Aggregator

Google 的内部分析估计，四分之三的 0day 漏洞利用属于内存安全漏洞。为了减少此类漏洞，Google 多年来一直在推动使用内存安全语言，减少内存不安全代码的风险。它没有试图用内存安全语言完全重写相关的成熟代码，而是在新代码开发中尽可能的使用内存安全语言。它正将高性能内存安全语言 Rust 的使用范围从 Android 扩大到服务器、应用程序和嵌入式生态系统中。它在 Android 的网络、固件和图形堆栈部分使用了包括 Rust 在内的内存安全语言，过去几年 Android 系统报告的内存安全漏洞显著减少，从 2019 年的 220 多个降至今年年底的大约 36 个。这一结果证明了其战略转移的有效性。

CA/B testing: Ludicrous proposal draws ire from “furious” systems administrators.

The post Apple Enrages IT — 45-Day Cert Expiration Fury appeared first on Security Boulevard.

Fortinet has made generally available a version of the CNAPP it gained that is now integrated with the Fortinet Security Fabric, an orchestration framework the company developed to centralize the management of its cybersecurity portfolio.

The post Fortinet Integrates Lacework CNAPP into Cybersecurity Portfolio appeared first on Security Boulevard.

A new Bugcrowd study shows 71% of ethical hackers now see AI boosting hacking value, up from 21% in 2023

拍摄于 2024 年 10 月 15 日傍晚，均为单张曝光。 去年年初去追了 ZTF 彗星。因为设备和技术限制只拍到一个小绿点，兴奋不已。没想到这只是前菜。最近又被紫金山-阿特拉斯彗星的消息刷屏。 九月底彗星还是晨星的那几天，我正好又在加那利岛，但是连续几天都不想四五点早起上山。 拖到上周末开始北半球可以在日落后观赏，我追了三天都没见到，复盘才发现误会了时间点，走太早了。15 日打算最后尝试一次，越往后亮度会锐减，能不能继续看到就不好说了。 蹭朋友车上了山，原本影响观测的云变成了脚下的云海。日落后半小时就已经可以用相机捕捉到彗星，但这时候比较难定位。接下来的半小时逐渐变亮，连彗尾一起肉眼可见。震惊得无以言表。无需长曝光，在手机取景器实时预览里就非常清晰。 难以想象当年海尔-波普甚至池谷-关彗星该有多壮观。

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.32/6.9.3. Affected is the function cpu5wdt_trigger of the file cpu5wdt.c of the component 5wdt Module. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-38630. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in angular and classified as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2023-26117. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in angular. It has been classified as problematic. This affects the function angular.copy. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2023-26116. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in angular. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to inefficient regular expression complexity. This vulnerability was named CVE-2023-26118. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in AngularJS up to 1.7.8 and classified as critical. This vulnerability affects the function merge. The manipulation leads to improper input validation. This vulnerability was named CVE-2019-10768. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is some unknown functionality of the component ICMPv6 Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-52340. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 4.19/6.8-rc4 and classified as problematic. This issue affects the function tls_encrypt_done of the file net/tls/tls_sw.c 16 of the component TLS Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-26585. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GifLib 5.2.1. It has been classified as problematic. Affected is the function DumpSCreen2RGB of the file gif2rgb.c. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2023-48161. Attacking locally is a requirement. There is no exploit available.

The geopolitical conflict between Israel and its adversaries has shifted into the digital sphere, where sophisticated cyberattacks have become a primary tool for targeting critical sectors. In recent months, cyberattacks have exposed Israeli defense data, diplomatic communications, and sensitive civilian information. Among the prominent players in this cyberwarfare is the Handala Group, a hacktivist entity …

The post Escalation of Cyber Warfare in the Israel-Palestine Conflict: A Deep Dive into Recent Israeli Breaches appeared first on Security Boulevard.

Mehmet Aydın 开发了虚拟农场手游 Farm Bank，表面看起来无害，但实际上是一个金字塔骗局。它鼓励玩家玩游戏的同时进行农业投资，从投资中获得回报。这款 2016 年上线的手游到 2017 年就吸引了大约 2.5 亿美元的投资。大部分投资其实都是虚假的，当玩家试图收回投资时他们发现钱拿不回来。Aydın 带着大量现金逃离了土耳其，逃到了乌拉圭，2021 年在圣保罗被捕，被遣送回土耳其。据报道在逃亡期间他并不低调，经常开着法拉利转悠。现在他面临长达 8.9 万年的监禁。

A vulnerability was found in Adobe Flash Player up to 21.0.0.213 on Windows. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-4113. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

AI 时代，联想重回舞台中央。