Aggregator

A vulnerability was found in Special Text Boxes Plugin up to 6.2.2 on WordPress. It has been classified as critical. This affects an unknown part of the component Shortcode Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-8481. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in SAP EnjoySAP and classified as problematic. Affected by this vulnerability is an unknown functionality of the component ActiveX Control. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2007-3608. The attack can be launched remotely. Furthermore, there is an exploit available.

卡巴斯基报告，Google Play 市场提供的两款应用“无他相机（Wuta Camera）”和 Max Browser 被发现含有了恶意 SDK。这两款应用的下载量达到 1100 万次。SDK 表面上支持广告展示，但背后使用了一系列复杂方法与恶意服务器秘密通信，上传用户数据并下载可随时执行和更新的恶意代码。该恶意程序家族被称为 Necro。在包含恶意 SDK 的应用中，无他相机下载量愈千万次，受影响的版本为 v6.3.2.148 到 6.3.6.148， Max Browser 下载量百万次，它已从 Google Play 下架。其它受影响应用包括了 Spotify、Minecraft、WhatsApp、Stumble Guys、Car Parking Multiplayer 和 Melon Sandbox 的修改版本。

A vulnerability was found in Scriptcase 9.4.019 and classified as problematic. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation of the argument id_form_msg_title leads to cross site scripting. This vulnerability is handled as CVE-2024-8942. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Scriptcase 9.4.019 and classified as very critical. Affected by this vulnerability is an unknown functionality in the library /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ of the component POST Request Handler. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2024-8940. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Scriptcase 9.4.019. Affected is an unknown function of the file /scriptcase/devel/compat/nm_edit_php_edit.php. The manipulation of the argument subpage leads to path traversal. This vulnerability is traded as CVE-2024-8941. It is possible to launch the attack remotely. There is no exploit available.

The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China (PRC) and Russia. "The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated

Absolute Security announced AI Threat Insights. This new AI-powered threat detection capability is now available through the Absolute Secure Access Security Service Edge (SSE) offering. With the AI Threat Insights module activated, customers using Absolute to continuously monitor all network traffic across PC fleets can detect and act against zero-day threats, ransomware, other malware, and suspicious user, device and application behaviors. This innovation provides proactive alerts to help organizations anticipate and respond to security risks, … More →

The post Absolute AI Threat Insights monitors, detects, and prioritizes suspicious activity appeared first on Help Net Security.

Cloudflare is now verifying WhatsApp’s Key Transparency audit proofs to ensure the security of end-to-end encrypted messaging conversations without having to manually check QR codes. We are publishing the results of the proof verification to https://dash.key-transparency.cloudflare.com for independent researchers and security experts to compare against WhatsApp’s. Cloudflare does not have access to underlying public key material or message metadata as part of this infrastructure.

The Cloudflare Terraform provider used to be manually maintained. With the help of our existing OpenAPI code generation pipeline, we’re now automatically generating the provider for better endpoint and attribute coverage, faster updates when new products are announced and a new API documentation site to top it all off. Read on to see how we pulled it all together.

Cloudflare is extending the use of our public DNS resolver through partnering with ISPs and network providers to deliver a safer browsing experience directly to families. Join us in protecting every Internet user from unsafe content with the click of a button, powered by 1.1.1.1 for Families.

Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features.

A vulnerability, which was classified as problematic, was found in SAP EnjoySAP. Affected is an unknown function of the component ActiveX Control. The manipulation leads to denial of service. This vulnerability is traded as CVE-2007-3607. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. [...]

NetApp announced enhancements to its portfolio of cyber resiliency offerings to strengthen security for customers. NetApp is announcing the general availability of its NetApp ONTAP Autonomous Ransomware Protection with AI (ARP/AI) solution, with 99% accuracy for detecting ransomware threats. Customers can use ARP/AI to monitor abnormal workload activity and automatically snapshot data at the point in time of attack, so they can respond and recover faster from attacks with the most accurate storage level security … More →

The post NetApp enhances security directly within enterprise storage appeared first on Help Net Security.

SonicWall found that data breaches caused by malware attacks on US healthcare organizations have affected 14 million people so far in 2024

A poorly executed “handover” of US-based Kaspersky customers has led some users to panic when software named UltraAV popped up on their computers without any action on their part. What happened? Earlier this year, for national security reasons, the US Department of Commerce announced a US-wide ban of Kaspersky AV solutions, to be finalized in late September 2024. Consumers and organizations using Kaspersky software were urged to transition to using software by other vendors. Earlier … More →

The post US-based Kaspersky users startled by unexpected UltraAV installation appeared first on Help Net Security.

Модель YOLO - конец эпохи «я не робот»?

NETGEAR expanded its Nighthawk WiFi 7 standalone router line to include the new RS600, RS500, and RS200. The lineup of Nighthawk routers is built on the company’s promise to deliver the latest WiFi 7 technology combined with powerful WiFi performance and secure connectivity for homes of any size. Powerful, secure WiFi 7 for everyone Since the launch of NETGEAR’s first WiFi 7 offering – Nighthawk RS700S – multi-gig internet speeds have become more accessible and … More →

The post NETGEAR announces three WIFI 7 routers to secure connectivity for homes of any size appeared first on Help Net Security.

Telegram 的月活跃用户接近 10 亿，它是世界最流行的消息平台之一，但也因为缺乏监管饱受批评。上个月Telegram CEO Pavel Durov 在法国机场被捕，原因就与其平台