Found 6141 bookmarks
Custom sorting
(Non-US) :: DSL-3788 :: H/W Rev. Ax/Bx :: F/W v1.01R1B036_EU_EN :: Unauthenticated Remote Code Execution (RCE) Vulnerability
(Non-US) :: DSL-3788 :: H/W Rev. Ax/Bx :: F/W v1.01R1B036_EU_EN :: Unauthenticated Remote Code Execution (RCE) Vulnerability
On November 25, 2024, a third party, from SECURE NETWORK BVTECH, reported the D-Link DSL-3788 hardware revision B2 with firmware version vDSL-3788_fw_revA1_1.01R1B036_EU_EN or below, of a Unauthenticated Remote Code Execution (RCE) vulnerability. When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. Patches were release within the 90-day of the report of the vulnerabilities.
#dlink#EN#2025#announcement#DSL-3788#hardware#RCE#vulnerability
·supportannouncement.us.dlink.com·
(Non-US) :: DSL-3788 :: H/W Rev. Ax/Bx :: F/W v1.01R1B036_EU_EN :: Unauthenticated Remote Code Execution (RCE) Vulnerability
New TorNet backdoor seen in widespread campaign
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
#talosintelligence#EN#2025#TorNet#backdoor#campaign#Poland#Germany#analysis#malware
·blog.talosintelligence.com·
New TorNet backdoor seen in widespread campaign
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.
#tenable#EN#2025#Salt-Typhoon#Analysis#vulnerabilies#State-Sponsored
·tenable.com·
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
OpenAI launches ChatGPT Gov for U.S. government agencies
OpenAI launches ChatGPT Gov for U.S. government agencies
OpenAI on Tuesday announced the launch of ChatGPT for government agencies in the U.S. ...It allows government agencies, as customers, to feed “non-public, sensitive information” into OpenAI’s models while operating within their own secure hosting environments, OpenAI CPO Kevin Weil told reporters during a briefing Monday.
#cnbc#EN#2025#US#OpenAI#ChatGPT#government#sensitive#information
·cnbc.com·
OpenAI launches ChatGPT Gov for U.S. government agencies
Mysterious backdoor found on select Juniper routers
Mysterious backdoor found on select Juniper routers
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023. The devices were infected with what appears to be a variant of cd00r, a publicly available "invisible backdoor" designed to operate stealthily on a victim's machine by monitoring network traffic for specific conditions before activating.
#theregister#EN#2025#backdooring#Juniper#cd00r#backdoor
·theregister.com·
Mysterious backdoor found on select Juniper routers
Sweden launches sabotage probe after another data cable damaged in Baltic Sea Europe
Sweden launches sabotage probe after another data cable damaged in Baltic Sea Europe
Another undersea data cable, this time connecting Sweden and Latvia, has been severed in the Baltic Sea, officials from both countries said Sunday. The incident prompted Sweden to launch a criminal probe into the matter and seize a "suspect vessel" vessel headed for Russia.
#france24#EN#2025#cable#Sweden#Latvia#Baltic#undersea#sabotage#Russia
·france24.com·
Sweden launches sabotage probe after another data cable damaged in Baltic Sea Europe
Security Advisory SNWLID-2025-0002
Security Advisory SNWLID-2025-0002
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. IMPORTANT: SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors. We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability. Please note that SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.
#SonicWall#EN#2025#CVE-2025-23006#advisory
·psirt.global.sonicwall.com·
Security Advisory SNWLID-2025-0002
Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side
Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side
Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.
#cside.dev#EN#2025#skimmer#cyber#DSS#client-side#PCI#policies#c/side#website#javascript#card#development#web#attack#browser#chain#breaches#content#manager#vulnerability#data#magecart#supply#client/side#credit#security#tag#v4#script#formjacking
·cside.dev·
Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side
Russian Cyber Army. Who is it?
Russian Cyber Army. Who is it?
In December 2023, the Molfar website experienced a DDoS attack. This occurred immediately after the publication of our extensive investigation into the production of Shaheds and Lancets, which included the deanon of the family of chief designer Zakharov. Recently, Molfar discovered who was behind that DDos attack. Molfar's OSINT analysts, in collaboration with the DC8044 F33d community team, identified several Russian hackers allegedly connected to Russian state structures and received funding from them. Some of these individuals are Ukrainian.
#molfar#EN#2025#OSINT#doxing#NoName057#Russian#Cyber#army
·molfar.com·
Russian Cyber Army. Who is it?
Rsync contains six vulnerabilities
Rsync contains six vulnerabilities
Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write,–safe-links bypass, and symbolic-link race condition.
#cert.org#EN#2025#CVE-2024-12084#advisory#CVE-2024-12747#CVE-2024-12085#CVE-2024-12088#CVE-2024-12086#CVE-2024-12087
·kb.cert.org·
Rsync contains six vulnerabilities
A look at the recent rsync vulnerability
A look at the recent rsync vulnerability
On January 14, Nick Tait announced the discovery of six vulnerabilities in rsync, the popular file-synchronization tool. While software vulnerabilities are not uncommon, the most serious one he announced allows for remote code execution on servers that run rsyncd — and possibly other configurations. The bug itself is fairly simple, but this event provides a nice opportunity to dig into it, show why it is so serious, and consider ways the open-source community can prevent such mistakes in the future. The vulnerabilities were found by two groups of researchers: Simon Scannell, Pedro Gallegos, and Jasiel Spelman from Google's Cloud Vulnerability Research identified five of them, including the most serious one. Aleksei Gorban, a security researcher at TikTok, discovered the sixth — a race condition in how rsync handles symbolic links.
#LWN.net#EN#2025#rsync#vulnerability#CVE-2024-12084
·lwn.net·
A look at the recent rsync vulnerability