Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

April 7, 2024

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes.

The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0.

The issue has been addressed in version 7.10.1 released on March 27, 2024, following responsible disclosure on March 25. "This update includes important security fixes," the maintainers of LayerSlider said in their release notes.

LayerSlider is a visual web content editor, a graphic design software, and a digital visual effects that allows users to create animations and rich content for their websites. According to its own site, the plugin is used by "millions of users worldwide."

21:59
thehackernews, EN, 2024, WordPress, LayerSlider, CVE-2024-2879
SurveyLama, plateforme de sondages en ligne française, a subi une attaque exposant les données de plus de 4 millions d'utilisateurs

La violation des données a été signalée par Have I Been Pwned, une application qui avertit les utilisateurs que leurs données personnelles ont été piratées.

21:57
clubic, FR, 2024, SurveyLama, Data-Breach
+92,000 Internet-facing D-Link NAS devices can be easily hacked

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.

21:47
securityaffairs, EN, 2024, D-Link, NAS, devices, backdoor
Help us to take down the parasite website | Notepad++

I’ve received numerous complaints via email, social media, and forums regarding a website that poses a significant threat to our community. The site in question is https://notepad.plus/ which appears prominently when users google for “download Notepad++”.

11:48
notepad-plus-plus, EN, 2024, impersonation, parasite, website, Notepad++, announce, help
DSoS attacks statistics and observations

he year 2023 turned out to be quite rich in events and trends in the field of cybersecurity. We witnessed a new term "white noise", the development of artificial intelligence led to increased bot activity, which significantly affected commercial companies. We detected signs of a resurgence in popularity of commercial DDoS attacks. The implementation of "remote office" technologies led to the expansion of communication channels and, as a result, increased intensity of attacks. But first things first.

DDoS Attacks by Vectors
The fourth quarter of the past year didn't bring any surprises in terms of the distribution of mixed attacks by vectors. UDP flood once again topped the list with a rate of 60.20%. IP flood came in second at 16.86%. Multivector attacks also made it into the top three with 13.36%. Overall, the distribution was as follows:

UDP flood - 60.20%
SYN flood - 7.26%
IP flood - 16.86%
Multivector attacks - 13.36%

11:46
qrator, EN, 2024, DDoS, Attacks, Statistics, 2023, Year-in-Review