Aggregator

看雪论坛作者ID：magicsong

掌握二进制漏洞攻防，提升企业安全防护能力

脱颖而出！再获荣誉！

Meer dan 2.300 nabestaanden van 612 dodelijke slachtoffers als gevolg van de genocide van Srebrenica hebben compensatie ontvangen van de Nederlandse Staat. Zij konden naar het oordeel van de commissie Wortmann aannemelijk maken dat hun vermoorde familielid 13 juli 1995 op de militaire basis van Dutchbat was. In totaal is een bedrag van 25 miljoen euro aan deze groep betaald. Dat is vrijdag bekendgemaakt.

这一发现体现了软件供应链攻击的持久风险，并凸显了在将开源组件集成到开发流程中时保持警惕的重要性。

在使用广泛的 OpenSSL 库中发现一个严重漏洞

A vulnerability has been found in Linux Kernel up to 6.11.7 and classified as problematic. This vulnerability affects the function cache_preresume of the component dm cache. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-50279. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.11.7 and classified as problematic. Affected by this vulnerability is the function insert_delayed_ref of the component btrfs. The manipulation leads to improper initialization. This vulnerability is known as CVE-2024-50273. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.116/6.6.60/6.11.7 and classified as problematic. Affected by this issue is the function mse102x_tx_frame_spi of the component vertexcom. The manipulation leads to double free. This vulnerability is handled as CVE-2024-50276. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.7. It has been declared as problematic. This vulnerability affects the function cache_create of the component dm cache. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-50278. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.116/6.6.60/6.11.7. It has been rated as problematic. This issue affects the function inc_rlimit_get_ucounts of the component Signal Handler. The manipulation leads to incorrect comparison. The identification of this vulnerability is CVE-2024-50271. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.11.7. Affected by this issue is the function sunxi_musb_probe of the component USB. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2024-50269. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.116/6.6.60/6.11.7. Affected is the function filemap_read. The manipulation of the argument ki_pos leads to infinite loop. This vulnerability is traded as CVE-2024-50272. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component virtio. The manipulation leads to improper initialization. This vulnerability is known as CVE-2024-50264. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.7. This affects an unknown part of the component io_edgeport. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-50267. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.11.7. This vulnerability affects the function ocfs2_xa_remove. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-50265. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.10.229/5.15.171/6.1.116/6.6.60/6.11.7. This issue affects the function ucsi_ccg_update_set_new_cam_cmd of the component USB. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-50268. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia, […]

·政策 《工业和信息化领域数据安全合规指引》 《网络安全技术 终端安全监测产品互联互通接口内容和格式》（征求意见稿） 《国家数据基础设施建设指引（征求意见稿）》 《网络安全标准实践指南——粤港澳大湾区（内地、香港）个人信息跨境处理保护要求》 《信息安全技术 网络空间测绘资产分类》（征求意见稿） 《可信数据空间发展行动计划（2024—2028年）》   ·报告 《新型工业控制蓝皮书》

针对七大行业进行供需两端的市场及技术趋势分析，今天走进车联网行业。