Aggregator

基于cloudflare worker的telegraph图床，支持图片压缩！项目地址：https://github.com/0-RTT/telegra

基于cloudflare worker的telegraph图床，支持图片压缩！ 项目地址：https://github.com/0-RTT/telegraph ⚠️需要网络能够访问telegra...

支持 git clone , wget , curlDome：gh.jiasu.in测试：https://gh.jiasu.in/https://git

支持 git clone , wget , curlDome：gh.jiasu.in测试：https://gh.jiasu.in/https://github.com/0-RTT/telegra...

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information.  Background check service National Public Data confirms that a threat actor has breached its systems and had access to millions of social security numbers and other sensitive personal information.  According to a statement published […]

National Public Data confirms a data breachBackground check service National Public Data confi

The more you beat the Hulk, the stronger he becomes.Same with Bitcoin.Especially if it is beaten by

Saturday, August 17, 2024 Community Chats Webinars LibraryHomeCybersecurity NewsFe

Authors/Presenters:Oliver Broadrick, Poorvi Vora, Filip Zagórski

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – PROVIDENCE: a Flexible Round-by-Round Risk-Limiting Audit appeared first on Security Boulevard.

error code: 1106

error code: 1106

A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device. [...]

AMD 最新一代的 Zen5 处理器已经上市，科技网站和视频博主也都公布了评测报告，Zen5 在生产力任务中的表现被认为达到了预期，但在游戏等任务中的表现则远未达到预期，以至于用户开玩笑的

AMD 最新一代的 Zen5 处理器已经上市，科技网站和视频博主也都公布了评测报告，Zen5 在生产力任务中的表现被认为达到了预期，但在游戏等任务中的表现则远未达到预期，以至于用户开玩笑的将 Zen5 称为 Zen5%——意思是与上一代 Zen4 相比变化只有 5%，而不是 AMD 宣称的 IPC 有 16% 的增幅。知名 Linux 网站 Phoronix 公布了它的评测报告，显示在 Linux 上 Zen5 的表现基本符合 AMD 的宣传。评测者应用户要求在相同的硬件上分别运行 Windows 11 和 Ubuntu 24.04，然后执行一系列基准测试。结果显示，在 Ubuntu 24.04 LTS 上 Ryzen 9 9950X 相比上一代的 7950X 平均改进了 14%，但在 Windows 11 下改进幅度只有 10%，9950X 在 Ubuntu 下的性能总体上高于 Windows 11。

A vulnerability was found in reputeinfosystems ARMember Plugin up to 4.0.37 on WordPress. It has been classified as problematic. Affected is an unknown function of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-7703. It is possible to launch the attack remotely. There is no exploit available.

Shawn the R0ck 写道：“Tetrel Security 公开了一个 SLPD-Lite 漏洞（CVE-2024-41660）的细节，slpd-lite 是 OpenBMC

Shawn the R0ck 写道：“ Tetrel Security 公开了一个 SLPD-Lite 漏洞（CVE-2024-41660）的细节，slpd-lite 是 OpenBMC 的组件之一，此漏洞因为由 OpenBMC（部分OEM厂商实现）网络安全产生了严重的影响，因为它允许攻击者在易受攻击的系统上远程执行任意代码。
OpenBMC 是一个为服务器开发标准基板管理控制器（BMC）的标准实现框架。BMC允许对服务器硬件进行远程管理，广泛部署在服务器硬件中，提供监控、日志记录功能以及带外恢复和维护工具。由于BMC通常具有高度特权，因此将BMC网络接口隔离到一个独立的管理网络是安全最佳实践。
Tetrel在审查OpenBMC源代码时发现了slpd-lite子组件中的两个内存损坏漏洞。在典型部署中，成功利用这些漏洞将允许具有对BMC管理网络访问权限的攻击者完全攻陷BMC。
第一个漏洞涉及堆中分配的数据的越界读取，可能泄露信息给攻击者。第二个漏洞允许攻击者在堆中分配的数据结构范围之外进行写入。结合这两个漏洞，可以直接实现远程漏洞利用。Tetrel公开了漏洞成因，和相关技术细节，包括代码片段和漏洞的潜在利用方式。同时，还提供了有关如何确认堆损坏可能性的重现步骤，以及在Ubuntu 22.04.04 LTS上测试漏洞的过程。
如果你的数据中心使用了集成spld-lite的OEM厂商提供的BMC（无论是否基于OpenBMC)，务必尽快升级。HardenedVault的OpenBMC实现由于spld-lite并没有集成，所以不受影响。”

Product management Tools aims to orchestrate and supervise every facet of the product life cycle. This encompasses various responsibilities, from marketing to in-depth investigative analysis.  Product management entails the systematic development, market launch, and comprehensive administration of a product or service. The product manager is at the helm of product management leadership and is ultimately […]

The post 10 Best Product Management Tools – 2024 appeared first on Cyber Security News.

Cybersecurity companies specialize in protecting organizations from digital threats by offering services such as threat detection, incident response, and risk management, ensuring the security of sensitive data and systems against cyber attacks. They deploy a range of technologies and strategies, including firewalls, encryption, and intrusion detection systems, to safeguard networks and applications from unauthorized access, […]

The post 50 World’s Best Cyber Security Companies – 2024 appeared first on Cyber Security News.

A penetration testing tool helps identify vulnerabilities within a system by simulating real-world attacks. This allows organizations to detect and address security weaknesses before malicious actors exploit them. These tools provide comprehensive assessments of network, application, and system security by performing in-depth scans and tests and delivering detailed reports on potential threats and their impact […]

The post Top 30 Best Penetration Testing Tools – 2024 appeared first on Cyber Security News.