Ricoh Company, Ltd. Security Vulnerabilities

Future Group's E-Commerce Portal Hacked, Disrupting Online Sales

Future Group's plan to boost online sales has encountered a cyber obstacle. Its flagship e-commerce portal, FutureBazaar, was hacked and has been non-functional for the past two days. FutureBazaar CEO Rajiv Prakash described the incident as a "denial of service attack." He stated, "The website has....

CloudBrute - Awesome Cloud Enumerator

A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here...

About the security content of watchOS 10.5

About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

Genesco Inc. Confirms Payment Card Data Breach in U.S. Stores

Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and...

CVE-2024-31936

Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...

CVE-2024-31936

Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...

CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...

Former Hacker Li Jun Donates to Panda Research Center

In 2006, Li Jun, a Chinese man, was jailed for creating the ‘Fujacks’ worm. Recently, he appears to be attempting to rehabilitate his public image by making a donation to a panda research center in China. Li Jun was arrested in February 2007 and charged with writing and selling the "Panda Burning.....

Adobe Animate Input Validation Error Vulnerability (CNVD-2024-19002)

Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate suffers from an input validation error vulnerability that stems from the application's susceptibility to integer overflow, which can be exploited by an attacker to execute arbitrary code in.....

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....

Adobe Animate Code Issue Vulnerability (CNVD-2024-19003)

Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate has a code issue vulnerability that stems from the application being susceptible to NULL pointer dereferencing, which can be exploited by an attacker to cause a system crash, resulting in a.....

Adobe Animate Buffer Overflow Vulnerability (CNVD-2024-19001)

Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads, leading to sensitive memory leaks that can be exploited by attackers to.....

Earn Rewards for Finding Security Flaws in Gmail, YouTube, and More

Google is on the hunt for hackers to find security vulnerabilities in popular web applications like Gmail, Blogger, and YouTube. The tech giant is offering rewards starting at $500 per bug. For vulnerabilities that are "severe or unusually clever," the payout can reach up to $3,133.70....

Adobe Bridge Buffer Overflow Vulnerability (CNVD-2024-18999)

Adobe Bridge is a file viewer from the American company Audobee (Adobe). Adobe Bridge suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads, leading to sensitive memory leaks, which can be exploited by an attacker who can bypass...

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487)

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...

Unspecified Vulnerability in Adobe Illustrator (CNVD-2024-19004)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee (Adobe). A security vulnerability exists in Adobe Illustrator 28.3, 27.9.2 and prior versions, which stems from the application's susceptibility to a stack-based buffer overflow that can be...

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected...

Ring agrees to pay $5.6 million after cameras were used to spy on customers

Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....

Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2024-19005)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee (Adobe). A buffer error vulnerability exists in Adobe Illustrator 28.3, 27.9.2 and prior versions, which stems from the application's susceptibility to out-of-bounds writes, and can be exploited by....

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2024-19006)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee (Adobe). The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects, which can be...

About the security content of tvOS 17.5

About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....

Adobe Animate Buffer Overflow Vulnerability (CNVD-2024-19000)

Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads when parsing carefully crafted files, which may read beyond the end of an....

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised.....

Helm dependency management path traversal

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...

Impacts on ICS from the updated Cyber Assessment Framework (CAF)

NCSC has released an update of the Cyber Assessment Framework (CAF). The CAF represents where the rubber hits the road for the UK’s NIS regulations. TL;DR The NCSC CAF has been updated to version 3.2. There has been a material change to three aspects of the CAF. The changes are broadly sensible...

Command Execution Vulnerability in Dahua EIMS System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the Dahua EIMS system of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to gain server...

Legitimate-Looking Ads Used to Recruit Money Mules for Criminal Operations

Money mules have been aggressively recruited this year to help cybercriminals launder money, according to Fortinet. A recent example of this is the worldwide prosecution of a Zeus criminal operation, which included 37 charges against alleged money mules. Recent Zeus stories illustrate how...

CVE-2024-31406

Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized...

CVE-2024-24245

An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...

CVE-2024-24245

An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...

Hackers Steal Customer Data from McDonald's Partner Database

McDonald's is collaborating with law enforcement after malicious hackers infiltrated another company's database and stole information about an unknown number of the fast-food chain's customers. McDonald's has alerted potentially affected customers via email and through a message on its website....

Qualys Is Proud to Sign CISA’s Secure by Design Pledge

Cybersecurity leaders in the U.S. are very familiar with the Cybersecurity and Infrastructure Security Agency (CISA) and their important work to keep the internet, our country, and its citizens safe from cyber threats. As part of their efforts, CISA has identified secure by design software as a...

U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to....

W32.Yimfoca Worm Targets Facebook Users via Yahoo! Messenger

A new computer worm is denying Facebook users access to their accounts. The worm, named "W32.Yimfoca" by the security company Symantec, spreads through Yahoo! Messenger and specifically targets Facebook users. It forces them to complete surveys before they can log into their profiles. The worm...

Using Legitimate GitHub URLs for Malware

Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property...

JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting (CWE-79) - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

CVE-2024-24245

An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...

Web Server Directory Enumeration

This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...

Rounding up some of the major headlines from RSA

While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...

Deserialization Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-17662)

Beijing Yisetong Technology Development Co., Ltd. is a leading provider of data security business and network security business at home and abroad. A deserialization vulnerability exists in Yisetong's electronic document security management system, which can be exploited by an attacker to gain...

Australian Police Arrest Man for Hacking Nearly 100 Online Accounts

The Australian police have arrested a 33-year-old man accused of hacking into nearly 100 online accounts. The Australian Federal Police's high-tech crime unit has been monitoring the suspect since last September. This surveillance began when a local telecom company alerted the authorities to...

Microsoft AI &#8220;Recall&#8221; feature records everything, secures far less

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it's one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology.....

WikiLeaks Hit by Distributed Denial of Service (DDoS) Attack

WikiLeaks faced another distributed denial of service (DDoS) attack on Tuesday morning, as reported by Fast Company. This attack was more intense than the one on Sunday, but it still didn't come close to shutting down the site. A computer hacker known as "The Jester" shocked officials by claiming.....

SDG Technologies PnPSCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities...

How AI will change your credit card behind the scenes

Many companies are starting to implement Artificial Intelligence (AI) within their services. Whenever there are large amounts of data involved, AI offers a way to turn that pile of data into actionable insights. And there's a big chance that our data are somewhere in that pile, whether they can be....

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

U.S. Bans Kaspersky Software, Citing National Security Risks

The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....