The Global Anycast Network

Share

RSS

More Articles…

• From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company
• NIS: what it is and how it protects cybersecurity
• Advanced persistent threats (APTs): what they are and how to defend yourself
• Penetration Testing and MFA: A Dual Strategy to Maximize Security
• Penetration Testing: Where to Strike to Protect Your IT Network
• Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.
• Why IT audit and log management are important for Cybersecurity
• Red Team, Blue Team and Purple Team: what are the differences?

Categories …

• Backup as a Service (18)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (22)
• Conferenza Cloud (4)
• Cyberfero (15)
• ICT Monitoring (5)
• Log Management (2)
• News (25)
• ownCloud (4)
• Privacy (7)
• Security (203)
  • Cyber Threat Intelligence (CTI) (8)
  • Deception (4)
  • Ethical Phishing (11)
  • Netwrix Auditor (2)
  • Penetration Test (11)
  • Posture Guard (3)
  • SOCaaS (65)
    • EDR (3)
    • SIEM (13)
    • SOAR (5)
    • UEBA (10)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

darkreading

• Thousands of Buggy BeyondTrust Systems Remain Exposed January 3, 2025
  Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
• New HIPAA Cybersecurity Rules Pull No Punches January 3, 2025
  Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
• Treasury Dept. Sanctions Chinese Tech Vendor for Complicity January 3, 2025
  Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.
• Apple Offers $95M to Settle Siri Privacy Lawsuit January 3, 2025
  The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.
• Why Small Businesses Can't Rely Solely on AI to Combat Threats January 3, 2025
  The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.
• Chrome Extension Compromises Highlight Software Supply Challenges January 3, 2025
  The Christmas Eve compromise of data-security firm Cyberhaven's Chrome extension spotlights the challenges in shoring up third-party software supply chains.
• Proposed HIPAA Amendments Will Close Healthcare Security Gaps January 2, 2025
  Changes to the healthcare privacy regulation, including technical controls for network segmentation, multifactor authentication, and encryption, would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities.
• CDAO Sponsors Crowdsourced AI Assurance Pilot in the Context of Military Medicine January 2, 2025
• Unpatched Active Directory Flaw Can Crash Any Microsoft Server January 2, 2025
  Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.
• UN General Assembly Adopts Cybercrime Treaty January 2, 2025

Full Disclosure

• Multiple vulnerabilities in CTFd versions <= 3.7.4 December 31, 2024
  Posted by Blazej Adamczyk on Dec 30━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Multiple vulnerabilities in CTFd versions
• IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass December 31, 2024
  Posted by hyp3rlinx on Dec 30[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.ibm.com [Product] Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i. IBM Navigator for i supports the vast majority of tasks that […]
• IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF) December 31, 2024
  Posted by hyp3rlinx on Dec 30[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_Server_Side_Request_Forgery_CVE-2024-51463.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.ibm.com [Product] Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i. IBM Navigator for i supports the vast majority of tasks that...
• CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205 December 22, 2024
  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code Execution product| Ewon Flexy 205 vulnerable version|
• Stored XSS with Filter Bypass - blogenginev3.3.8 December 19, 2024
  Posted by Andrey Stoykov on Dec 18# Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8 # Date: 12/2024 # Exploit Author: Andrey Stoykov # Version: 3.3.8 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html Stored XSS Filter Bypass #1: Steps to Reproduce: 1. Login as admin and go to "Content" > "Posts" 2. On […]
• [SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269) December 19, 2024
  Posted by Matthias Deeg via Fulldisclosure on Dec 18Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom Affected Version(s): 14.5.0.15 Tested Version(s): 14.5.0.15 Vulnerability Type: Improper Privilege Management (CWE-269) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-10-18 Solution Date: 2024-12-17 Public Disclosure:...
• [KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities December 17, 2024
  Posted by Egidio Romano on Dec 16--------------------------------------------------------------------------- GFI Kerio Control
• RansomLordNG - anti-ransomware exploit tool December 17, 2024
  Posted by malvuln on Dec 16This next generation version dumps process memory of the targeted Malware prior to termination The process memory dump file MalDump.dmp varies in size and can be 50 MB plus RansomLord now intercepts and terminates ransomware from 54 different threat groups Adding GPCode, DarkRace, Snocry, Hydra and Sage to the ever […]
• APPLE-SA-12-11-2024-9 Safari 18.2 December 12, 2024
  Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-9 Safari 18.2 Safari 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121846. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Ventura and macOS Sonoma Impact: On a […]
• APPLE-SA-12-11-2024-8 visionOS 2.2 December 12, 2024
  Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-8 visionOS 2.2 visionOS 2.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121845. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Crash Reporter Available for: Apple Vision Pro Impact: An app may […]