Aggregator

让我看看

We've uncovered a path traversal vulnerability in the D-Link DIR-859 router that leads to information disclosure. This exploit allows extraction of account details and poses long-term risks since the product is End-of-Life and won't be patched.

本文精选了美团技术团队被SIGIR 2024收录的3篇论文进行解读，第一篇论文围绕如何利用深度学习，来整合广告拍卖和混排；第二篇论文扩展定义了全用户纵向联邦推荐范式，并首次提出基于检索增强的纵向联邦推荐框架ReFer，解决了跨域特征缺失问题；第三篇论文提出了一种新颖的框架——解耦对比超图学习，并应用于下一个兴趣点推荐任务中。

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.

polyfill.io, a popular JavaScript library service, can no longer be trusted and should be removed from websites

Not everyone invests in employee cybersecurity awareness training. Here's four experts' thoughts on why you should – and a way to save in the process!

CIS Benchmarks™ volunteers dedicate their time and expertise to developing security standards for technology systems. Here's how Mack Bodie helps out.

Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. This new method has the potential to subvert either the built-in model safety or platform safety systems and produce any content. It works by learning and overriding the intent of the system message to change the expected behavior and achieve results outside of the intended use of the system.

The post Mitigating Skeleton Key, a new type of generative AI jailbreak technique appeared first on Microsoft Security Blog.

可能是地表最强网络安全防御演习的 Locked Shields 是如何组织评分的？

Everything you need to know about Scarlet Goldfinch, which uses fake browser updates to trick users into downloading NetSupport Manager.

by Douglas Berdeaux, Senior Security Consultant CTF redsiege.com/phoneswitch Getting Started Phone phreaking is the practice of exploring and hacking telephones, telephone switches, telephone test equipment, and physically exploring the telephone […]

A new DDoS rule resulted in an increase in error responses and latency for Cloudflare customers. Here’s how it went wrong, and what we’ve learned

In this Akamai FLAME Trailblazer blog post, Mie Elmkvist Schneider from Queue-it describes the differences between being a manager and being a leader.

Learn how Akamai?s customers optimize their cloud computing costs and deliver engaging customer experiences with our open and affordable cloud infrastructure.

CCS 2024论文Byzantine-Robust Decentralized Federated Learning，来自University of Louisville投稿~

To provide a short insight, Ollama is a popular open-source project for running AI models that has more than 75,000 starts on GitHub. This project specifically provides a simple process of packaging and deploying AI models. In other words, you can use Ollama to run a local LLM on your machine or a cloud machine.  […]

Network detection and response (NDR) and endpoint detection and response (EDR) have several key differences. EDR monitors endpoints, including personal computers, smartphones, Internet of Things (IoT) devices, file servers, and more to mitigate attacks on said devices. An EDR security solution functions by deploying a...

NIST will create the standards and tools needed to ensure that the breathalyzers work.

2024年6月26日，深瞳漏洞实验室监测到一则MOVEit Transfer组件存在身份验证漏洞漏洞的信息，漏洞编号：CVE-2024-5806，漏洞威胁等级：严重。