Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days

The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed. "Whether a company loses a factory in a fire — or millions of files in a cybersecurity

The Hacker News
Open in Source
#vulnerability#web#acer#The Hacker News
Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites

By Deeba Ahmed The Cl0p Ransomware Gang has begun its clearweb journey by leaking data stolen from PWC.com. This is a post from HackRead.com Read the original post: Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites

CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

CMS Contabil Bandeirantes version 1.0.0 suffers from a cross site request forgery vulnerability.

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-33768: Wemo Smart Plug (Simple Setup Smart Outlet for Smart Home, Control Lights and Devices Remotely Works w/Alexa, Google Assistant, Apple HomeKit)(Pack of 1) - - Amazon.com

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

CVE-2023-3608

A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Global Neobank Revolut Hacked; $20 Million Stolen

By Waqas Revolut has not yet issued an official statement regarding the cyber attack. This is a post from HackRead.com Read the original post: Global Neobank Revolut Hacked; $20 Million Stolen

Threat Roundup for June 30 to July 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2023-37173: Vuls/TOTOLINK/A3300R/cmdi_4 at main · kafroc/Vuls

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.