Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Leaked Film: The Accountant 2 (1080p WebRip Repack, Read Note, X264 – COLLECTiVE Release)

在宣布近一年之后，微软通过 Windows Experience Blog 宣布开始向 Copilot+ PC 用户推送受争议的 AI 功能 Windows Recall。Recall 会每隔数秒截取屏幕截图，将其与提取的文本一起储存在本地的可搜索数据库内。该功能因安全隐私方面的争议而多次推迟推出。微软通过修改解决了大部分问题，改进了安全保护措施，优化了敏感信息的内容过滤，最重要的是该功能是 opt-in 而不是 opt-out——即用户选择加入而不是默认启用选择退出。

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. [...]

deGoogle Your Life

美国西北大学的研究人员分析了民主党和共和党的政策文件，显示两党在引用科学文献上存在显著差异。民主党领导的国会委员会和左翼智库引用研究论文的可能性高于右翼智库。前者也更可能引用高影响力论文。但两党很少引用相同的研究或相同的主题。研究人员使用了政府政策数据库 Overton，该数据库包括了美国国会各委员会在 1995-2021 年间发布的约 5 万份政策文件，以及 121 家智库同期发布的约 20 万份报告，这些文件共引用了 42.4 万篇科学文献。研究显示，今天的政策文件比过去更可能引用科学文献，民主党领导的委员会更可能引用科学文献，而且与共和党相比差距在扩大。民主党领导的委员会发布的文件引用科学文献的可能性是共和党的 1.8 倍。双方的智库在引用科学文献上差距更大。左翼智库引用科学文献的可能性是右翼智库的 5 倍。

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to bypass safety protocols and extract potentially dangerous content from multiple popular AI platforms. These “jailbreaks” affect services from industry leaders including OpenAI, Google, Microsoft, and Anthropic, highlighting a concerning pattern of systemic weaknesses across the AI industry. Security researchers have identified […]

The post Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Author/Presenter: Suha Sabi Hussain

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Ground Truth – Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs appeared first on Security Boulevard.

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals to promote unverified supplements and treatments. These synthetic “doctors” exploit public trust in the medical field, often directing users to purchase products with exaggerated or entirely fabricated health claims. With advancements in generative AI making deepfakes increasingly accessible, experts warn that […]

The post New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SOC Analyst Learning

A vulnerability, which was classified as problematic, was found in DomainMod up to 4.11.01. Affected is an unknown function of the file admin/ssl-fields/add.php of the component Custom SSL Field Handler. The manipulation of the argument notes leads to cross site scripting. This vulnerability is traded as CVE-2018-19751. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. [...]

A vulnerability was found in SAML Single Sign On Plugin up to 2.0.2 on Jenkins and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2023-32991. The attack may be initiated remotely. There is no exploit available.