Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.57/6.11.4. Affected is the function vcap_api_encode_rule_test. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-50084. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.57/6.11.4. This issue affects the function vm86. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-50072. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.11.4. This vulnerability affects unknown code. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-50081. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

和人一样，随着年龄的增长，鸟类的朋友也越来越少。新研究表明，它们可能只是没有动力。伦敦帝国理工学院领导的这项新研究背后的团队研究了布里斯托尔海峡伦迪岛上一个孤立的麻雀种群。通过绘制所有鸟类的年龄和社交网络，他们发现，年龄较大的麻雀确实倾向于拥有更少的朋友，就像人类一样。原因可能是没有“进化压力”来这样做：虽然友好有助于年轻的鸟类生存和繁殖更成功，但对年长的鸟类来说无需如此。 首席研究员 Julia Schroeder 博士说：“这种进化机制可能也适用于人类——可能是老年人随着年龄的增长不太愿意结交新朋友。”再加上同龄的潜在朋友越来越少，这可能是老年人孤独危机的一个因素。

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. This affects the function gsm_cleanup_mux in the library lib/rbtree.c of the file drivers/tty/n_gsm.c:. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-50073. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.4. It has been rated as critical. Affected by this issue is the function mptcp_pm_nl_rm_addr_or_subflow. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-50085. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been declared as critical. Affected by this vulnerability is the function devm_kasprintf of the component pinctrl. The manipulation of the argument returned leads to null pointer dereference. This vulnerability is known as CVE-2024-50069. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Nintendo has cautioned its users about a sophisticated phishing attack that involves emails mimicking official Nintendo communication. These emails, appearing to come from addresses, are being sent by third parties and are not legitimate communications from the company. Details of the Phishing Attack Nintendo has confirmed that these spoofed emails are being used to disseminate […]

The post Nintendo Warns of Phishing Attack Mimics Company Email Address appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Linus Torvalds 接受采访谈论了最近两年火热无比的 AI，认为九成是营销一成才是现实。他认可 AI 的潜力，但不认同它现在会改变世界，他讨厌围绕 AI 的炒作，因此他目前对 AI 的立场是基本无视它。他认为也许五年后情况会发生改变，我们会看到 AI 在实际工作中的日常应用。

27 岁的英国男子 Hugh Nelson 因使用 AI 创建儿童色情而被判 18 年。他对 16 项儿童色情相关指控认罪，其中包括使用美国软件公司 Daz 3D 的 AI 工具将真实的儿童日常照片转变成儿童色情材料，承认鼓励他人对儿童实施性侵。警方去年 6 月查获了其电子设备，在设备上发现了真实的儿童照片和 AI 生成的儿童色情图像。Nelson 承认根据客户要求制作和销售儿童色情图像。为其提供 AI 工具的 Daz 3D 公司表示其服务条款禁止创建儿童色情材料，将致力于改进其能力防止其软件用于此类用途。

COMThanasia是一款针对COM对象的安全审计工具，可以帮助广大研究人员轻松检测COM对象中的各种安全问题。

A vulnerability was found in Apple macOS up to 10.12.3. It has been rated as critical. This issue affects some unknown processing of the component IOATAFamily. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-2408. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 10.12.3. It has been declared as critical. This vulnerability affects unknown code of the component Intel Graphics Driver. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2443. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

联邦宇宙平台有了自己的短视频应用 Loops，不过集成还在进行之中，应用尚未开源。Loops 由 Pixelfed 开发，注册用户可以上传 60 秒的视频。视频内容将依赖于人工审核，如何审核将依赖于用户的信任评分，低评分的用户上传的视频需要审核，已信任用户上传的视频则可以立即发布。Loops 不会向第三方广告商出售或提供视频，也不会使用用户上传的视频内容训练 AI。

In this Help Net Security interview, security researchers Specter and ChendoChap discuss gaming consoles’ unique security model, highlighting how it differs from other consumer devices. They also share their thoughts on how advancements in console security could shape future consumer and enterprise hardware designs. Specter was a speaker at the Hardwear.io conference that took place last week in Amsterdam. Could you explain what makes the security model of consoles, such as PlayStation, fundamentally different from … More →

The post Inside console security: How innovations shape future hardware protection appeared first on Help Net Security.

CyberPanel 未授权RCE漏洞

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation

A vulnerability was found in Linux Kernel up to 5.19.10. It has been declared as problematic. Affected by this vulnerability is the function unflatten_dt_nodes. The manipulation leads to off-by-one. This vulnerability is known as CVE-2022-48672. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.9-rc1. This issue affects the function scsi_proc_hostdir_rm of the file /proc/scsi/${proc_name}. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-26935. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.