Aggregator

Yak MITM劫持流程详解！

Five men have been indicted in connection with crimes committed by the Scattered Spider group

Инструмент для контроля багхантеров повышает безопасность бизнеса.

HKCERT CTF 2024 Web/Misc/Forensics Write up

A vulnerability was found in mdedev Run Contests, Raffles, and Giveaways with ContestsWP Plugin up to 2.0.3 on WordPress. It has been rated as problematic. Affected by this issue is the function add_query_arg. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11456. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in slimndap Theater Plugin up to 0.18.6.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function add_query_arg. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11371. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in cservit affiliate-toolkit Plugin up to 3.6.7 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10675. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in themeum Tutor LMS Plugin up to 2.7.6 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation of the argument rating_filter leads to sql injection. The identification of this vulnerability is CVE-2024-10400. The attack may be initiated remotely. There is no exploit available.

Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been

Vanta announced a number of new and upcoming products enabling customers to build, demonstrate and enhance their GRC and trust programs. The new offerings include Vanta for Marketplaces to strengthen trust across a company’s entire ecosystem; adaptive scoping; AI-powered chat for Trust Centers; developer-first workflows for faster remediation; and expanded reporting capabilities. The announcements coincide with a number of highlights for the company in 2024: Now continuously monitoring over 92 million resources across customers—from laptops … More →

The post Vanta announces new products to enhance GRC and trust programs appeared first on Help Net Security.

Всё больше незащищённых устройств открывают новые двери для атакующих.

分享我实验室白泽智能团队被CCS2024 录用的最新研究 Neural Dehydration，该工作提出了一种与水印类型无关的通用移除攻击，成功破解了当下10款主流的黑盒模型水印，在保持目标模型可用性的同时，对数据的依赖性也极低。