Aggregator

A vulnerability was found in Adobe Substance3D Sampler up to 4.5. It has been classified as problematic. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-41863. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Sampler up to 4.5 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-41862. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Substance3D Designer up to 13.1.2 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-41864. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Substance3D Sampler up to 4.5. Affected is an unknown function. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-41861. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in averta Slider & Popup Builder Plugin up to 3.1.1 on WordPress. This issue affects the function uploadFile. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-4389. The attack may be initiated remotely. There is no exploit available.

Kootenai Health suffered a data breach impacting over 464,000 patients following a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over 464,088 patients following the leak of their personal information by the ThreeAM (3AM) ransomware gang. Kootenai Health is a healthcare organization based in Coeur d’Alene, Idaho. It is a regional medical center […]

Вторник исправлений у Microsoft прошел с устранением 6 уязвимостей нулевого дня.

15 年前，加州旧金山分校生物物理学家 Leor Weinberger 提出了一个对抗 HIV 的大胆策略——给 HIV 感染患者注射一种经过改造的 HIV。他设想，这种被剥夺了几乎所有基因且不会引发疾病的HIV 变体，可能会击败并抑制自然状态下的 HIV。这种被称为“治疗性干扰颗粒”（TIP）的“去势”HIV，甚至具备在人与人之间传播的能力，有望降低全球艾滋病发病率。如今，这一设想得到了初步验证。Weinberger 和同事在《科学》发表论文称，他们向感染 HIV 的猴子体内注射了一次TIP，可以使其体内的病毒水平在很长一段时间内降低至 1/10000。科学家计划在人体内测试这种“以毒攻毒”的方法。如果这种方法被证明对人体安全有效，则有可能应用于所有 HIV 感染者。Weinberger指出，许多感染者很难获得抗病毒药物，或者无法坚持每日服药，“因此我们有必要尝试一些新的方法”。

Tenable Research has uncovered significant security vulnerabilities in Microsoft’s Azure Health Bot Service, a cloud platform designed to enable healthcare professionals to deploy AI-powered virtual health assistants. The Azure AI Health Bot Service is a cloud-based platform designed for healthcare organizations. It enables developers to create and deploy AI-driven virtual health assistants, which help streamline […]

The post Critical SSRF Vulnerability in Microsoft Azure Let Hackers Compromise Health Bot Services appeared first on Cyber Security News.

商家介绍 现在大厂的ssl一年期证书，基本都已经消失了。今天分享的是Sectigo一年期的免费证书，是hostloc的网友魔法实现的，啥也不说上就行了。 官方网站：https://ssl.hos...

FCIS 2024面向广大的业内专业人士征集大会议题，无论是行业大咖，亦或是行业新人，我们都期待您的加入。

Midjourney, Stability AI и другие теперь вынуждены будут раскрыть свои тайны.

A vulnerability classified as critical was found in SECOM Dr.ID Attendance System up to 3.6.2. This vulnerability affects unknown code. The manipulation of the argument page leads to sql injection. This vulnerability was named CVE-2024-7732. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Researchers studied the infrastructure behind clickbait PDF attacks by analyzing a large dataset of real-world PDFs to identify clickbait ones and their linked infrastructure and found that attackers use various hosting types, including object storage, website hosting, and CDNs.  The attackers exploit vulnerabilities in outdated software components to upload malicious PDFs, while researchers also investigated […]

The post Clickbait PDFs, An Entry point For Multiple Web Based Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

SAP has released its August 2024 security patch update, addressing 17 new vulnerabilities, including two critical flaws that could allow attackers to bypass authentication and fully compromise affected systems. The most severe vulnerability, CVE-2024-41730, affects SAP BusinessObjects Business Intelligence Platform versions 430 and 440. With a CVSS score of 9.8, this “missing authentication check” flaw […]

The post Critical SAP Flaw Let Hackers to Bypass Authentication & Compromise Systems appeared first on Cyber Security News.

Hackers always keep updating their tools and add new ones to adapt to evolving security measures, bypass defenses, and exploit newly discovered vulnerabilities.  Staying ahead of the cybersecurity advancements is completely important for them as doing so helps them maintain their ability to carry out successful cyber attacks. Cybersecurity researchers at The DFIR Report recently […]

The post Hackers Toolkit Unveiled, Comprehensive Tools For Various Cyber Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

SSLoad is a complex malware loader that mainly intrudes into desired systems via phishing emails. Once inside, it performs reconnaissance, and then transfers the collected intelligence to its handlers. SSLoad later uses any available means to get past detection as it installs different forms of harmful code into the system. This program is also designed […]

The post New SSLoad Loader Malware Attacking Users to Infiltrate Login Details appeared first on Cyber Security News.

马斯克（Elon Musk）在收购 Twitter 后向员工发送了一封最后通牒式的邮件，要求他们在 24 小时内点击 Yes 否则就被视为自愿离职。马斯克在这封标题为“A Fork in the Road”的邮件中表示，打造 Twitter 2.0 需要高强度的工作，表现出色才被视为合格。他要求员工在 24 小时做出回应，没有及时点击 Yes 的员工将给予三个月的遣散费。遭到解雇的爱尔兰高管 Gary Rooney 提起了诉讼，他辩称其合同条款明确声明，解雇需要以书面形式提出，而不是拒绝填写表格。爱尔兰劳工法庭裁决 Twitter 未给员工提供足够的通知时间，且未点击 Yes 并不能构成合法的辞职行为。它要求 Twitter（现更名为 X）向 Rooney 赔偿 60 万美元。它基本同意 Rooney 被不公平的解雇。Twitter 可以对这一裁决提起上诉。据 X 高级人力总监 Lauren Wegman 作证，270 名收到邮件的爱尔兰员工中只有 35 人没有点击 Yes。

本周，互联网网络安全态势整体评价为良。

Cryptocurrency scams have changed along with digital currencies and they now employ technological advancements like AI and deepfakes in their sophisticated frauds. The CryptoCore group is an example of these methods where celebrity images are used, major events are exploited, and hijacked social media accounts are taken across platforms such as YouTube, Twitter, and TikTok. […]

The post CryptoCore, Sophisticated Cryptocurrency Scam Attacking Users To Drain Wallets appeared first on Cyber Security News.