Aggregator

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. [...]

deGoogle Your Life

美国西北大学的研究人员分析了民主党和共和党的政策文件，显示两党在引用科学文献上存在显著差异。民主党领导的国会委员会和左翼智库引用研究论文的可能性高于右翼智库。前者也更可能引用高影响力论文。但两党很少引用相同的研究或相同的主题。研究人员使用了政府政策数据库 Overton，该数据库包括了美国国会各委员会在 1995-2021 年间发布的约 5 万份政策文件，以及 121 家智库同期发布的约 20 万份报告，这些文件共引用了 42.4 万篇科学文献。研究显示，今天的政策文件比过去更可能引用科学文献，民主党领导的委员会更可能引用科学文献，而且与共和党相比差距在扩大。民主党领导的委员会发布的文件引用科学文献的可能性是共和党的 1.8 倍。双方的智库在引用科学文献上差距更大。左翼智库引用科学文献的可能性是右翼智库的 5 倍。

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to bypass safety protocols and extract potentially dangerous content from multiple popular AI platforms. These “jailbreaks” affect services from industry leaders including OpenAI, Google, Microsoft, and Anthropic, highlighting a concerning pattern of systemic weaknesses across the AI industry. Security researchers have identified […]

The post Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Author/Presenter: Suha Sabi Hussain

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Ground Truth – Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs appeared first on Security Boulevard.

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals to promote unverified supplements and treatments. These synthetic “doctors” exploit public trust in the medical field, often directing users to purchase products with exaggerated or entirely fabricated health claims. With advancements in generative AI making deepfakes increasingly accessible, experts warn that […]

The post New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SOC Analyst Learning

A vulnerability, which was classified as problematic, was found in DomainMod up to 4.11.01. Affected is an unknown function of the file admin/ssl-fields/add.php of the component Custom SSL Field Handler. The manipulation of the argument notes leads to cross site scripting. This vulnerability is traded as CVE-2018-19751. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. [...]

A vulnerability was found in SAML Single Sign On Plugin up to 2.0.2 on Jenkins and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2023-32991. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in MoroSystems EasyMind Mind Maps Plugin up to 2.14.x on Confluence. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument hyperlink leads to cross site scripting. This vulnerability is traded as CVE-2023-30452. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tag Profiler Plugin up to 0.2 on Jenkins. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2023-33003. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WSO2 Oauth Plugin up to 1.0 on Jenkins. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2023-33006. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in curl and classified as problematic. This vulnerability affects the function siglongjmp. The manipulation leads to race condition. This vulnerability was named CVE-2023-28320. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.