Skip to main content
Abstract art
Abstract art
Abstract art
Abstract art

For individuals

14 Oct 2024
Biztonsági szemle

High-severity Windows vulnerability leveraged in new OilRig APT attacks

After injecting PowerShell commands in a vulnerable web server, OilRig proceeds to leverage CVE-2024-30088 to facilitate password filter DLL registration for plaintext credential capturing, 'ngrok' utility installation for covert communications, and the targeting of Microsoft Exchange servers with the novel 'StealHook' backdoor.
scmagazine.com
Read more
14 Oct 2024
Biztonsági szemle

CISA: Attacks exploiting F5 BIG-IP cookies underway

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency about ongoing attacks exploiting unencrypted F5 BIG-IP Local Traffic Manager module-managed persistence cookies to discover other devices within the targeted network.
scmagazine.com
Read more
14 Oct 2024
Biztonsági szemle

US telcos, agencies sought for more Salt Typhoon hack info

Major U.S. telecommunications firms AT&T, Verizon, and Lumen Technologies have been urged by House Energy and Commerce Committee leaders to provide more information on their response to Chinese state-backed threat operation Salt Typhoon's successful infiltration of their networks for wiretap warrant request compromise.
scmagazine.com
Read more
14 Oct 2024
Riasztás

CVE-2024-9680 - Mozilla Firefox Animation Timeline Handler sérülékenysége

nki.gov.hu
Read more
14 Oct 2024
Riasztás

Critical - CVE-2024-9921 - The Team+ from TEAMPLUS TECHNOLOGY does not...

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database...
security-database.com
Read more
14 Oct 2024
Riasztás

High - CVE-2024-9922 - The Team+ from TEAMPLUS TECHNOLOGY does not...

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
security-database.com
Read more
14 Oct 2024
Riasztás

NA - CVE-2024-49214 - QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x...

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
security-database.com
Read more
14 Oct 2024
Riasztás

Medium - CVE-2024-9923 - The Team+ from TEAMPLUS TECHNOLOGY does not...

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root...
security-database.com
Read more
14 Oct 2024
Riasztás

Critical - CVE-2024-9924 - The fix for CVE-2024-26261 was incomplete, and...

The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which...
security-database.com
Read more
14 Oct 2024
Riasztás

NA - CVE-2024-38862 - Insertion of Sensitive Information into Log...

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions
security-database.com
Read more
Language
Type