Aggregator

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file partedit.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-7455. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-7454. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Elastic APM Server up to 8.13.x. Affected by this vulnerability is the function unavailable_shards_exception. The manipulation leads to sensitive information in log files. This vulnerability is known as CVE-2024-37286. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

美国司法部和联邦贸易委员会周五起诉了 TikTok 及其母公司字节跳动，指控它们违反了儿童隐私保护法《Children's Online Privacy Protection Act》，该法律禁止网站在未经父母同意的情况下，收集、使用或披露 13 岁以下儿童的个人信息。此前美国科技巨头如 Google、Meta 和亚马逊都因为类似的原因处罚数千万到数亿美元。美司法部表示，TikTok 故意允许儿童创建普通 TikTok 账户，在其平台上与成年人分享其创建的短视频和消息。 TikTok 未经父母同意收集了儿童的个人信息。有数百万 13 岁以下美国儿童在使用 TikTok。联邦贸易委员会寻求对 TikTok 就每天每项违规行为处以最高 51,744 美元罚款；如果 TikTok 被判有罪，其理论罚款总额能达到数十亿美元。

在公布了低于分析师预期的财报之后，英特尔股价周五暴跌 30%，创 1982 年以来最大单日跌幅。曾经的芯片巨人如今市值不到其主要竞争对手 AMD 的一半。英特尔公布的二季度营收为 128.3 亿美元，比去年同期下降 1%，低于分析师预期的 129.4 亿美元；英特尔将三季度的营收预期下调至 125-135 亿美元，低于分析师预期的 143.5 亿美元。CEO Pat Gelsinger 称下半年的情况比预期的更富有挑战性，公司采取了果断行动提高运营和资本效率。英特尔的行动包括了裁员 15%，它目前有大约 13 万名员工，15% 意味着裁员总数将超过 1.5 万。因对美国经济衰退的担忧加剧，周五全球股市都暴跌。

A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. [...]

A vulnerability classified as problematic has been found in IBM Business Automation Workflow 22.0.2/23.0.1/23.0.2/24.0.0. Affected is an unknown function. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2024-38321. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Authors/Presenters:Deevashwer Rathee, Anwesh Bhattacharya, Divya Gupta, Rahul Sharma, Dawn Song

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Secure Floating-Point Training appeared first on Security Boulevard.

Authors/Presenters:Deevashwer Rathee, Anwesh Bhattacharya, Divya Gupta, Rahul Sharma, D

Аналоговые технологии прошлого могут предложить неожиданные решения для энергетических проблем современных ИИ-систем.

Глубина бассейна и её влияние на достижения спортсменов.

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. Palo Alto researchers reported that a Russia-linked threat actor known as Fighting Ursa (also identified as APT28, Fancy Bear, or Sofacy) used a fake car advertisement to distribute HeadLace backdoor malware, targeting diplomats. The campaign began […]

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [...]

Meta 推出的与 Twitter 竞争的微博客服务 Threads 其活跃用户突破了 2 亿。负责 Instagram 的 Meta 高管 Adam Mosseri 表示，@threads 突破了 2 亿的里程碑，他希望 Threads 能激发拉近人们距离的想法，让社区能继续发展壮大。Threads 是在 Twitter/X 在马斯克管理下面临不确定的时代推出的，2023 年 7 月推出时在短时间内吸引了上亿用户下载，2024 年 4 月活跃用户达到 1.5 亿，一周年的 2024 年 7 月活跃用户达到 1.75 亿，一个月后突破了 2 亿。扎克伯格（Mark Zuckerberg）希望 Threads 的用户数能达到 10 亿，他对其发展状况表示了满意。

从 Google Chrome v127 起，浏览器开始警告用户 uBlock Origin（uBO）可能在不久后被禁用。uBlock Origin 是 Manifest v2 扩展，而 Chrome 准备淘汰 Manifest v2 扩展系统，全面采用 Manifest V3 扩展系统，uBO 没有相应的 Manifest V3 扩展，因为后者限制了原 Manifest v2 提供的功能。uBO 主开发和维护者 Raymond Hill 开发了一个使用 Manifest V3 的精简版本 uBO Lite(uBOL) 。但两者在功能上并不等价。Raymond Hill 承诺会继续开发 uBO，因为其它浏览器如 Firefox 仍然支持 Manifest v2。