Aggregator
.NET 9月红队武器库和资源集合
1 year 9 months ago
九州同庆,盛世华诞!
1 year 9 months ago
CVE-2016-1865 | Apple iOS up to 9.3.2 Kernel null pointer dereference (HT206902 / Nessus ID 92494)
1 year 9 months ago
A vulnerability classified as problematic has been found in Apple iOS up to 9.3.2. Affected is an unknown function of the component Kernel. The manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2016-1865. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
1 year 9 months ago
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as:
147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).
Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google).
But session hijacking isn’t a new technique – so
The Hacker News
CVE-2016-4582 | Apple tvOS up to 9.2.1 Kernel memory corruption (HT206905 / Nessus ID 92496)
1 year 9 months ago
A vulnerability was found in Apple tvOS up to 9.2.1. It has been rated as critical. This issue affects some unknown processing of the component Kernel. The manipulation leads to memory corruption.
The identification of this vulnerability is CVE-2016-4582. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
《网络数据安全管理条例》发布,2025年1月1日正式施行
1 year 9 months ago
《条例》旨在规范网络数据处理活动,保障网络数据安全,促进网络数据依法合理有效利用,保护个人、组织的合法权益,维护国家安全和公共利益。
CVE-2007-4439 | Lighthouse Development Squirrelcart 1.6.3 popup_window.php site_isp_root file inclusion (EDB-4295 / XFDB-36112)
1 year 9 months ago
A vulnerability was found in Lighthouse Development Squirrelcart 1.6.3. It has been classified as critical. This affects an unknown part of the file popup_window.php. The manipulation of the argument site_isp_root leads to file inclusion.
This vulnerability is uniquely identified as CVE-2007-4439. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
68 ядер в одном чипе: новая архитектура процессоров обещает 100-кратный прорыв
1 year 9 months ago
Flow Computing показала, как сочетание разных ядер перевернет мир вычислений.
Cyber-Attacks Hit Over a Third of English Schools
1 year 9 months ago
A survey by Ofqual found that 20% of English schools and colleges were unable to immediately recover after being hit by a cyber incident
CVE-2003-0967 | GNU FreeRADIUS up to 0.9.2 Attribute Attachment memory corruption (EDB-23391 / Nessus ID 67926)
1 year 9 months ago
A vulnerability classified as critical has been found in GNU FreeRADIUS up to 0.9.2. This affects an unknown part of the component Attribute Attachment Handler. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2003-0967. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
«Закиньте немного крипты»: разработчики вредоносного ПО уже совсем обнаглели
1 year 9 months ago
Исследователи Elastic раскрывают любопытную криптоджекинговую операцию.
CVE-2014-7108 | Appbelle Stop Headaches/Migraines 1.2 X.509 Certificate cryptographic issues (VU#582497)
1 year 9 months ago
A vulnerability, which was classified as critical, was found in Appbelle Stop Headaches and Migraines 1.2. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues.
This vulnerability is uniquely identified as CVE-2014-7108. The attack needs to be done within the local network. There is no exploit available.
vuldb.com
Blinks:一款针对Burp Suite Pro的安全扫描增强工具
1 year 9 months ago
Blinks是一款针对Burp Suite Pro的安全扫描增强工具,广大研究人员可以利用该工具增强Burp Suite Pro的安全扫描能力。
A British national has been charged for his execution of a hack-to-trade scheme
1 year 9 months ago
The Department of Justice charged a British national for hacking into the systems of five U.S. organizations. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. companies. Westbrook was arrested in the United Kingdom this week with is awaiting extradition to the United States. “Robert […]
Pierluigi Paganini
Microsoft revised the controversial Copilot+ Recall feature
1 year 9 months ago
Microsoft has made changes to Recall – the screenshot-taking, AI-powered search feature for Copilot+ PCs running Windows 11 – to reassure users worried about security and privacy. The security of the feature has been assessed by Microsoft’s Offensive Research & Security Engineering team and by a third-party security vendor, Microsoft says. Other security professionals will hopefully probe the feature for weaknesses that could put user data at risk. Welcome changes Microsoft unveiled the Copilot+ Recall … More →
The post Microsoft revised the controversial Copilot+ Recall feature appeared first on Help Net Security.
Zeljka Zorz
CVE-2023-31190 | BlueMark Innovations DroneScout ds230 Remote ID Receiver Firmware improper authentication
1 year 9 months ago
A vulnerability classified as critical was found in BlueMark Innovations DroneScout ds230 Remote ID Receiver. This vulnerability affects unknown code of the component Firmware Handler. The manipulation leads to improper authentication.
This vulnerability was named CVE-2023-31190. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2023-45598 | AiLux imx6 up to 1.0.7-1 authorization
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in AiLux imx6 up to 1.0.7-1. This issue affects some unknown processing. The manipulation leads to missing authorization.
The identification of this vulnerability is CVE-2023-45598. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-45593 | AiLux imx6 up to 1.0.7-1 protection mechanism
1 year 9 months ago
A vulnerability was found in AiLux imx6 up to 1.0.7-1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to protection mechanism failure.
This vulnerability is handled as CVE-2023-45593. It is possible to launch the attack on the physical device. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-51453 | DJI Mavic 3 Pro Service Port 10000 libv2_sdk.so process_push_file denial of service
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in DJI Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30 and Mini 3 Pro. Affected by this issue is the function process_push_file of the file libv2_sdk.so of the component Service Port 10000. The manipulation leads to denial of service.
This vulnerability is handled as CVE-2023-51453. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com