Aggregator

A vulnerability, which was classified as critical, was found in MBed OS 6.16.0. Affected is an unknown function of the component HCI Packet Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-48981. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MBed OS 6.16.0. This issue affects some unknown processing of the component HCI Packet Handler. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-48985. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in MBed OS 6.16.0. This vulnerability affects unknown code of the component HCI Parsing. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-48982. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in MBed OS up to 6.16.0. This affects the function WsfMsgAlloc of the component HCI Packet Handler. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-48983. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MyBB 1.8.38. It has been rated as problematic. Affected by this issue is some unknown functionality of the file install\index.php. The manipulation of the argument Website Name leads to cross site scripting. This vulnerability is handled as CVE-2024-52702. The attack may be launched remotely. There is no exploit available.

新闻速览 •RaaS威胁不断升级，渗透测试技能成为勒索软件团伙新宠 •悬赏400万美元！全球最大规模&#822 […]

根据GitGuardian和CyberArk的研究显示，79%的IT决策者报告经历过凭证泄露事件，较上年的75 […]

A vulnerability was found in ifso If-So Dynamic Content Personalization Plugin up to 1.9.2.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function ifso-show-post of the component Shortcode Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-10796. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in EngineThemes ForumEngine Theme up to 1.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10623. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Mbed OS 6.16.0 and classified as critical. This issue affects some unknown processing of the component HCI Parsing. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-48986. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in IBM DB2 and DB2 Connect Server 11.1/11.5 and classified as critical. This vulnerability affects unknown code of the component Query Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2024-45663. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

2024年11月21日，以“‘廿’念不忘，‘新’之所向”为主题的“第二十届数字金融联合宣传年智享2024特别活 […]

Ford data breach involved a third-party supplier Pierluigi Paga

A vulnerability classified as problematic has been found in Websense Personal Email Manager up to 7.0. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2009-3748. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The Justice Department unsealed charges against five men accused of running prolific phishing campa

U.S. federal government contractors, healthcare providers, public school systems and a law enforcem

Threat actors are exploiting a new cash-out tactic called “Ghost Tap” to siphon funds from stolen credit card details linked to mobile payment services like Google Pay or Apple Pay, which involves relaying NFC traffic, enabling unauthorized transactions without physical access to the victim’s device.  By understanding this emerging threat, financial institutions can enhance their […]

The post Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security interview, Brooke Motta, CEO of RAD Security, talks about how cloud-specific threats have evolved and what companies should be watching out for. She discusses the growing complexity of cloud environments and the importance of real-time detection to protect against increasingly sophisticated attacks. Motta also shares practical advice for SMBs and organizations navigating compliance and cloud security challenges. How have cloud-specific threats evolved over the past few years, and what new … More →

The post Enhancing visibility for better security in multi-cloud and hybrid environments appeared first on Help Net Security.

Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor

一般社団法人Edgecrossコンソーシアムが提供するEdgecross 基本ソフトウェア Windows版には、複数の脆弱性が存在します。