Aggregator

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel attack that can infer eye-related biometrics from the avatar image to

Сотрудничество правоохранителей и регуляторов показывает пример глобального противодействия кибератакам.

A vulnerability was found in Google Android and classified as critical. Affected by this issue is the function get_futex_key of the file futex.c. The manipulation leads to use after free. This vulnerability is handled as CVE-2018-9422. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in gnuedu. This affects an unknown part of the file web/login.php. The manipulation of the argument LIBSDIR leads to code injection. This vulnerability is uniquely identified as CVE-2007-2609. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said. The teenager, who's from Walsall, is said to have been

A vulnerability classified as critical has been found in Linux Kernel up to 4.13.4. This affects an unknown part of the component Keyring Handler. The manipulation leads to credentials management. This vulnerability is uniquely identified as CVE-2017-18270. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

Are you confident your vulnerability management is doing its job, or do you sometimes feel like it’s falling short? Many companies invest time and resources into managing vulnerabilities, yet still...

The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Strobes Security.

The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Security Boulevard.

MIT чествует нестандартные научные достижения.

Een sterke en geloofwaardige krijgsmacht is nodig om Nederland veilig te houden. De actuele geopolitieke ontwikkelingen gaan gepaard met onrust en instabiliteit. De verschrikkelijke oorlog in Oekraïne, zorgwekkende situatie in het Midden-Oosten of de buitenlandse beïnvloeding vanuit bijvoorbeeld Rusland: het zijn allemaal zaken die ook Nederlandse belangen raken met risico’s voor onze fysieke, digitale en economische veiligheid. Dat staat in het regeerprogramma dat vandaag is gepresenteerd. Het kabinet brengt daarom de defensie-uitgaven in lijn met de 2% NAVO-norm.

A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. This vulnerability is known as CVE-2024-8784. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #407385 / VDB-277435

A vulnerability has been found in FedMsg up to 0.18.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Message Validation. The manipulation leads to improper input validation. This vulnerability is known as CVE-2017-1000001. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. This vulnerability is traded as CVE-2024-8783. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Met waarschuwingsschoten en gericht vuur wist de marine gisteren in de Caribische Zee een drugsboot te stoppen. Bij de actie is een partij van 1.363 kilo onderschept.

Submit #406368 / VDB-277434

By Joe Doyle If you’ve encountered cryptography software, you’ve probably heard the advice to never use a nonce twice—in fact, that’s where the word nonce (number used once) comes from. Depending on the cryptography involved, a reused nonce can reveal encrypted messages, or even leak your secret key! But common knowledge may not cover every […]

The post Friends don’t let friends reuse nonces appeared first on Security Boulevard.

Name: Haruulzangi CTF 2024 Qualifier (an Haruulzangi event.)
Date: Sept. 13, 2024, 4 a.m. — 13 Sept. 2024, 04:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://dashboard.haruulzangi.mn/
Rating weight: 23.33
Event organizers: haruulzangi-organizers