Aggregator

2024年9月24日，OpenAI的CEO Sam Altman发表文章《The Intelligence Age》，大胆地宣告了AI时代的到来。给予文章强有力支撑的是ChatGPT-o1的发布，这是

New Funding to Aid US Government Growth, Generative AI Security Product Development
Zenity has closed a $38 million Series B round to advance its agentic AI security platform and extend its no-code and low-code application support. With investment from Third Point Ventures and DTCP, the funding enables Zenity to cater to clients in sectors like financial services and healthcare.

Lazarus Group in Particular Using Cross-Platform Languages to Hit macOS Targets
Cryptocurrency-seeking hackers are increasingly targeting macOS users. So warn security researchers as they track a rise in macOS backdoors and information-stealing malware, much of which traces back to a well-known cryptocurrency heist culprit: North Korea.

Volt Typhoon, APT31 and APT41 Tied to Campaigns Targeting Sophos' Edge Devices
Firewall maker Sophos disclosed Thursday a half-decade worth of efforts by multiple nation-state Chinese hacking groups to infiltrate its appliances, calling the admission a wake-up call for the cybersecurity industry. Targeting firewall appliances is a known nation-state tactic.

Also: Breaches at OnePoint Patient Care and French ISP Free
This week: S&P said poor material vulnerability remediaton can be a material risk factor, OnePoint in the United States and French ISP Free suffered data breaches, a Russian court sentenced REvil members, Five Eyes published security guidelines for small businesses.

Rockwell Automationが提供するThinManagerには、複数の脆弱性が存在します。

作为一名白帽子师傅，你是否在日常工作中遇到过以下难题：需要使用多个安全工具来完成任务，但工具之间的集成和管理变得复杂和耗时想要开发自己的安全工具系统，但不知道从哪里开始需要提高工作效率，但现有的工具无

针对Android设备，一种新型、更复杂的FakeCall恶意软件变种出现了。Zimperium's zLabs 网络安全研究人员发现了FakeCall恶意软件新变种。它能诱使受害者拨打欺诈电话，导致

一简介在这一期的“野蛮fuzz”中，我们将继续由菜鸟为菜鸟的模糊测试之旅，尝试理解代码覆盖的概念及其重要性。据我所知，代码覆盖在高层次上是模糊测试器试图追踪/增加模糊测试器输入所能覆盖的目标应用程序代

漏洞名称：Spring Security 静态资源未授权访问漏洞(CVE-2024-38821)组件名称：威睿-Spring Security影响范围：Spring Security ≤ 5.7.12

"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.

A vulnerability has been found in Oracle PeopleSoft Enterprise FIN Expenses 9.2 and classified as problematic. This vulnerability affects unknown code of the component Expenses. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-21249. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.54/6.10.13/6.11.2. This affects the function rcu_read_lock_bh of the component vrf. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2024-49980. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.225/5.10.157/5.15.81/6.0.11. It has been classified as problematic. Affected is the function fib_info of the component ipv4. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-48999. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.157/5.15.81/6.0.11. It has been declared as critical. Affected by this vulnerability is the function has_external_pci of the component iommu. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2022-49000. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Firepower Management Center. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-20264. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Cisco ATA. This affects an unknown part of the component Web-based Management Interface. The manipulation leads to execution with unnecessary privileges. This vulnerability is uniquely identified as CVE-2024-20420. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco ATA up to 11.2.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Web-based Management Interface. The manipulation leads to storing passwords in a recoverable format. This vulnerability is handled as CVE-2024-20462. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco ATA. It has been classified as problematic. This affects an unknown part of the component Web-based Management Interface. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-20421. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco ATA. It has been declared as problematic. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2024-20460. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.