119 matches found
NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation
The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol LDAP Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use...
GE General Electric Renewable Energy MDS Radios 加密问题漏洞
GE General Electric Renewable Energy MDS Radios are a family of industrial wireless solutions from General Electric GE. GE General Electric Renewable Energy's MDS iNET/iNET II/SD/TD220/TD220MAX Radios are vulnerable to an encryption issue that stems from weaknesses in the wireless security softwa...
Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities
An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposur...
FBI warns of bogus job postings on recruitment sites
Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someone’s day. We’re now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert. This isn’t your typica...
CVE-2022-21330 vulnerabilities
Vulnerabilities for packages: mysql...
Business Logic Errors in silverstripe/silverstripe-framework
Description SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number. Proof of Concept 1.After login, go to Security page under the path /admin/security/ 2.Click on any member record 3.In the member edit form, enter a negati...
1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said...
AMD Graphics Driver for Windows 10
Bulletin ID: AMD-SB-1000 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege...
Critical Flaws Uncovered in Pentaho Business Analytics Software
Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...
Poly Network Recoups $610M Stolen from DeFi Platform
A threat actor called “Mr. White Hat” has returned the $610 million they stole from the decentralized finance platform Poly Network. The breached company did everything from threaten to sic law enforcement on the attacker on up to its ultimate offer: the position of chief security officer in...
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
Researchers have disclosed significant security weaknesses in popular antivirus software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The...
The vulnerability of the RabbitMQ messaging broker, related to deficiencies in the security measures used for protecting web page structures, allows attackers to compromise data integrity.
The vulnerability of the RabbitMQ messaging broker is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...
The vulnerability of the `dojox.xmpp.util.xmlEncode` component in the dojox JavaScript library allows a attacker to compromise data integrity.
The vulnerability of the dojox.xmpp.util.xmlEncode component in the dojox JavaScript library is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...
PT-2021-1828 · Microsoft · Windows Dns +1
Name of the Vulnerable Software and Affected Versions: Windows DNS versions affected versions not specified Description: The issue is related to weaknesses in the security mechanisms of the Windows DNS server, allowing an attacker to gain unauthorized access to protected information. It enables...
The vulnerability of the RoundCube Webmail email client, related to deficiencies in the security measures used to protect web page structures, allows attackers to compromise data integrity.
The vulnerability of the RoundCube Webmail email client is related to deficiencies in the security measures used to protect website structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...
Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...
The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.
The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
Publicly Available Tools Seen in Cyber Incidents Worldwide
Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.12345 In it we highlight the use of five publicly available tools, which have been used for malicious purposes in...
This Service Helps Malware Authors Fix Flaws in their Code
Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne'er-do-wells to liberate or else seize...
Human-operated ransomware attacks: A preventable disaster
Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ...