Aggregator

A vulnerability, which was classified as very critical, has been found in c-ares up to 1.11.x. This issue affects the function ares_create_query. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2016-5180. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

游戏公司纷纷拥抱生成式 AI，但任天堂的传奇设计师宫本茂表示，该公司会走不同的方向。宫本茂表示这不是为了走反方向而走反方向，这是为了尝试找出任天堂的特别之处。有很多关于 AI 的讨论。每个人都朝着相同的方向前进，但任天堂宁愿走不同的方向。任天堂总裁古川俊太郎在 7 月回答投资者提问时也对 AI 的使用表达了模糊的立场，称生成式 AI 可以创造性的使用，但也可能引发知识产权方面的问题。

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.9. This issue affects some unknown processing of the component ethtool. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-46834. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Дорогостоящая система привела к произволу полиции и дискриминации населения.

A vulnerability classified as problematic was found in Linux Kernel up to 6.10.8. This vulnerability affects the function amdgpu_irq_put of the component AMD Display. The manipulation leads to state issue. This vulnerability was named CVE-2024-46820. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.10.8. This affects the function gpio_id of the component AMD Display. The manipulation leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2024-46818. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component AMD Display. The manipulation of the argument amdgpu_dm leads to improper initialization. This vulnerability is handled as CVE-2024-46817. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A researcher has disclosed details of an unpatched Linux vulnerability, initially labeled as critical, that allows remote code execution. The popular cybersecurity researcher Simone Margaritelli (@evilsocket) disclosed technical details of an unpatched vulnerability impacting Linux systems. On September 23, Margaritelli announced plans to disclose an unauthenticated remote code execution (RCE) vulnerability affecting all GNU/Linux systems […]

A vulnerability was found in Linux Kernel up to 6.10.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component AMD Display. The manipulation of the argument amdgpu_dm leads to improper initialization. This vulnerability is known as CVE-2024-46816. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.8. It has been classified as problematic. Affected is the function num_valid_sets of the component AMD Display. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-46815. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.225/5.15.166/6.1.108/6.6.49/6.10.8 and classified as critical. This issue affects some unknown processing of the component AMD Display. The manipulation of the argument msg_id leads to improper validation of array index. The identification of this vulnerability is CVE-2024-46814. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Name: H7CTF International (an H7CTF International event.)
Date: Sept. 26, 2024, 3:30 a.m. — 27 Sept. 2024, 11:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.h7tex.com/
Rating weight: 22.67
Event organizers: H7Tex

Google Says Rust Language Initiative Eliminates Cross-Site Scripting, Other Flaws
Google says switching to a memory-safe language such as Rust under its Safe Coding program has helped significantly reduce the number of vulnerabilities in Android systems. The number of vulnerabilities uncovered in Android devices has fallen from over 200 in 2019 to fewer than 50 by 2024.

Also: Ransomware Surged in 2023, MoneyGram Back in Service After Cyberattack
This week, advice on spotting North Korean staff; ransomware attacks rose; MoneyGram back online; FCC fined political operative; CISA warned of water system attacks; Ukraine restricted Telegram use; North Korean hackers used new malware; U.K. arrested alleged hacker; PSNI is in data leak talks.

Draft Guidelines Call for Longer, Randomized Passwords Instead of Memorized Phrases
The National Institute of Standards and Technology is calling for longer, randomized passwords instead of memorized phrases containing combinations of upper and lowercase letters in new guidance that aims to modernize current password practices across the public and private sectors.

Featurespace's AI Expertise Will Enhance Visa's Fraud, Risk and Payments Technology
Visa has signed a definitive agreement to acquire AI-driven fraud prevention leader Featurespace. This acquisition will reinforce Visa's fraud detection capabilities, integrating advanced machine learning technology to strengthen financial crime prevention and protect global transactions.

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

A vulnerability has been found in Linux Kernel up to 6.1.108/6.6.49/6.10.8 and classified as problematic. This vulnerability affects unknown code of the component AMD Display. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-46812. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.10.9. This affects the function rt_mutex_handle_deadlock. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2024-46829. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.