Aggregator

回炉重修之house of pig 前置知识和带源码io解析

SimpleEvaluationContext下的spel到触发getter方法的字节码加载利用研究

已知密文利用gdb进行的明文爆破

The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence (AI) comes in. AI isn't just a buzzword; it's a game-changer for vulnerability management. AI is poised to revolutionize vulnerability

Ошибка в системе оголяет защиту авиакомпаний.

A vulnerability classified as critical was found in Apple iOS up to 10.3.1. Affected by this vulnerability is an unknown functionality of the component SQLite. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-6983. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

微软原计划今年六月推出 Windows Recall 功能，但在测试之后被发现存在严重的隐私问题，微软随后撤回了该功能，但并没有放弃它。软件巨人上周披露它将会在 10 月推出 Recall，为了让用户接受 Recall，它对其进行了多项更改，包括让该功能可卸载，加强了安全性，确保只有合适的人才能访问保存在本地的数据。

Фактчекеры рассказывают, почему количество фейков в сети продолжает расти.

Теперь паре преступников грозит весомый тюремный срок.

A vulnerability was found in Apple macOS up to 10.12.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component iBooks. The manipulation leads to improper access controls. This vulnerability is known as CVE-2017-6981. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Kaqoo Auction Software. It has been classified as critical. Affected is an unknown function of the file include/interfaces.inc.php. The manipulation of the argument install_root leads to improper privilege management. This vulnerability is traded as CVE-2007-1790. Attacking locally is a requirement. Furthermore, there is an exploit available.

Proofpoint has uncovered a new cyber-espionage campaign deploying new malware dubbed “Voldemort”

A vulnerability was found in mobage Tiny Tower 1.7.0.8. It has been declared as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-5818. The attack needs to be done within the local network. There is no exploit available.

8月30日消息，马来西亚公共交通运营商国家基建公司（Prasarana Malaysia Bhd）确认，社交媒体上关于其内部系统部分被未经授权访问的网络安全事件的报道属实。

当前，大模型技术在多个领域显著提升工作效率、改变了生产模式，并创造了巨大经济价值。

本期关键基础设施安全资讯周报共收录安全资讯29篇。点击文章，快速阅读最新资讯。

Связь с иностранными спецслужбами усиливает риски для крупных корпораций.

Telegram 不仅仅是一款消息应用，它还是一个社交媒体平台。那么作为社媒平台，它是否要为内容承担部分责任？批评者认为，Telegram CEO Pavel Durov 用理想主义掩盖了机会主义商业模式，允许 Telegram 从包括 CSAM 在内的不合法内容上获利。Telegram 既受到政治异见人士青睐，也对恐怖组织、犯罪组织和性捕食者有巨大吸引力，将其用作分享和消费非自愿色情、AI 深度伪造裸照以及儿童色情材料 CSAM 的枢纽。由于 Telegram 宣称不与执法部门合作，不会扫描 CSAM 材料，因此吸引了大量恋童癖者交易和出售 CSAM。Telegram 只在一对一通信时可选择端对端加密，而它使用的加密算法是内部开发的，没有接受过外部的审查，其余的群聊和通信等都是公开托管在 Telegram 服务器上。法国检方认为，Durov 要为 Telegram 成为包括 CSAM 在内的非法内容的全球避风港负责。

A vulnerability was found in Flaming Forms Plugin up to 1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-7692. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Flaming Forms Plugin up to 1.0.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-7691. It is possible to launch the attack remotely. There is no exploit available.