29 matches found
CVE-2024-40736
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add...
NetBox 安全漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...
CVE-2024-40736
NetBox v4.0.3 is affected by an XSS vulnerability in the /dcim/power-outlets/add endpoint where user-supplied data in the Name parameter can be used to inject arbitrary HTML/JS. The root cause is insufficient filtering/escaping of input in that field, enabling attacker-controlled payloads to exec...
PT-2024-29014 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-outlets/add" endpoint. Recommendations: For...
How helpful are estimates about how much cyber attacks cost?
Coming from the newspaper and media industry, Im no stranger to wanting to write catchy headlines. Im certainly at fault for throwing together a story about so-and-sos house sold for X million dollars. But recently Ive been wondering if those "big numbers" for cybersecurity are helpful at all, ev...
Activist Hackers Are Racing Into the Israel-Hamas War—for Both Sides
Since the conflict escalated, hackers have targeted dozens of government websites and media outlets with defacements and DDoS attacks, and attempted to overload targets with junk traffic to bring them down...
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks
The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky's objective extends to the theft of...
CVE-2023-25409
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets...
CVE-2023-25409
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets...
Improper access control
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets...
CVE-2022-3187
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read...
Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China
Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior CIB so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic,...
Meta blocks Russia-Ukraine disinformation campaigns on Facebook, Instagram
Meta says it has detected and removed two disinformation campaigns regarding the current Russia-Ukraine war. These campaigns, it says, were run by groups in Russia and Ukraine to target Ukraine users. In the post, Nathaniel Gleicher, Metas head of security policy, and David Agranovich, Metas...
COVID-19 Phishing: Exploiting a Global Pandemic
It's sad to think criminals are hard at work taking advantage of the extraordinary stress the world's population is currently experiencing. But they are. New phishing scams exploiting anxiety about COVID-19 are trending upward. Akamai's Carrier Data Science and Threat Research teams analyzing...
Gaza Cybergang Group1, operation SneakyPastes
Gaza Cybergangs is a politically motivated Arabic-language cyberthreat actor, actively targeting the MENA Middle East North Africa region, especially the Palestinian Territories. The confusion surrounding Gaza Cybergang's activities, separation of roles and campaigns has been prevalent in the cyb...
20-Year-Old Man Arrested For Carrying Out Germany's Biggest Data Leak
German federal police have arrested a 20-year-old local student for stealing and publishing a massive trove of personal data of hundreds of politicians, journalists and other public figures last month. The young man, whose identity has not been revealed by the police, was arrested after police...
Thousands of Breached Websites Turn Up On MagBo Black Market
A newly-discovered underground marketplace has been peddling access to more than 3,000 breached websites, catering to hackers hungry for valuable data and the ability to launch a range of attacks on unsuspecting site visitors. Advertisements for the Russian-speaking marketplace called MagBo were...
Egyptian 'Fake News' Law Threatens Citizens with 5000-plus Followers
Do you or someone you know lives in Egypt and holds an account on Facebook, Twitter, or/and other social media platforms with more than 5000 followers? If yes, your account can be censored, suspended and is subject to prosecution for promoting or spreading the fake news through social media...
Cyberwar: Greek & Turkish hackers target each other’s media outlets
By Ionatan Last week the world witnessed cyber-confrontation between Turkish and Greek This is a post from HackRead.com Read the original post: Cyberwar: Greek & Turkish hackers target each other's media outlets...
Forever 21 Says PoS Systems Exposed Customer Data for 8 Months
Fashion retailer Forever 21 confirmed a breach made public in November resulted in the theft of credit card data belonging to an undisclosed number of customers. The company had stated that a lack of encryption used on some of its point-of-sales payment terminals could have resulted in unauthoriz...