Aggregator

A vulnerability, which was classified as critical, was found in Delta Electronics DIAScreen. This affects an unknown part of the component DPA File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-7502. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

研究人员利用中国疾病预防控制中心 2013 年至 2017 年的县级自杀数据，对大约 140,000 个观测数据以及来自中国各地约 1,400 个空气污染监测器的数据进行了匹配分析。近年来，中国的自杀率持续下降，居民收入增加、文化程度提升和农药安全使用等各项因素都推动了这一趋势。除了这些因素外，研究发现，在大气污染防治的五年间，中国的 PM2.5 污染水平明显下降，预防了 1 万 3 千到 7 万 9 千起自杀事件，占同期自杀率下降的 10%。自 2013年，国务院出台《大气污染防治行动计划》，向污染物“宣战”以来，中国整体的空气质量明显好转，生态环境部的报告显示，全国细颗粒物(PM2.5)的年平均浓度从 2013 年的 72 微克/立方米降至 2017 年的 43微克/立方米，下降了 40%。空气污染物对人类身体健康的影响在中国已经被广泛讨论。美国芝加哥大学能源政策研究所每年发布的空气质量寿命指数报告，直观地将空气中的细颗粒物污染换算成对人们预期寿命的影响程度。2013 年至 2016 年间，中国的 PM2.5 大气污染水平比 2013 年下降 12%，相当于中国居民平均预期寿命延长 6 个月。

A vulnerability, which was classified as critical, has been found in K7 Ultimate Security 16.0.0117. Affected by this issue is some unknown functionality in the library K7RKScan.sys. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-36424. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ID4Portais. Affected by this vulnerability is an unknown functionality of the component Message Parameter Handler. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2023-40819. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Automation Anywhere Automation 360 21094. Affected is an unknown function. The manipulation leads to csv injection. This vulnerability is traded as CVE-2024-41226. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in PrivX up to 31.2/32.2/33.0. It has been rated as problematic. This issue affects some unknown processing of the component REST API. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-30170. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HP Poly Clariti Manager up to 10.10.2.2. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-41913. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in HP Poly Clariti Manager up to 10.10.2.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-41911. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in HP Poly Clariti Manager up to 10.10.2.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-41910. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in HMS Cosy+ 2024 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2024-33897. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

Authors/Presenters:Chong Fu, Xuhong Zhang, Shouling Ji, Ting Wang, Peng Lin, Yanghe Feng, Jianwei Yin

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

The post USENIX Security ’23 – FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases appeared first on Security Boulevard.

报告显示，全球数据泄露事件的平均成本在今年达到 488万美元，而随着其破坏性越来越大，组织对网络安全团队的要求也进一步提高。

Understand the Dark Web's complex character. The practical implications for cybersecurity and the importance of using this intelligence.

The post Understanding the Dark Web: A Hidden Realm appeared first on Security Boulevard.

科学家利用荧光蛋白对小鼠进行研究发现，几小时的睡眠剥夺就会改变大脑神经连接。他们发现，仅仅几个小时的睡眠剥夺就会减少大脑中与学习和记忆有关的区域中不同类型突触的数量。研究人员比较了正常睡眠和剥夺睡眠的小鼠，大脑图像显示，尽管突触总数保持相对恒定，但在睡眠不足的动物中，突触亚型的多样性下降了，尤其是在大脑中与学习和记忆有关的两个区域皮层和海马体。目前尚不清楚睡眠不足是如何导致这种转变的。

Active Directory (AD) lies at the heart of your organization’s Windows network, silently orchestrating user access, authentication, and security. But do you truly understand its workings? This blog peels back...

The post Securing from Active Directory Attacks appeared first on Strobes Security.

The post Securing from Active Directory Attacks appeared first on Security Boulevard.

The Western Digital Discovery app, a well-known provider of storage devices, has a vulnerability identified as CVE 2024-22169 with a CVSS base score of 7.1 that allows for code execution. The security vulnerability arises due to the Node.js environment settings in the WD Discovery App. Utilizing the ELECTRON_RUN_AS_NODE environment variable might allow code execution.   In […]

The post Western Digital’s WD Discovery App Flaw Allows Code Execution appeared first on Cyber Security News.

Четыре дня, которые потрясли сингапурский бизнес.

某Delphi PE的逆向工程

A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. [...]

Stolen credentials are a big problem, commonly used to breach networks in attacks. Learn more from Specops Software about checking the password hygiene of your Active Directory. [...]