to improper null termination. This vulnerability is uniquely identified as CVE-2024-45288. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in FreeBSD and classified as critical. This vulnerability affects the function ctl_report_supported_opcodes of the component Kernel. The manipulation leads to improper filtering of special elements. This vulnerability was named CVE-2024-42416. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in FreeBSD and classified as critical. This issue affects the function ctl_request_sense. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-43110. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in FreeBSD. It has been classified as critical. Affected is the function ctl_write_buffer. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-45063. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in FreeBSD. It has been declared as critical. Affected by this vulnerability is the function ctl_write_buffer/ctl_read_buffer. The manipulation leads to uninitialized resource. This vulnerability is known as CVE-2024-8178. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Booking for Appointments and Events Calendar Plugin up to 1.2.3/7.7 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-6332. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Form Vibes Plugin up to 1.4.12 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-5309. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in Share This Image Plugin up to 2.02 on WordPress. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-8363. It is possible to launch the attack remotely. There is no exploit available.