Aggregator

The open technology, which tackles disinformation, has gained steam in the past year, surpassing 500 corporate members and continuing to evolve.

Authors/Presenters: Bryson Bort, Tom VanNorman

-

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – ICS 101 appeared first on Security Boulevard.

A vulnerability classified as problematic was found in Progress Telerik Reporting 10.2.24.924/18.0.24.130/18.1.24.2.514/18.1.24.709/18.2.24.924. Affected by this vulnerability is an unknown functionality. The manipulation leads to absolute path traversal. This vulnerability is known as CVE-2024-6097. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formexeCommand. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-25343. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Progress Telerik Document Processing Libraries 2024.4.1106. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-11343. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HashiCorp Nomad and Nomad Enterprise up to 1.9.5. It has been declared as critical. This vulnerability affects unknown code of the component ACL Policy. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-0937. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Atlas up to 2.3.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-46910. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DIR-853 A1 1.20B07 and classified as critical. Affected by this issue is some unknown functionality of the component SetDynamicDNSSettings Module. The manipulation of the argument Password leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-25744. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in D-Link DIR-853 A1 1.20B07. Affected is an unknown function of the component SetVirtualServerSettings Module. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-25743. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in D-Link DIR-853 A1 1.20B07 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SetIPv6PppoeSettings Module. The manipulation of the argument IPv6_PppoePassword leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-25741. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in D-Link DIR-853 A1 1.20B07. This issue affects some unknown processing of the component SetWanSettings Module. The manipulation of the argument Password leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-25746. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in D-Link DIR-853 A1 1.20B07. This vulnerability affects unknown code of the component SetSysEmailSettings Module. The manipulation of the argument AccountPassword leads to stack-based buffer overflow. This vulnerability was named CVE-2025-25742. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in gchq stroom up to 7.2.23/7.3-beta.21/7.4.3/7.5-beta.1. This affects an unknown part. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2025-25182. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Telerik KendoReact up to 9.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2024-12629. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Progress Telerik Document Processing Libraries 2024.4.1106. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component .NET Standard 2.0. The manipulation leads to files or directories accessible. This vulnerability is known as CVE-2024-11629. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Telerik Kendo UI for Vue up to 6.0.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-11628. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel, a Trump administration source told CNN. The New York Times first reported that Alexander Vinnik, a Russian money laundering suspect, is being released from U.S. custody in exchange for Marc Fogel, according to a Trump administration source. Alexander Vinnik, a […]

US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.

大规模物联网数据泄露事件曝光27亿条记录，包含Wi-Fi密码，涉及全球设备用户，严重危及网络安全，呼吁立即采取措施保护敏感数据。

A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. [...]