Aggregator

Authors/Presenters: Peiyu Wang

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely []DEF CON 32]2 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – Web2 Meets Web3 Hacking Decentralized Applications appeared first on Security Boulevard.

Authors/Presenters:Chaoliang Zeng, Xudong Liao, Xiaodian Cheng, Han Tian, Xinchen Wan, Hao Wang, Kai Chen

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Accelerating Neural Recommendation Training with Embedding Scheduling appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.11.2. It has been classified as critical. Affected is the function close_ctree of the component btrfs. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-49867. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Ученые создали оборудование, способное выдержать электромагнитный импульс в 80 кВ/м.

A vulnerability was found in Linux Kernel up to 5.15.167/6.1.112/6.6.54/6.10.13/6.11.2 on CPU0 and classified as problematic. This issue affects the function cpu_device_down of the component timerlat. The manipulation leads to state issue. The identification of this vulnerability is CVE-2024-49866. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.11.2 and classified as critical. This vulnerability affects the function vhost_scsi_get_req of the component scsi. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-49863. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, […]

A vulnerability has been found in CMS Made Simple up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file javaupload.php. The manipulation leads to improper input validation. This vulnerability was named CVE-2008-2267. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in YABSoft Advanced Image Hosting Script up to 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file out.php. The manipulation leads to sql injection. This vulnerability is known as CVE-2008-2536. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHP Classifieds Script. It has been declared as critical. This vulnerability affects unknown code of the file browse.php. The manipulation of the argument fatherID leads to sql injection. This vulnerability was named CVE-2008-2453. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in BigACE 2.4. This vulnerability affects unknown code. The manipulation of the argument GLOBALS[_BIGACE][DIR][admin] leads to code injection. This vulnerability was named CVE-2008-2520. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in YABSoft Mega File Hosting Script 1.2. This issue affects some unknown processing of the file members.php. The manipulation of the argument fid leads to sql injection. The identification of this vulnerability is CVE-2008-2521. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Haudenschilt Battlenet Clan Script up to 1.5.1. Affected is an unknown function of the file members.php. The manipulation of the argument showmember leads to sql injection. This vulnerability is traded as CVE-2008-2522. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

During national weather emergencies, many turn to online platforms to get the latest news but don’t know about the threat lurking in the weeds: Hurricane scammers.

The post Hurricane scammers: How to stay safe during national emergencies appeared first on Security Boulevard.

360与重庆科技大学战略合作，共育数字时代实战型人才

这是新加坡政府机构今年第三次发布AI安全相关文件

识别零日漏洞，并推测漏洞利用代码