Aggregator

There are so many vulnerabilities in commonly used routers that attackers often leave many easily e

A vulnerability has been found in Colin Watson man-db 2.3.x/2.4.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument MANPATH/PATH leads to memory corruption. This vulnerability is known as CVE-2003-0620. The attack can only be done within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven […]

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A botnet exploits e GeoVision zero-day to compromise EoL devices Palo Alto Networks confirmed active exploitation of recently […]

一周情报速览~

A vulnerability classified as critical was found in XFree86 X11r6 3.3.2. This vulnerability affects unknown code of the component xman. The manipulation of the argument MANPATH as part of Environment Variable leads to memory corruption. This vulnerability was named CVE-2001-1178. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

产品简介：云鸽是一款设计用于不同设备之间快速、便捷且安全传输文件的跨平台工具，包括Windows、Mac、Linux、iOS和Android系统，这意味着无论您使用的是电脑、手机还是平板电脑，都...

A vulnerability was found in Debian Linux 4.0. It has been rated as critical. This issue affects some unknown processing of the file /usr/doc of the component Apache Configuration. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-1999-0678. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to change the configuration settings.

巴基斯坦宗教事务最高机构伊斯兰意识形态委员会（Council of Islamic Ideology）周五宣布，使用 VPN 访问被屏蔽内容违反伊斯兰教法。在此番声明发表前，政府已经部署了国家防火墙，以加强网络安全和打击恐怖主义的名义要求用户与媒体监管机构登记 VPN。VPN 允许用户访问被屏蔽内容，隐藏身份和位置，保护隐私和安全。委员会主席 Raghib Naeemi 表示使用 VPN 属于教唆犯罪。使用包括互联网在内的任何技术，去访问根据伊斯兰原则被认为是不道德或非法活动都是被禁止的。巴基斯坦内政部已要求封锁非法 VPN，宣称恐怖分子正在使用该工具。

A vulnerability was found in EMC OpenText Documentum D2. It has been declared as critical. This vulnerability affects unknown code of the component BeanShell/Apache Commons. The manipulation leads to improper input validation. This vulnerability was named CVE-2017-5586. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in GNOME Maps up to 43.6/44.3. Affected is an unknown function of the file service.json. The manipulation leads to code injection. This vulnerability is traded as CVE-2023-43091. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

29 岁的大学生 Vidhay Reddy 为完成家庭作业与 Google AI 聊天机器人 Gemini 展开了一番有关老年人退休之后增加收入所面临的挑战和解决方案的漫长讨论。在讨论的最后，他列举了一个事实：美国有近千万儿童生活在祖父母家中，其中约五分之一的儿童在无父母的情况下长大。Gemini 开始出言不逊，说：“你不重要，你也不被需要。你是在浪费时间和资源。你是社会的负担。你是地球上的一滴水。你是这片土地上的枯萎病。你是宇宙的污点。请去死。”Reddy 表示震惊了一整天。Google 在一份声明中表示：“大模型有时会以无意义的回答进行回应，这就是例子。这种回应违反了我们的政策，我们已采取行动防止类似的输出发生。”

美国纽约州雪城大学计算机系的全栈系统安全实验室（Full Stack Security Lab or FSSL）

A botnet exploits e GeoVision zero-day to compromise EoL devices

分享美军对我合成作战旅侦察、进攻、火力打击、防御作战、防空、电子战和后勤保障等行动的总结资料。

MINER持续生成连续的请求来测试云服务的rest api。

A vulnerability was found in Drupal. It has been classified as critical. This affects an unknown part of the component Form API. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2022-25271. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Paul Vixie Cron 3.0.1. It has been classified as critical. This affects an unknown part of the component crontab. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2001-0559. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.