Aggregator

A vulnerability was found in Microsoft Windows 11 22H2/11 23H2/11 24H2/Server 2022 23H2/Server 2025. It has been rated as problematic. This issue affects some unknown processing of the component Virtual Hard Disk. The manipulation leads to sensitive data storage in improperly locked memory. The identification of this vulnerability is CVE-2024-38264. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft SQL Server 2016/2017/2019. Affected is an unknown function of the component Native Client. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-43459. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft SQL Server 2016/2017/2019. Affected by this vulnerability is an unknown functionality of the component Native Client. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-43462. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Intel Server Board M70KLP. This vulnerability affects unknown code of the component UEFI Firmware. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-39609. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Intel Server Board M10JNP2SB Family and classified as critical. Affected by this issue is some unknown functionality of the component UEFI Firmware. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2024-41167. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. This vulnerability is handled as CVE-2024-11208. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Microsoft .NET and Visual Studio and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to unchecked input for loop condition. This vulnerability is known as CVE-2024-43499. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as very critical, was found in Microsoft .NET and Visual Studio. Affected is an unknown function. The manipulation leads to type confusion. This vulnerability is traded as CVE-2024-43498. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Внезапное сходство с LockBit раскрывает тайные связи вымогательских групп.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations about an active exploitation of a critical vulnerability in Progress Kemp LoadMaster, a popular load balancing and application delivery solution. Designated as CVE-2024-1212, the vulnerability allows remote, unauthenticated attackers to execute arbitrary commands on affected systems, posing a severe threat to organizations […]

The post CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in posimyththemes Plus Addons for Elementor Plugin up to 6.0.3 on WordPress. It has been classified as problematic. This affects the function render of the file modules/widgets/tp_carousel_anything.php. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-10365. It is possible to initiate the attack remotely. There is no exploit available.

Учёные раскрыли механизм двойной природы CED-9.

近日，美国司法部宣布，涉嫌担任勒索软件组织Phobos软件管理员的俄罗斯男子Evgenii Ptitsyn已被从韩国引渡至美国。他被控利用该勒索软件组织策划和实施了涉及全球逾千名受害者的网络攻击，勒索金额超过1600万美元。 这次引渡行动得到了多个国家的协助，包括韩国、日本和欧洲国家的执法机构。美国司法部副部长丽莎·摩纳哥对此表示：“通过全球执法机构的合作，我们向世界证明，无论网络犯罪分子身在何处，都无法逃避正义。” Ptitsyn目前面临13项指控，包括电信欺诈、电信欺诈共谋、计算机欺诈与滥用共谋，以及与黑客和勒索相关的四项敲诈勒索罪和四项故意损害受保护计算机的罪名。 首创“薄利多销”模式的勒索软件组织 Phobos勒索软件首次被发现于2017年末，其名称来源于希腊神话中的恐惧之神。该勒索软件的运行机制与其他勒索软件家族相似：加密受害者的文件，随后要求支付赎金以换取解密密钥。然而，与一些动辄要求数百万美元的高级勒索软件不同，Phobos的赎金金额相对较小，通常在数千美元至数万美元之间。这种“薄利多销”的商业模式使其对中小型组织尤为具有威胁性。 Phobos的受害者覆盖全球，包括医院、学校、地方政府和企业等关键部门。该勒索软件的攻击通常通过以下方式展开： 远程桌面协议（RDP）漏洞利用：攻击者通过扫描互联网中的RDP端口，利用弱密码或未修复的漏洞获得初始访问权限。 钓鱼攻击：通过精心设计的电子邮件欺骗用户点击恶意链接或附件。 内部人员协助：利用企业内部的安全漏洞或合作人员进行渗透。 一旦攻击成功，Phobos会加密受害者的文件并在每个受感染的目录中放置赎金通知，通常包含攻击者的联系信息和支付比特币的说明。 Ptitsyn被捕对Phobos的影响 Ptitsyn以“derxan”和“zimmermanx”等网名活动，据信是Phobos组织的重要管理员之一。他不仅负责开发和维护Phobos，还向其他犯罪分子提供技术支持和指导。其活动范围广泛，直接参与了多起针对政府和企业的勒索攻击。 根据美国网络安全与基础设施安全局（CISA）和联邦调查局（FBI）的警告，Phobos自2020年以来，频繁针对美国的州和地方政府服务发动攻击，对社会基础设施构成了严重威胁。 近年来，Phobos活动频率有所下降。根据网络威胁情报公司Recorded Future的数据显示，与Phobos相关的攻击在最近几个月大幅减少，同时另一个使用Phobos变种的勒索软件组织8Base上个月完全停止了活动。这种变化可能与Ptitsyn的落网直接相关。 然而，网络安全专家警告，不排除Phobos组织在调整策略，或以新身份重返网络犯罪的可能性。勒索软件生态系统的复杂性使得犯罪分子可以迅速更换品牌或加入其他组织，继续其非法活动。 国际合作对抗勒索软件 此次引渡俄罗斯勒索软件组织管理员的行动凸显了国际合作在打击跨国网络犯罪中的重要性。近年来，美国及其盟国通过共享情报和联合执法成功抓捕了多个勒索软件组织的核心成员。例如： 2021年，REvil勒索软件组织的一名主要成员在波兰被捕。 2023年，Hive勒索软件组织的服务器被国际联合行动摧毁。 这表明，全球执法机构正在以更加协同的方式应对勒索软件这一日益增长的威胁，国际合作与技术创新才是打击跨国网络犯罪的关键。       转自Freebuf，原文链接：https://www.freebuf.com/news/415580.html 封面来源于网络，如有侵权请联系删除

Кто обрезал подводные кабели на 1400 км?

A vulnerability was found in Oracle Communications Cloud Native Core Network Slice Selection Function 23.2.0/23.3.1. It has been classified as critical. This affects an unknown part of the component Install/Upgrade. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-44487. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Communications Cloud Native Core Security Edge Protection Proxy 23.3.0. It has been rated as critical. This issue affects some unknown processing of the component Signaling. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-44487. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Oracle Communications Cloud Native Core Unified Data Repository 23.3.1. Affected is an unknown function of the component Signaling. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-44487. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Oracle Communications Service Catalog and Design 7.4.0.7.0/7.4.1.5.0/7.4.2.8.0 and classified as critical. This vulnerability affects unknown code of the component PSR Designer. The manipulation leads to denial of service. This vulnerability was named CVE-2023-44487. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Communications Service Catalog and Design 7.4.0.7.0/7.4.1.5.0/7.4.2.8.0 and classified as critical. This issue affects some unknown processing of the component PSR Designer. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-44487. The attack may be initiated remotely. Furthermore, there is an exploit available.