Aggregator

微软的AI医疗聊天机器人服务中存在严重的安全漏洞。漏洞允许未经授权的访问者获取用户和客户的个人信息。

当CrowdStrike正忙于应付“全球最大规模蓝屏事件”的客户集体诉讼时，微软公司本周发布的一个BitLocker安全补丁再次触发“蓝屏”事件。

RansomHub勒索软件团伙最近开始在攻击中使用一种新型恶意软件，名为“EDRKillShifter”，其设计目的是禁用终端检测与响应（EDR）安全软件，从而提高攻击成功率。

巴黎奥运会期间发生了超过140起网络攻击，影响均较低，未对比赛造成干扰。

党的二十届三中全会提出，完善生成式人工智能发展和管理机制。

德国康斯坦茨大学和维尔茨堡大学领导的国际研究团队，对动物界最大基因组的拥有者——肺鱼进行了基因组测序。肺鱼基因组约为人类基因组大小的 30 倍。测序数据有望揭示当今陆地脊椎动物的鱼类祖先如何成功登陆的奥秘。泥盆纪时期（约 4.2 亿至 3.6 亿年前），一种具有强健胸鳍和肺的肉鳍鱼类成功从浅水区域登陆，并能在海岸线上移动和呼吸，这与现今的陆地脊椎动物相似。这一事件标志着脊椎动物首次在陆地上移动，是进化史上的重要里程碑。所有后续的陆地脊椎动物，包括两栖动物、爬行动物、鸟类和哺乳动物（包括人类），都可追溯至这一鱼类祖先。然而肉鳍鱼类为何如此适应陆地环境仍是未解之谜。研究人员分析了泥盆纪祖先的现存最近亲属的遗传物质。这些最近亲属中，只有 3 个谱系的肺鱼至今仍存活，分别在非洲、南美洲和澳大利亚。研究人员对这 3 种谱系的肺鱼基因组进行了完整测序。结果显示，南美洲肺鱼的遗传物质在规模上打破了所有纪录：其 DNA 超过 900 亿个碱基，是已知最大的动物基因组，其大小是之前纪录保持者——澳大利亚肺鱼基因组的两倍多。

A vulnerability classified as critical has been found in vim up to 9.1.677. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-43374. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ibexa fieldtype-richtext up to 4.6.9. It has been rated as problematic. This issue affects some unknown processing of the component Blocklist Link Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-43369. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Уязвимость BitLocker исправлена, но какой ценой.

A vulnerability was found in Google Android 12/12L/13/14. It has been declared as problematic. This vulnerability affects the function setForceHideNonSystemOverlayWindowIfNeeded of the file WindowState.java of the component Lock Screen. The manipulation leads to state issue. This vulnerability was named CVE-2024-34741. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12/12L/13/14. It has been classified as problematic. This affects an unknown part of the file TranscodingResourcePolicy.cpp. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2024-34731. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

安全内参8月15日消息，法国当局周二表示，在巴黎奥运会期间，共报告了超过140起网络攻击，但均未对比赛造成干扰。 在奥运会筹备期间和整个比赛期间，法国的网络安全机构一直保持高度警戒，防范可能破坏组委会、票务或交通的攻击。 从7月26日到8月11日，法国政府网络安全机构ANSSI记录了119起影响较低的“安全事件”，以及22起“恶意行为者”成功攻击受害者信息系统的事件。 该机构表示，这些攻击主要针对政府实体以及体育、交通和电信基础设施。 根据ANSSI的数据，三分之一的事件是宕机事件，其中一半是通过拒绝服务攻击压垮服务器造成的。其他网络事件则与既遂或未遂系统入侵和数据泄露等相关。 ANSSI表示：“在此期间发生的所有网络事件具有共同特点，它们的影响一般较低。” 据ANSSI称，巴黎奥运会举办地大皇宫及法国其他约40家博物馆在8月初遭遇勒索软件攻击，但这并没有影响到奥运会比赛的信息系统。 勒索软件利用安全漏洞加密并阻止计算机系统运行，要求用户或组织支付赎金以解锁系统。 在因疫情推迟于2021年举办的东京奥运会上，组织者报告了4.5亿次此类操作，是2012年伦敦奥运会期间的两倍。 在巴黎奥运会之前，巴黎奥运会技术和信息系统主管Marie-Rose Bruno曾表示，他预计此次奥运会的网络攻击次数将是东京奥运会的“8到10倍”。   转自安全内参，原文链接：https://mp.weixin.qq.com/s/cNXD14jLGIIPhmorNbKtPg 封面来源于网络，如有侵权请联系删除

A vulnerability was found in CORDEA oauth up to 0.10 and classified as problematic. Affected by this issue is the function generatestate. The manipulation of the argument state leads to insufficiently random values. This vulnerability is handled as CVE-2024-42475. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Android and classified as critical. Affected by this vulnerability is the function _MMU_AllocLevel of the file mmu_common.c. The manipulation leads to integer overflow. This vulnerability is known as CVE-2024-31333. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Xpdf up to 4.05. Affected is an unknown function of the component DCT Stream Handler. The manipulation leads to uninitialized resource. This vulnerability is traded as CVE-2024-7868. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Cilium up to 1.15.7/1.16.0. This issue affects some unknown processing of the component HTTPRoutes/GRPCRoutes. The manipulation leads to http response splitting. The identification of this vulnerability is CVE-2024-42487. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in nickboss File Upload Plugin up to 4.24.8 on WordPress. This vulnerability affects unknown code of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7301. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in matter-labs era-compiler-vyper up to 1.5.2. This affects an unknown part. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2024-43366. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in guillaumepotier gettext.js up to 2.0.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /.po. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43370. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cilium up to 1.14.13/1.15.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Label Handler. The manipulation leads to race condition. This vulnerability is known as CVE-2024-42488. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.