Aggregator

Authors/Presenters: Yisroel Mirsky

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Your AI Assistant Has A Big Mouth: A New Side Channel Attack appeared first on Security Boulevard.

新闻速览•《终端计算机通用安全技术规范》等3项网络安全国家标准获批发布•OWASP推出三大AI应用安全指南 全方位应对生成式AI风险•美国联邦机构发布全新零信任数据安全指南•突破性进展！Google

当前，随着数字经济的快速发展，数字中国的建设在各行各业中蓬勃推进。金融作为数字化转型的先锋行业，其探索已经从浅层的流程优化逐步深入到更为全面、深刻的系统革新。金融业务需要快速响应市场变化，推动业务的高

A vulnerability classified as problematic has been found in Idera Uptime Infrastructure Monitor up to 7.6. Affected is an unknown function of the component up.time Client. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2015-2896. It is possible to launch the attack remotely. There is no exploit available.

Учёные проверили концепцию устойчивого транспорта в вакуумной среде.

如今，刷脸支付已悄然成为热门支付方式之一，但刷脸支付的安全保障却未得到应有重视。近期，某市地铁站自动售货机等一大批设备供应商被有关部门约谈，要求全面整改，这无疑给“不设防”的刷脸支付敲响了警钟。

在数字化转型的大潮中，中间件的管理与维护成为企业IT架构中的关键环节。面对复杂多变的业务需求和信创战略的深入实施，宝兰德推出了中间件统一管理平台，为信创环境下各种商用、开源、云上、云下的中间件运维管理带来了创新性的改变。

人工智能是引领新一轮科技革命和产业变革的战略性技术，是推动我国生产力整体跃升的重要战略资源。面对全球人工智能发展进入新一轮爆发期的战略机遇，需要我们制定有针对性的政策措施，加快构建形成适应人工智能产业发展的制度环境。

近日，科技部网站发布《关于政协第十四届全国委员会第二次会议第02025号（工交邮电类287号）提案答复的函》和《关于政协第十四届全国委员会第二次会议第02748号（工交邮电类392号）提案答复的函》。

11月1日，以“无界BOUNDLESS·数织未来AI同行”为主题的2024 绿盟科技TechWorld智慧安全大会在北京举行。

勒索病毒的出现，极大地改变了网络安全的基本环境和游戏规则，成为当今世界网络空间中最大的不确定因素。

当前，国际社会已经形成了一系列关于国际刑事协助的基本原则，这些原则构成了国际刑事司法合作框架的核心，确保了各国在共同打击网络犯罪时权利和义务的平衡。随着数字时代的到来和跨国网络犯罪形式的不断演变，传统原则正面临新的挑战。

A Threat Actor is Allegedly Selling the Database of Sucre Jewelry Design Limited Containing Over 2 Million Lines of Data

A vulnerability has been found in German National Identity Card up to 2024-02-15 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Online-Ausweis-Funktion eID Scheme Handler. The manipulation leads to authentication bypass by spoofing. This vulnerability is known as CVE-2024-23674. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.15.133/6.1.55/6.5.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the component sun6i. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-52511. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Google Android. This affects an unknown part of the component ACPM. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-22006. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Elspec G5 Digital Fault Recorder up to 1.1.4.15. Affected by this vulnerability is an unknown functionality of the component shadow File. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2024-22085. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.10.209/5.15.148/6.1.75/6.6.14/6.7.2. It has been classified as critical. Affected is the function __dma_async_device_channel_register of the component dmaengine. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-52492. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Omdia Principal Analyst Hollie Hennessy says that until a promising new set of regulations around the world comes online, connected device security entails a shared responsibility among consumers, enterprises, and manufacturers.