Share

RSS

More Articles…

• From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company
• NIS: what it is and how it protects cybersecurity
• Advanced persistent threats (APTs): what they are and how to defend yourself
• Penetration Testing and MFA: A Dual Strategy to Maximize Security
• Penetration Testing: Where to Strike to Protect Your IT Network
• Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.
• Why IT audit and log management are important for Cybersecurity
• Red Team, Blue Team and Purple Team: what are the differences?

Categories …

• Backup as a Service (18)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (22)
• Conferenza Cloud (4)
• Cyberfero (15)
• ICT Monitoring (5)
• Log Management (2)
• News (25)
• ownCloud (4)
• Privacy (7)
• Security (203)
  • Cyber Threat Intelligence (CTI) (8)
  • Deception (4)
  • Ethical Phishing (11)
  • Netwrix Auditor (2)
  • Penetration Test (11)
  • Posture Guard (3)
  • SOCaaS (65)
    • EDR (3)
    • SIEM (13)
    • SOAR (5)
    • UEBA (10)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

darkreading

• Faux ChatGPT, Claude API Packages Deliver JarkaStealer November 22, 2024
  Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.
• Yakuza Victim Data Leaked in Japanese Agency Attack November 22, 2024
  A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.
• What Talent Gap? Hiring Practices Are the Real Problem November 22, 2024
  While the need for cybersecurity talent still exists, the budget may not. Here's how to maximize security staff despite hiring freezes.
• Leaky Cybersecurity Holes Put Water Systems at Risk November 22, 2024
  At least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens.
• Going Beyond Secure by Demand November 22, 2024
  Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software.
• China's Cyber Offensives Built in Lockstep With Private Firms, Academia November 22, 2024
  The scale of Beijing's systematic tapping of private industry and universities to build up its formidable hacking and cyber-warfare capabilities is larger than previously understood.
• Microsoft Highlights Security Exposure Management at Ignite November 22, 2024
  Building on its broad security portfolio, Microsoft's new exposure management is now available in the Microsoft Defender portal, with third-party-connectors on the way.
• MITRE: Cross-Site Scripting Is 2024's Most Dangerous Software Weakness November 21, 2024
  In addition to XSS, MITRE and CISA's 2024 list of the 25 most dangerous security vulnerability types (CWEs) also flagged out-of-bounds write, SQL injection, CSRF, and path traversal.
• Study Finds 76% of Cybersecurity Professionals Believe AI Should Be Heavily Regulated November 21, 2024
• Endace Establishes Middle East Regional Headquarters in Saudi Arabia November 21, 2024

Full Disclosure

• APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1 November 21, 2024
  Posted by Apple Product Security via Fulldisclosure on Nov 21APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1 macOS Sequoia 15.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/121753. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. JavaScriptCore Available for: macOS Sequoia Impact: Processing maliciously crafted […]
• Local Privilege Escalations in needrestart November 21, 2024
  Posted by Qualys Security Advisory via Fulldisclosure on Nov 21Qualys Security Advisory LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) ======================================================================== Contents ======================================================================== Summary Background CVE-2024-48990 (and CVE-2024-48992) CVE-2024-48991 CVE-2024-10224 (and CVE-2024-11003) Mitigation Acknowledgments Timeline I got bugs...
• APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2 November 21, 2024
  Posted by Apple Product Security via Fulldisclosure on Nov 21APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2 iOS 17.7.2 and iPadOS 17.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121754. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. JavaScriptCore Available for: iPhone XS […]
• APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1 November 21, 2024
  Posted by Apple Product Security via Fulldisclosure on Nov 21APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1 iOS 18.1.1 and iPadOS 18.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/121752. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. JavaScriptCore Available for: iPhone XS […]
• APPLE-SA-11-19-2024-2 visionOS 2.1.1 November 21, 2024
  Posted by Apple Product Security via Fulldisclosure on Nov 21APPLE-SA-11-19-2024-2 visionOS 2.1.1 visionOS 2.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/121755. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. JavaScriptCore Available for: Apple Vision Pro Impact: Processing maliciously crafted web […]
• APPLE-SA-11-19-2024-1 Safari 18.1.1 November 21, 2024
  Posted by Apple Product Security via Fulldisclosure on Nov 21APPLE-SA-11-19-2024-1 Safari 18.1.1 Safari 18.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/121756. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. JavaScriptCore Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously […]
• Reflected XSS - fronsetiav1.1 November 21, 2024
  Posted by Andrey Stoykov on Nov 21# Exploit Title: Reflected XSS - fronsetiav1.1 # Date: 11/2024 # Exploit Author: Andrey Stoykov # Version: 1.1 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-14-reflected.html Reflected XSS #1 - "show_operations.jsp" Steps to Reproduce: 1. Visit main page of the application. 2. In the input field of "WSDL Location" […]
• XXE OOB - fronsetiav1.1 November 21, 2024
  Posted by Andrey Stoykov on Nov 21# Exploit Title: XXE OOB - fronsetiav1.1 # Date: 11/2024 # Exploit Author: Andrey Stoykov # Version: 1.1 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-15-oob-xxe.html XXE OOB Description: - It was found that the application was vulnerable XXE (XML External Entity Injection) Steps to Reproduce: 1. Add Python3 […]
• St. Poelten UAS | Path Traversal in Korenix JetPort 5601 November 21, 2024
  Posted by Weber Thomas via Fulldisclosure on Nov 21St. Pölten UAS 20241118-1 ------------------------------------------------------------------------------- title| Path Traversal product| Korenix JetPort 5601 vulnerable version| 1.2 fixed version| - CVE number| CVE-2024-11303 impact| High homepage| https://www.korenix.com/ found| 2024-05-24 by| P. Oberndorfer, B. Tösch, M....
• St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro November 21, 2024
  Posted by Weber Thomas via Fulldisclosure on Nov 21St. Pölten UAS 20241118-0 ------------------------------------------------------------------------------- title| Multiple Stored Cross-Site Scripting product| SEH utnserver Pro vulnerable version| 20.1.22 fixed version| 20.1.35 CVE number| CVE-2024-11304 impact| High homepage| https://www.seh-technology.com/ found| 2024-05-24 by| P....