Aggregator

A forum actor claims to have shared a Uruguay DNIC citizen database containing more than 5.8 million records.

Penguin Random House、Elsevier 和 HarperCollins 等 13 家大型图书出版商今年 3 月联合起诉安娜的档案（Anna’s Archive），指控该影子图书馆助长图书盗版。出版商此举旨在获得法庭禁令，对安娜的档案的域名注册商施压。安娜的档案已经深陷了多起诉讼，去年底流媒体巨头 Spotify 和唱片公司起诉安娜的档案导致其失去了 .org 主域名。本周美国地区法官 Jed S. Rakoff 签署了一项缺席判决书，完全满足了出版商的要求，安娜档案馆被判向出版商赔偿 1950 万美元。法官还发布了一项范围广泛的永久禁令，要求二十多家全球域名注册商、托管商和服务提供商立即关闭安娜的档案的其余域名。鉴于网站运营者身份匿名，赔偿金基本不可能兑现，因此它面临的影响主要是禁令，如美国公司 Cloudflare 和 OwnRegistrar 将需要遵守禁令。

在网络滥用领域，总有一些精明的从业者投入时间寻找新的方法来支持网络犯罪，毕竟这是一个利润丰厚的领域

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]

A vulnerability was found in National Keep Cyber Security Services CyberMath 1.4. It has been declared as problematic. The affected element is an unknown function. The manipulation results in cross-site request forgery. This vulnerability is known as CVE-2023-6676. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mia Technology MİA-MED up to 1.0.6 and classified as problematic. The affected element is an unknown function of the component Policy Handler. The manipulation leads to exposure of sensitive information due to incompatible policies. This vulnerability is listed as CVE-2023-6517. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Mia Technology MİA-MED up to 1.0.6. It has been declared as very critical. This impacts an unknown function. Such manipulation leads to authorization bypass. This vulnerability is documented as CVE-2023-6515. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Mia Technology MİA-MED up to 1.0.6. Affected by this issue is some unknown functionality. The manipulation leads to exposure of data element to wrong session. This vulnerability is traded as CVE-2023-6519. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Mia Technology MİA-MED up to 1.0.6. This affects an unknown part. The manipulation results in unprotected storage of credentials. This vulnerability is known as CVE-2023-6518. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability described as very critical has been identified in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System on iOS/Android. This vulnerability affects unknown code. Executing a manipulation can lead to authorization bypass. This vulnerability is registered as CVE-2023-6724. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability has been found in Oduyo Financial Technology Online Collection up to 1.0.1 and classified as critical. This affects an unknown function. Performing a manipulation results in sql injection. This vulnerability is known as CVE-2023-6677. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in UNI-PA University Marketing & Computer Internet Trade University Information System and classified as critical. This vulnerability affects unknown code. The manipulation results in sql injection. This vulnerability is known as CVE-2023-6441. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Utarit Information Technologies SoliPay Mobile App up to 5.0.7. This impacts an unknown function. The manipulation results in sql injection. This vulnerability is cataloged as CVE-2023-5155. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Utarit Information Technologies SoliPay Mobile App up to 5.0.7. Affected is an unknown function. This manipulation causes improper privilege management. This vulnerability is registered as CVE-2023-4993. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Utarit Information Technologies SoliPay Mobile App up to 5.0.7. Affected by this vulnerability is an unknown functionality. Such manipulation leads to hard-coded credentials. This vulnerability is documented as CVE-2023-6255. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

Mozilla 宣布 Firefox 未来将移除 asm.js 相关代码，因为它早有了后继者 WebAssembly，同时维护两者耗费时间且增加攻击面。asm.js 是 Mozilla 对 NaCl 和 PNaCl 的回应：通过选择一个严格静态的 JavaScript 子集获得类似 NaCl/PNaCl 的性能，同时代码又能直接运行在 Web 内容中。asm.js 于 2013 年随 Firefox 22 发布，获得了巨大的成功，证明只使用 Web 技术就能在 Web 上以接近原生的速度运行代码，它为 WebAssembly 的诞生铺平了道路，WebAssembly 在 2019 年成为 W3C 标准。Mozilla 从 Firefox 148 开始 JS 引擎 SpiderMonkey 默认禁用 asm.js 优化，未来版本将完全移除相关代码，使用 asm.js 的网站不会受到影响，开发者建议想要继续使用 asm.js 发布内容的网站重编译到 WebAssembly，它的执行速度更快，二进制文件更小。

Серая экономика прокси оставляет владельцев сайтов без эффективных средств защиты.

Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services