Aggregator

Cambio nome al format rimuovendo il “weekly” visto che in effetti non pubblico q

PreambleIn this article, I want to say that everything around us is changing really fast, and the me

As the world becomes more reliant on technology, viruses and security weaknesses may eventually develop in our operating systems. However, developers are ready for this because they have Javascript code security tools that help them find and fix internal computer bugs by giving them more information, such as a snapshot of the application’s state. Recently, […]

The post 10 Best Code Security Tools in 2024 appeared first on Cyber Security News.

基于cloudflare worker的telegraph图床，支持图片压缩！项目地址：https://github.com/0-RTT/telegra

基于cloudflare worker的telegraph图床，支持图片压缩！ 项目地址：https://github.com/0-RTT/telegraph ⚠️需要网络能够访问telegra...

支持 git clone , wget , curlDome：gh.jiasu.in测试：https://gh.jiasu.in/https://git

支持 git clone , wget , curlDome：gh.jiasu.in测试：https://gh.jiasu.in/https://github.com/0-RTT/telegra...

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information.  Background check service National Public Data confirms that a threat actor has breached its systems and had access to millions of social security numbers and other sensitive personal information.  According to a statement published […]

National Public Data confirms a data breachBackground check service National Public Data confi

The more you beat the Hulk, the stronger he becomes.Same with Bitcoin.Especially if it is beaten by

Saturday, August 17, 2024 Community Chats Webinars LibraryHomeCybersecurity NewsFe

Authors/Presenters:Oliver Broadrick, Poorvi Vora, Filip Zagórski

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – PROVIDENCE: a Flexible Round-by-Round Risk-Limiting Audit appeared first on Security Boulevard.

error code: 1106

error code: 1106

A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device. [...]

AMD 最新一代的 Zen5 处理器已经上市，科技网站和视频博主也都公布了评测报告，Zen5 在生产力任务中的表现被认为达到了预期，但在游戏等任务中的表现则远未达到预期，以至于用户开玩笑的

AMD 最新一代的 Zen5 处理器已经上市，科技网站和视频博主也都公布了评测报告，Zen5 在生产力任务中的表现被认为达到了预期，但在游戏等任务中的表现则远未达到预期，以至于用户开玩笑的将 Zen5 称为 Zen5%——意思是与上一代 Zen4 相比变化只有 5%，而不是 AMD 宣称的 IPC 有 16% 的增幅。知名 Linux 网站 Phoronix 公布了它的评测报告，显示在 Linux 上 Zen5 的表现基本符合 AMD 的宣传。评测者应用户要求在相同的硬件上分别运行 Windows 11 和 Ubuntu 24.04，然后执行一系列基准测试。结果显示，在 Ubuntu 24.04 LTS 上 Ryzen 9 9950X 相比上一代的 7950X 平均改进了 14%，但在 Windows 11 下改进幅度只有 10%，9950X 在 Ubuntu 下的性能总体上高于 Windows 11。

A vulnerability was found in reputeinfosystems ARMember Plugin up to 4.0.37 on WordPress. It has been classified as problematic. Affected is an unknown function of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-7703. It is possible to launch the attack remotely. There is no exploit available.

Shawn the R0ck 写道：“Tetrel Security 公开了一个 SLPD-Lite 漏洞（CVE-2024-41660）的细节，slpd-lite 是 OpenBMC

Shawn the R0ck 写道：“ Tetrel Security 公开了一个 SLPD-Lite 漏洞（CVE-2024-41660）的细节，slpd-lite 是 OpenBMC 的组件之一，此漏洞因为由 OpenBMC（部分OEM厂商实现）网络安全产生了严重的影响，因为它允许攻击者在易受攻击的系统上远程执行任意代码。
OpenBMC 是一个为服务器开发标准基板管理控制器（BMC）的标准实现框架。BMC允许对服务器硬件进行远程管理，广泛部署在服务器硬件中，提供监控、日志记录功能以及带外恢复和维护工具。由于BMC通常具有高度特权，因此将BMC网络接口隔离到一个独立的管理网络是安全最佳实践。
Tetrel在审查OpenBMC源代码时发现了slpd-lite子组件中的两个内存损坏漏洞。在典型部署中，成功利用这些漏洞将允许具有对BMC管理网络访问权限的攻击者完全攻陷BMC。
第一个漏洞涉及堆中分配的数据的越界读取，可能泄露信息给攻击者。第二个漏洞允许攻击者在堆中分配的数据结构范围之外进行写入。结合这两个漏洞，可以直接实现远程漏洞利用。Tetrel公开了漏洞成因，和相关技术细节，包括代码片段和漏洞的潜在利用方式。同时，还提供了有关如何确认堆损坏可能性的重现步骤，以及在Ubuntu 22.04.04 LTS上测试漏洞的过程。
如果你的数据中心使用了集成spld-lite的OEM厂商提供的BMC（无论是否基于OpenBMC)，务必尽快升级。HardenedVault的OpenBMC实现由于spld-lite并没有集成，所以不受影响。”