Aggregator
Exposing Source Code via SVN: A $400 Discovery
2 months 3 weeks ago
CVE-2024-8072 | Mage AI Terminal Server Command History information disclosure (jfsa-2024-0010)
2 months 3 weeks ago
A vulnerability was found in Mage AI. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Terminal Server Command History Handler. The manipulation leads to information disclosure.
This vulnerability is known as CVE-2024-8072. The attack can be launched remotely. There is no exploit available.
vuldb.com
键盘鼠标都最低,派商店 Keychron 系列清仓促销专场
2 months 3 weeks ago
键盘鼠标都最低,派商店 Keychron 系列清仓促销专场 利益相关声明: 文中包含营销(如促销活动)和推广(如返利链接)信息 活动时间:即日起至 8.29省流版:少数派定制 Keychron K3
CVE-2024-40886 | Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 User Management Page cross-site request forgery
2 months 3 weeks ago
A vulnerability was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. It has been classified as problematic. Affected is an unknown function of the component User Management Page. The manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2024-40886. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-32939 | Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 Shared Channel access control
2 months 3 weeks ago
A vulnerability was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 and classified as critical. This issue affects some unknown processing of the component Shared Channel Handler. The manipulation leads to improper access controls.
The identification of this vulnerability is CVE-2024-32939. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8071 | Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 manage_system access control
2 months 3 weeks ago
A vulnerability has been found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 and classified as critical. This vulnerability affects the function manage_system. The manipulation leads to improper access controls.
This vulnerability was named CVE-2024-8071. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-42411 | Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 /api/v4/users unusual condition
2 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. This affects an unknown part of the file /api/v4/users. The manipulation leads to improper check for unusual conditions.
This vulnerability is uniquely identified as CVE-2024-42411. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-39836 | Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 Email Notification protection mechanism
2 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. Affected by this issue is some unknown functionality of the component Email Notification Handler. The manipulation leads to protection mechanism failure.
This vulnerability is handled as CVE-2024-39836. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-39810 | Mattermost up to 9.5.7/9.10.0/9.11.0 ElasticSearch Configuration /dev/zero CA path resource consumption
2 months 3 weeks ago
A vulnerability classified as problematic was found in Mattermost up to 9.5.7/9.10.0/9.11.0. Affected by this vulnerability is an unknown functionality of the file /dev/zero of the component ElasticSearch Configuration Handler. The manipulation of the argument CA path leads to resource consumption.
This vulnerability is known as CVE-2024-39810. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-43813 | Mattermost up to 9.5.7/9.10.0/9.11.0 access control
2 months 3 weeks ago
A vulnerability classified as critical has been found in Mattermost up to 9.5.7/9.10.0/9.11.0. Affected is an unknown function. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2024-43813. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
美国油服巨头 Halliburton 遭网络攻击
2 months 3 weeks ago
根据知情人士的消息,美国油服巨头 Halliburton 遭到网络攻击,影响休斯顿园区和部分全球网络的业务运营。Halliburton 据没有证实也没有否认网络攻击,只是表示公司部分系统发现问题,正在评估原因和潜在影响。知情人士称,Halliburton 要求部分员工不要连上内网。总部位于休斯顿的 Halliburton 是全球最大的油服公司之一,为全球主要能源公司提供钻井服务和设备,有近 48,000 名员工。
От Sky ECC к тюрьме: как взлом изменил жизнь наркокартелей
2 months 3 weeks ago
Один пароль на ход следствия против «Пирата Неизвестности».
针对苹果macOS系统的一种新型恶意软件
2 months 3 weeks ago
研究人员最近发现了一种新型的恶意软件,名为Banshee Stealer,它专门针对苹果macOS系统。
【PC样本分析】记录自己的第一次红队钓鱼样本分析
2 months 3 weeks ago
HVV 遇到了邮件钓鱼,有个样本挺有趣,自己又没分析过样本,于是便想尝试分析一下,并记录下来,同时学习一下红队大佬们的思路,大佬勿喷,讲的比较哆嗦。
C 罗成为最快达到千万订阅量的 YouTube 主播
2 months 3 weeks ago
葡萄牙足球球星 C 罗(Cristiano Ronaldo)开设了自己的 Youtube 频道 UR·Cristiano,上线半天时间订阅量超过 1000 万,成为史上最快达此成就的 Youtube 主播。C 罗在各大社交平台拥有逾 9 亿粉丝,是 Meta 旗下平台 Instagram 上关注者最多的名人,有逾 6.3 亿粉丝。目前他的 Youtube 频道订阅者人数已经超过了 1500 万。目前人数订阅最多的 Youtube 频道是 MrBeast,有 3.1 亿订阅。以 C 罗现在的走势,相信成为全球最多人订阅的频道是指日可待(已经有人开设对比 C 罗和 MrBeast 订阅人数变化的直播视频)。C 罗承诺会透过 Youtube 频道让球迷以前所未有的方式去了解他的生活,而分享内容不只涉及足球,还会有家庭、健康、营养、教育、事业等题材。
FreeBuf早报 | MIT发布最全AI风险数据库;网安巨头Palo Alto市值逼近万亿规模
2 months 3 weeks ago
当这家网络安全公司首次提出推动整合、远离单点产品时,投资者担心此举会影响收入,导致公司股价大幅下跌。
为逃避赡养子女义务,美国一男子黑进政府系统伪造死亡证明
2 months 3 weeks ago
据BleepingComputer消息,来自美国肯塔基州的39岁男子Jesse Kipf(杰西·基普夫)使用被盗的凭证侵入夏威夷死亡登记系统,将自己的信息更改为已经去世。 美国司法部 (DoJ) 的一份新闻稿表示,该男子在2023年1月利用了居住在另一个州的医生账户访问了上述系统,制作了一份自己的死亡证明表,将该医生指定为该案件的医疗证明人,并使用医生的数字签名签署了死亡证明。 这份证明成功让该男子在美国政府数据库中显示为”已故“,从而取消了他未履行的子女抚养义务,他自己承认这是自己伪造死亡的主要原因。 此外,该男子还实施了其他的犯罪行为,包括使用被盗的帐户凭证访问私人公司网络和政府系统,并在暗网市场上出售对应的访问权限。他还使用虚假的社会安全号码在金融机构申请借贷并注册借记卡账户。 负责调查的联邦调查局(FBI)的Michael E. Stansbury (迈克尔·斯坦斯伯里)表示,这名黑客入侵各种计算机系统并恶意窃取他人身份以谋取私利的行为将付出代价。 根据统计,该男子包括未支付的子女抚养费在内所造成的总损失至少达到了195750 美元。 根据法院裁决,该男子被判入狱 81 个月,并必须强制服刑85%的刑期,即69个月(超过5.5年)。获释后还将受到为期3年的监管。 转自FreeBuf,原文链接:https://www.freebuf.com/news/409196.html 封面来源于网络,如有侵权请联系删除
内容转载
覆盖 700 余种风险,MIT 发布最全 AI 风险数据库
2 months 3 weeks ago
麻省理工学院(MIT)研究人员近日发布了一个号称迄今为止最全面的AI风险动态数据库,涵盖了43大AI风险类别共计777种AI风险。 这是业界首次尝试全面整理、分析和提取人工智能风险,并整合成一个公开可访问、全面、可扩展的分类风险数据库。为业界统一定义、审计和管理人工智能风险奠定了基础。 对于从事AI安全和治理的专业人士来说,这是一个不可或缺的知识库,可用于创建自己(所在企业)的个性化风险数据库。 AI风险数据库 来源:MIT MIT科技评论的一篇文章指出,AI技术应用面临多种危险,系统可能存在偏见、传播错误信息,甚至具有成瘾性。这些风险只是冰山一角,AI还有可能被用于制造生物或化学武器,甚至在未来失控,造成难以挽回的灾难性后果。 AI风险全景图 为了满足AI风险治理的迫切需求,MIT的计算机科学与人工智能实验室(CSAIL)下属的FutureTech团队着手开发了“全覆盖”AI风险数据库。 据CSAIL网站发布的新闻,研究人员在现有的AI风险框架中发现了大量严重漏洞,现有的最详尽的AI风险框架(例如NIST、谷歌和欧盟发布的框架)也仅涵盖了所有风险的约70%。因此,项目负责人Peter Slattery博士担心决策者可能会因为认知偏差而忽略重要问题,从而形成集体决策盲区。 MIT的AI风险数据库旨在为学者、安全审计人员、政策制定者、AI公司和公众提供关于AI风险“全景图”,为研究、开发和治理AI系统提供了一个统一的参考框架。该数据库由三部分组成:AI风险数据库、AI风险因果分类法以及AI风险领域分类法,具体如下: AI风险数据库:记录了从43种现有框架中提取的700多种风险,并附有相关引用和页码。 AI风险因果分类法:分类AI风险发生的方式、时间和原因。 AI风险领域分类法:将风险分为七大领域和23个子领域,涵盖歧视与有害内容、隐私与安全、虚假信息、恶意行为者及误用、人机交互、社会经济与环境危害、AI系统安全与故障等。 转自安全内参,原文链接:https://mp.weixin.qq.com/s/mH0PKWRoOgZmPlrjsuCoTw 封面来源于网络,如有侵权请联系删除
内容转载
TodoSwift: яблочная техника вновь оказалась на мушке киберзлодеев
2 months 3 weeks ago
Блокчейн-инженеры оказались в эпицентре хакерских интересов