C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a command injection vulnerability.
C-MOR Video Surveillance version 5.2401 makes use of unmaintained vulnerability third-party components.
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 stores sensitive information, such as credentials, in clear text.
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the […]
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian […]
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. […]
PortSwigger today announces that The Daily Swig is closing down
New web targets for the discerning hacker
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to […]
A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for WordPress that accounts for over 5 million active installations. The plugin offers site acceleration […]
Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained […]
Is ROI the right method to measure bug bounty value? Check out the cost-benefit analysis of ROI vs. ROM.
FUD can overshadow proactive collaboration with ethical hackers. Let's explore how to combat FUD and get organizational buy-in for bug bounty and VDP.
The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams
ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver
Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options
White House floats round two of regulations Feature It sounds like the start of a bad joke: Digital trespassers from China, Russia, and Iran break into US water systems.…
Feds post $10M bounty for each of the six's whereabouts The US today charged five Russian military intelligence officers and one civilian for their alleged involvement with the data-wiping WhisperGate campaign conducted against Ukraine in January 2022 before the ground invasion began.…
Network admins take a ride on the Fright Bus The Transport for London (TfL) "cyber incident" is heading into its third day amid claims that a popular appliance might have been the gateway for criminals to gain access to the organization's network.…
The US government will remove "unnecessary degree requirements" in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs. The post US Gov Removing Four-Year-Degree Requirements for Cyber Jobs appeared first on SecurityWeek.
SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild. The post Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild appeared first on SecurityWeek.
Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. The post In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams appeared first on SecurityWeek.
Windows TCP/IP - RCE Checker and Denial of Service
Gitea 1.22.0 - Stored XSS
Invesalius3 - Remote Code Execution
NoteMark < 0.13.0 - Stored XSS
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.