Aggregator

CVE-2024-30051漏洞最早由卡巴斯基发现，根据最初上传到VT的该漏洞的简单分析报告，我们通过该报告中漏洞的特征，找到了QakBot利用的实际样本并对其进行了详细分析。

Recently, multiple high-severity vulnerabilities were discovered in Intel Microcode that could potentially lead to privilege escalation. Canonical, the organization behind Ubuntu, has acted swiftly by releasing security updates to address these vulnerabilities. This article explores the details of these vulnerabilities and offers essential guidance on safeguarding your Ubuntu systems.   Overview of Intel Microcode Vulnerabilities […]

The post High-Severity Intel Microcode Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.

The post High-Severity Intel Microcode Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard.

A vulnerability was found in WebKalk2 1.9.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file engine/engine.inc.php. The manipulation of the argument absolute_path leads to file inclusion. This vulnerability is handled as CVE-2007-2307. The attack may be launched remotely. Furthermore, there is an exploit available.

macOS后门，以中国钉钉和微信用户为目标的HZRat后门攻击场景复现及木马检测方法

方正畅享新闻采编系统 binary.do SQL注入漏洞分析复现

缓存投毒之CPDOS

A vulnerability was found in mxBB Mx Shotcast 1.0 Rc2 and classified as critical. Affected by this issue is some unknown functionality of the file getinfo1.php. The manipulation of the argument mx_root_path leads to file inclusion. This vulnerability is handled as CVE-2007-2313. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in androidforums Forum For Android 2.4.4.9. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-5889. The attack can only be done within the local network. There is no exploit available.

美国第二巡回上诉法院维持了 Hachette v. Internet Archive 一案的原判决，裁定互联网档案馆的数字借阅项目侵犯了版权法，驳回了互联网档案馆所持的论点——即借阅行为受到了合理使用原则的保护。因新冠疫情导致了图书馆关闭，互联网档案馆于 2020 年 3 月启动了 National Emergency Library 项目，向困住家中的民众大批量提供电子书的数字借阅服务，不再限制一本电子书一次只借给一个人。该项目立即遭到了出版商和作家的反对。互联网档案馆后来恢复了借阅限制。2020 年 6 月，主要出版商 Hachette、HarperCollins、Penguin Random House 和 Wiley 提起了侵权诉讼。2023 年 3 月，地方法院裁定出版商胜诉。互联网档案馆提起上诉，现在上诉法院再次做出了不利于它的判决。

A vulnerability, which was classified as critical, has been found in mosMedia. This issue affects some unknown processing of the file Mambo/Joomla. The manipulation of the argument mosConfig_absolute_path leads to Remote Code Execution. The identification of this vulnerability is CVE-2007-2043. The attack may be initiated remotely. Furthermore, there is an exploit available.

Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of […]

你可能错过的新鲜事英特尔发布酷睿 Ultra 200V 系列处理器9 月 3 日，英特尔公司在柏林举办发布会，推出酷睿 Ultra 200V 系列处理器。该处理器系列分为 5、7、9 三个类目，共

The DoJ says Russia paid a US company $10m to post disinformation that attracted millions of views online

A vulnerability, which was classified as critical, has been found in Avant-Garde Solutions MOSMedia 1.0.8. This issue affects some unknown processing of the file media.tab.php of the component mediad. The manipulation of the argument mosConfig_absolute_path leads to file inclusion. The identification of this vulnerability is CVE-2007-2043. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in bibleslots SLOTS: Bible Slots Free 1.122 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5888. The attack needs to be approached within the local network. There is no exploit available.

Вебинар Positive Technologies состоится 10 сентября в 14:00.

A vulnerability was found in Apple macOS up to 10.13.1 and classified as critical. This issue affects some unknown processing of the component Kernel. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2017-13817. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

2024年9月5日，深瞳漏洞实验室监测到一则Apache-ofbiz组件存在服务器端伪造请求（SSRF）漏洞的信息，漏洞编号：CVE-2024-45507，漏洞威胁等级：高危。

Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachability Analysis, a feature that identifies and prioritizes vulnerabilities based on their exploitability within the system’s execution flow, allowing for more targeted and effective remediation. With the introduction of Reachability Analysis, Binarly’s Transparency Platform 2.5 provides a truly innovative method to evaluate risk by … More →

The post Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited appeared first on Help Net Security.