Aggregator

Google released emergency security updates to fix the ninth actively exploited Chrome zero-day vulnerability this year. ​​Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited. The vulnerability is a type confusion issue that resides in Chrome’s V8 JavaScript engine. “Google is aware that an exploit for CVE-2024-7971 […]

Всего одна ошибка в настройке сделает ваш сервер магнитом для злоумышленников.

A vulnerability was found in Mage AI. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Terminal Server Command History Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-8072. The attack can be launched remotely. There is no exploit available.

键盘鼠标都最低，派商店 Keychron 系列清仓促销专场 利益相关声明： 文中包含营销（如促销活动）和推广（如返利链接）信息 活动时间：即日起至 8.29省流版：少数派定制 Keychron K3

A vulnerability was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. It has been classified as problematic. Affected is an unknown function of the component User Management Page. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-40886. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 and classified as critical. This issue affects some unknown processing of the component Shared Channel Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-32939. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 and classified as critical. This vulnerability affects the function manage_system. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-8071. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. This affects an unknown part of the file /api/v4/users. The manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2024-42411. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. Affected by this issue is some unknown functionality of the component Email Notification Handler. The manipulation leads to protection mechanism failure. This vulnerability is handled as CVE-2024-39836. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 9.5.7/9.10.0/9.11.0. Affected by this vulnerability is an unknown functionality of the file /dev/zero of the component ElasticSearch Configuration Handler. The manipulation of the argument CA path leads to resource consumption. This vulnerability is known as CVE-2024-39810. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mattermost up to 9.5.7/9.10.0/9.11.0. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-43813. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

根据知情人士的消息，美国油服巨头 Halliburton 遭到网络攻击，影响休斯顿园区和部分全球网络的业务运营。Halliburton 据没有证实也没有否认网络攻击，只是表示公司部分系统发现问题，正在评估原因和潜在影响。知情人士称，Halliburton 要求部分员工不要连上内网。总部位于休斯顿的 Halliburton 是全球最大的油服公司之一，为全球主要能源公司提供钻井服务和设备，有近 48,000 名员工。

Один пароль на ход следствия против «Пирата Неизвестности».

研究人员最近发现了一种新型的恶意软件，名为Banshee Stealer，它专门针对苹果macOS系统。

HVV 遇到了邮件钓鱼，有个样本挺有趣，自己又没分析过样本，于是便想尝试分析一下，并记录下来，同时学习一下红队大佬们的思路，大佬勿喷，讲的比较哆嗦。

葡萄牙足球球星 C 罗（Cristiano Ronaldo）开设了自己的 Youtube 频道 UR·Cristiano，上线半天时间订阅量超过 1000 万，成为史上最快达此成就的 Youtube 主播。C 罗在各大社交平台拥有逾 9 亿粉丝，是 Meta 旗下平台 Instagram 上关注者最多的名人，有逾 6.3 亿粉丝。目前他的 Youtube 频道订阅者人数已经超过了 1500 万。目前人数订阅最多的 Youtube 频道是 MrBeast，有 3.1 亿订阅。以 C 罗现在的走势，相信成为全球最多人订阅的频道是指日可待（已经有人开设对比 C 罗和 MrBeast 订阅人数变化的直播视频）。C 罗承诺会透过 Youtube 频道让球迷以前所未有的方式去了解他的生活，而分享内容不只涉及足球，还会有家庭、健康、营养、教育、事业等题材。

当这家网络安全公司首次提出推动整合、远离单点产品时，投资者担心此举会影响收入，导致公司股价大幅下跌。

据BleepingComputer消息，来自美国肯塔基州的39岁男子Jesse Kipf（杰西·基普夫）使用被盗的凭证侵入夏威夷死亡登记系统，将自己的信息更改为已经去世。 美国司法部 （DoJ） 的一份新闻稿表示，该男子在2023年1月利用了居住在另一个州的医生账户访问了上述系统，制作了一份自己的死亡证明表，将该医生指定为该案件的医疗证明人，并使用医生的数字签名签署了死亡证明。 这份证明成功让该男子在美国政府数据库中显示为”已故“，从而取消了他未履行的子女抚养义务，他自己承认这是自己伪造死亡的主要原因。 此外，该男子还实施了其他的犯罪行为，包括使用被盗的帐户凭证访问私人公司网络和政府系统，并在暗网市场上出售对应的访问权限。他还使用虚假的社会安全号码在金融机构申请借贷并注册借记卡账户。 负责调查的联邦调查局（FBI）的Michael E. Stansbury （迈克尔·斯坦斯伯里）表示，这名黑客入侵各种计算机系统并恶意窃取他人身份以谋取私利的行为将付出代价。 根据统计，该男子包括未支付的子女抚养费在内所造成的总损失至少达到了195750 美元。 根据法院裁决，该男子被判入狱 81 个月，并必须强制服刑85%的刑期，即69个月（超过5.5年）。获释后还将受到为期3年的监管。   转自FreeBuf，原文链接：https://www.freebuf.com/news/409196.html 封面来源于网络，如有侵权请联系删除