Aggregator
CVE-2024-9203 | Enpass Password Manager up to 6.9.5 on Windows sensitive information in memory
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory.
The identification of this vulnerability is CVE-2024-9203. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign
1 year 9 months ago
Cyber Espionage / HackingNation-state threat actors backed by Beijing broke into a "handful" of U.
Submit #411207: Enpass Password Manager Windows 10 Cleartext Storage of Sensitive Information in Memory [Accepted]
1 year 9 months ago
Submit #411207 / VDB-278561
efchatz
DragonForce: тень, нависшая над бизнесом
1 year 9 months ago
80% выкупа - заманчивое предложение для партнеров одной из самых опасных группировок.
CVE-2024-7108 | National Keep Cyber Security Services CyberMath 1.4/1.5 ACL authorization
1 year 9 months ago
A vulnerability classified as problematic was found in National Keep Cyber Security Services CyberMath 1.4/1.5. This vulnerability affects unknown code of the component ACL. The manipulation leads to incorrect authorization.
This vulnerability was named CVE-2024-7108. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-7107 | National Keep Cyber Security Services CyberMath 1.4/1.5 file access
1 year 9 months ago
A vulnerability classified as problematic has been found in National Keep Cyber Security Services CyberMath 1.4/1.5. This affects an unknown part. The manipulation leads to files or directories accessible.
This vulnerability is uniquely identified as CVE-2024-7107. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Ядерная угроза в облаках: SloppyLemming атакует энергетический сектор
1 year 9 months ago
Специалисты из Cloudflare раскрыли тактику неуловимых хакеров.
CVE-2007-3881 | Pictures Rating index.php msgid sql injection (EDB-4191 / BID-24945)
1 year 9 months ago
A vulnerability classified as critical has been found in Pictures Rating. Affected is an unknown function of the file index.php. The manipulation of the argument msgid leads to sql injection.
This vulnerability is traded as CVE-2007-3881. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
ChatGPT притворяется белкой: фестиваль глупости ИИ глазами Джанель Шейн
1 year 9 months ago
Интервью с автором книги “Кокетливый интеллект”.
N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks
1 year 9 months ago
Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy.
The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.
"These samples enhance Sparkling Pisces' already extensive arsenal
The Hacker News
Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar
1 year 9 months ago
Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like.
SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats.
It's time for a change.
The Hacker News
Ваш ИИ – преступник, а вы – сообщник: новые правила Минюста США
1 year 9 months ago
Сможет ли директор компании сесть в тюрьму за плохое поведение цифрового ассистента?
The number of Android memory safety vulnerabilities has tumbled, and here’s why
1 year 9 months ago
Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number of memory safety vulnerabilities found in the Android codebase per year (Source: Google) Android evolves, and has fewer memory safety vulnerabilities “The Android team began prioritizing transitioning new development to memory-safe languages around 2019. This decision was driven … More →
The post The number of Android memory safety vulnerabilities has tumbled, and here’s why appeared first on Help Net Security.
Zeljka Zorz
HPE Aruba Networking fixes critical flaws impacting Access Points
1 year 9 months ago
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. [...]
Sergiu Gatlan
Black Suit
1 year 9 months ago
cohenido
X 发布首份透明度报告
1 year 9 months ago
自马斯克(Elon Musk)于 2022 年收购其前身 Twitter 以来,X 发布了首份透明度报告。Twitter 以前每半年发布一份透明度报告,最后一份报告有 50 页长,而 X
CVE-2007-3883 | Datadynamics ActiveBar 3.1 ActiveX Control actbar3.ocx first Remote Code Execution (EDB-4190 / Nessus ID 54841)
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in Datadynamics ActiveBar 3.1. Affected by this issue is some unknown functionality of the file actbar3.ocx of the component ActiveX Control. The manipulation of the argument first leads to Remote Code Execution.
This vulnerability is handled as CVE-2007-3883. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
黑客声称窃取了 8700 万条数据记录后,Temu 否认存在违规行为
1 year 9 months ago
胡金鱼
WordPress vs WP Engine: корпоративная битва сделала уязвимыми 40% сайтов в интернете
1 year 9 months ago
WordPress блокирует крупного хостера, оставив пользователей без обновлений.