Read Time:5 Second
World Economic Forum data shows G20 executives are more concerned about economic risks that cyber-threats
Yearly Archives: 2024
UK’s NCA Disrupts Multibillion-Dollar Russian Money Launderers
Read Time:6 Second
The National Crime Agency has made scores of arrests in a bid to bring down two major Russian money laundering networks
ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)
Read Time:1 Minute, 3 Second
What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application’s configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source software that lets you share files with your clients with privacy. CVE-2024-11680 has been added to CISA Known Exploited Catalog (KEV) on December 4, 2024.What is the recommended Mitigation?ProjectSend has released a patch for CVE-2024-11680. Organizations that have not implemented the latest patch are advised to do so immediately.According to VulnCheck, it found that only 1% of users were using the patched version of ProjectSend (r1750).Public exploits for CVE-2024-11680 are available, and since the exploitation is confirmed, companies must assess exposure, implement fixes and take appropriate action.What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard IPS protection is being reviewed to block any attack attempts related to CVE-2024-11680.
Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe
Read Time:7 Second
Orange Cyberdefense found that hacktivist gang Noname has almost exclusively targeted European countries since March 2022, with no attacks impacting the US
chromium-131.0.6778.108-1.fc41
Read Time:9 Second
FEDORA-2024-791faa660a
Packages in this update:
chromium-131.0.6778.108-1.fc41
Update description:
Update to 131.0.6778.108
High CVE-2024-12053: Type Confusion in V8
chromium-131.0.6778.108-1.el10_0
Read Time:10 Second
FEDORA-EPEL-2024-60aa72a3e6
Packages in this update:
chromium-131.0.6778.108-1.el10_0
Update description:
Update to 131.0.6778.108
High CVE-2024-12053: Type Confusion in V8
chromium-131.0.6778.108-1.el9
Read Time:9 Second
FEDORA-EPEL-2024-3ed223d8ce
Packages in this update:
chromium-131.0.6778.108-1.el9
Update description:
Update to 131.0.6778.108
High CVE-2024-12053: Type Confusion in V8
chromium-131.0.6778.108-1.fc40
Read Time:9 Second
FEDORA-2024-35cc1d9ec0
Packages in this update:
chromium-131.0.6778.108-1.fc40
Update description:
Update to 131.0.6778.108
High CVE-2024-12053: Type Confusion in V8
chromium-131.0.6778.108-1.el8
Read Time:9 Second
FEDORA-EPEL-2024-18733ad580
Packages in this update:
chromium-131.0.6778.108-1.el8
Update description:
Update to 131.0.6778.108
High CVE-2024-12053: Type Confusion in V8
SEC Consult SA-20241204-0 :: Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE)
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 04
SEC Consult Vulnerability Lab Security Advisory < 20241204-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Image Access Scan2Net
vulnerable version: Firmware <=7.40, <=7.42, <7.42B
(depending on the vulnerability)
fixed version: mostly fixed in v7.42B
CVE number: CVE-2024-28138,…