Aggregator

ESET раскрывает изощрённую схему атаки на изолированные системы.

美国普林斯顿大学 John J. Hopfield 和加拿大多伦多大学 Geoffrey E. Hinton 获得 2024 年度诺贝尔物理学奖，以表彰他们“基于人工神经网络实现机器学习的基础性发现和发明”。两位科学家使用物理学方法训练人工神经网络。当谈论人工智能时，我们通常指的是使用人工神经网络的机器学习。这项技术最初是受到大脑结构的启发。在人工神经网络中，大脑的神经元由具有不同值的节点表示。这些节点通过连接相互影响，这些连接可以被比作突触，可以增强或减弱。例如，通过在同时具有高值的节点之间建立更强的连接来训练网络。今年的获奖者从 1980 年代开始就在人工神经网络方面开展了重要的工作。John Hopfield 发明了一种网络，可以使用一种方法保存和重建模式。我们可以把节点想象成像素。Hopfield 网络利用物理学描述材料的特性，这是由于它的原子自旋。整个网络的描述方式相当于物理中发现的自旋系统中的能量，并通过寻找节点之间的连接值来训练，以便保存的图像具有低能量。当 Hopfield 网络得到一张扭曲或不完整的图像时，它会有条不紊地通过节点并更新它们的值，这样网络的能量就会下降。因此网络逐步找到最像它输入的不完美图像的已存图像。Geoffrey Hinton 使用 Hopfield 网络作为新网络的基础，它采用了一种不同的方法——玻尔兹曼机。它可以学习识别给定类型数据中的特征元素。Hinton 使用了统计物理学的工具，通过给机器输入在实际运行时很可能出现的例子来训练它。玻尔兹曼机器可以用来对图像进行分类，或者为它所训练的模式类型创建新的例子。Hinton在这项工作的基础上，帮助开启了当前机器学习的爆炸性发展。

A vulnerability was found in Diebold Nixdorf Vynamic View up to 5.9.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-45245. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. This vulnerability is handled as CVE-2024-9536. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ireadercity Short Stories 3.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7491. The attack can only be initiated within the local network. There is no exploit available.

October 8, 2024Thank you to Jason for writing in and sharing with his his recently released s

Juniper Networks announced its new Juniper Secure AI-Native Edge solution, with a new Security Assurance product, combining Juniper Mist’s AI-Native and cloud-native network operations with the efficacy security solution. By integrating network and security operations together under a single cloud and Mist AI engine, customers and partners have a holistic, integrated solution that accelerates the detection, diagnosis and resolution of potential network threats in various environments. Network and content security is crucial for organizations in … More →

The post Juniper Secure AI-Native Edge accelerates detection of potential network threats appeared first on Help Net Security.

Как инцидент скажется на крупнейшей водоснабжающей компании в стране?

A vulnerability classified as problematic has been found in Siemens JT Open and PLM XML SDK. This affects an unknown part of the component XML Handler. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-37996. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Siemens JT Open and PLM XML SDK. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-37997. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Katie Seaborn Zotpress Plugin up to 7.3.10 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-47621. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in ILLID Advanced Woo Labels Plugin up to 2.01 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-47622. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in GhozyLab Gallery Lightbox Plugin up to 1.0.0.39 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-47623. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in BannerSky BSK Forms Blacklist Plugin up to 3.8.1 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-47624. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Quillforms Quill Forms Plugin up to 3.7.0 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-47393. It is possible to initiate the attack remotely. There is no exploit available.

An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affecting both proprietary and open source software running on its various chipsets. Among those is CVE-2024-43047, a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could lead to “memory corruption while maintaining memory maps of [high level operating system (HLOS)] memory.” The vulnerability’s … More →

The post Qualcomm zero-day under targeted exploitation (CVE-2024-43047) appeared first on Help Net Security.

NASA напомнило о своей космической шкатулке, которая расскажет о человечестве за пару часов.