Aggregator

Authors/Presenters:Tanya Janca

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely []DEF CON 32]2 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – Maturing Your Application Security Program – SheHacksPurple appeared first on Security Boulevard.

A vulnerability was found in EnGenius ESR580 up to 1.1.30. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument SSID leads to cross site scripting. The identification of this vulnerability is CVE-2024-31975. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in EnGenius ESR580 A8J-EMR5000. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/wifi/wlan1. The manipulation of the argument SSID leads to cross site scripting. This vulnerability was named CVE-2024-31972. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Hitron CODA-4582 and AHKM-CODA4589 7.2.4.5.1b8. It has been classified as problematic. This affects an unknown part of the file /index.html#wireless_basic. The manipulation of the argument SSID leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-31973. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Sage 1000 7.0.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-48646. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Sage 1000 7.0.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation of the argument URL leads to information disclosure. This vulnerability is known as CVE-2024-48647. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in HP Smart Universal Printing Driver. Affected is an unknown function of the component XPS File Handler. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2024-9419. The attack needs to be approached locally. There is no exploit available.

针对未成年人的“开盒挂人”严重危害未成年人的身心健康，为人民群众所深恶痛绝。中央网信办发起专项行动集中整治相关行为，在净化网络环境和保护未成年人合法权益方面取得了显著成效。

近年来，网络暴力引起全社会高度关注，也成为互联网空间法律治理的重点、难点与痛点。今年，国家网信办等四部门联合发布《网络暴力信息治理规定》，进一步完善了我国网络暴力信息治理的制度体系，对于净化网络环境、培养健康的网络生态意义重大。

训练人工智能模型尤其是大模型需要海量数据，但互联网中公开可用的数据已越发不能满足所需，甚至面临数据短缺困境。同时，一系列实践又表明，人工智能合成数据具有一定的有效性。由此，人工智能合成数据甚至被视为未来取代现实数据训练人工智能模型的主力。

日前，《中共中央办公厅、国务院办公厅关于加快公共数据资源开发利用的意见》正式印发，对公共数据资源的开发利用作出系统性部署。《意见》的出台与实施，对加快公共数据资源开发利用，充分释放公共数据要素潜能，推动经济社会高质量发展，具有重要的指导意义

围绕数据治理、数据流通利用、数字化转型、数据技术、数据基础设施等重点领域，全国数据标准化技术委员会提出了2024—2025年拟制修订的37项重点标准项目。

北京时间8月9日凌晨4时许，联合国打击网络犯罪公约特设委员会在纽约联合国总部就《联合国打击网络犯罪公约》达成协商一致，开启了网络空间国际规则新篇章。

Adversaries can compromise key material in Azure OpenAI to host malicious models, poison trained models, and steal intellectual property.

Esteem Restoration Eagle Defaced the Website of Vrutant News

A vulnerability has been found in Broadcom BCM4355C0 9.44.78.27.0.1.56 and classified as critical. This vulnerability affects unknown code of the component RRM Neighbor Report Frame Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-11120. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.