Aggregator

A vulnerability was found in Samsung Devices and classified as critical. This issue affects some unknown processing of the component DualDarManagerProxy. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-34646. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been classified as problematic. Affected is an unknown function of the component DualDarManagerProxy. The manipulation leads to incorrect use of privileged apis. This vulnerability is traded as CVE-2024-34647. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Multitasking Framework. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-34649. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

澳大利亚辐射防护与核安全局领导的一项 WHO 委托进行的系统性评估显示，脑癌与手机使用之间没有关联。评估结果显示，脑癌与超过十年的手机长期使用无关，与手机的使用频次和时长无关。“证据并未显示，手机与脑癌或其他头部、颈部的癌症有关联。”公报说，无线技术设备对健康的影响是被研究得最多的健康课题之一。此次评估参考了 1994-2022 年间发表的 5000 多份研究成果，并采纳其中的 63 份。评估结果表明，尽管过去 20 年无线技术设备的使用大幅增加，但脑癌的发病率并没有上升。

De zogenoemde Quick Reaction Alert (QRA) is vanaf vandaag weer in Nederlandse handen. Dit houdt in dat F-35’s van de Koninklijke Luchtmacht de komende 5 maanden gealarmeerd kunnen worden voor de bewaking van het luchtruim van België, Nederland en Luxemburg.

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

北京时间2024年8月6日14时42分，随着指挥员一声令下，烈焰从长征六号甲运载火箭底部喷射而出，火箭成功将“ […]

在华硕 ROG Ally、联想 Legion Go、Valve Steam Deck 之后，宏碁推出了它的 AMD APU 掌机 Nitro Blaze 7。Nitro Blaze 7 配备了 7 英寸 1080p 可变刷新率 IPS 屏，最高 144Hz；APU 是 Ryzen 7 8840HS，Radeon 780M，内存 16GB 7500 MT/s，电池 50 Wh，SSD 高达 2TB。宏碁尚未披露上市日期以及价格。

The U.S. unsealed indictments of two Russian nationals accused of helping the news outlet RT run a

Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. [...]

在商用密码领域，基础支撑技术目前已经是一个相对独立且标准化的技术体系，既是基础技术也就是一个起步门槛，具体应用 […]

新闻速览 •十一部门联合印发《关于推动新型信息基础设施协调发展有关事项的通知》，提出增强全方位安全保障能力 • […]

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is traded as CVE-2024-8462. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Роскомнадзор готов лишить лицензии за доступ к YouTube.

A vulnerability was found in FreeBSD and classified as critical. This issue affects some unknown processing of the component USB. The manipulation leads to off-by-one. The identification of this vulnerability is CVE-2024-32668. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in FreeBSD and classified as critical. This vulnerability affects unknown code of the component UMTX_SHM_DESTROY Sub-Request Handler. The manipulation leads to use after free. This vulnerability was named CVE-2024-43102. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

韩国通信标准委员会称，被韩国男性用于传播女性的深度伪造色情视频的社交平台 Telegram 已与当局进行合作，删除了 25 段视频，并提供了电子邮件热线，方便递交删除请求。通信标准委员会表示，Telegram 还为其平台存在上述内容道歉。Telegram 处于韩国最近爆出的深度伪造淫秽视频丑闻的中心，韩国男性创建了大量分享淫秽影像的群聊频道，每个频道有数千人参与，多则有十万人以上。受害者包括大学生、教师、女兵等，甚至有中学生等未成年人。在社交网站流传的“受害学校”已超过百所。Telegram 在韩国有逾 347 万用户。

Submit #401826 / VDB-276630

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-8461. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. It is recommended to apply restrictive firewalling.

A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-8460. The attack may be launched remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. It is recommended to apply restrictive firewalling.