Aggregator

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.96/6.6.36/6.9.7. Affected is the function kmsan_unpoison_memory of the file kernel/bpf/devmap.c. Such manipulation leads to improper initialization. This vulnerability is traded as CVE-2024-42063. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.36/6.9.7. Affected by this vulnerability is the function ata_port_alloc of the component libata-core. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2024-41098. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances were accessed. The companies noted that attackers had only limited access to Salesforce databases, not to other systems or resources. They warned, however, that the stolen customer data could be used for convincing phishing and social engineering … More →

The post Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach appeared first on Help Net Security.

唯有热爱，可抵岁月漫长。能死在键盘上，恰是我辈最好的归宿。

Experts have revealed an Azure AD vulnerability exposing ClientId and ClientSecret in a publicly accessible appsettings.json file

Artificial intelligence (AI) is rapidly transforming software development, accelerating innovation, streamlining processes, and opening the door to entirely new capabilities.

The post AI Governance and Risk in Securing Software Supply Chains appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.9.7. Affected is the function cxacru_bind of the file drivers/usb/core/urb.c of the component usb. Performing manipulation results in privilege escalation. This vulnerability was named CVE-2024-41097. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.36/6.9.7. This impacts the function __msi_domain_alloc_locked of the component MSI. This manipulation causes use after free. This vulnerability appears as CVE-2024-41096. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.6.36/6.9.7. The affected element is the function vmalloc of the component fbdev-dma. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-41094. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.161/6.1.96/6.6.36/6.9.7. It has been rated as critical. This issue affects the function drm_gem_fb_get_obj of the component AMD GPU. Performing manipulation results in buffer overflow. This vulnerability is reported as CVE-2024-41093. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.9.7. It has been rated as critical. Affected is the function nv17_tv_get_ld_modes of the component dispnv04. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2024-41095. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.9.7. It has been declared as critical. This vulnerability affects the function nv17_tv_get_hd_modes. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2024-41089. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.10.220/5.15.161/6.1.96/6.6.36/6.9.7. Impacted is the function i915_vma_revoke_fence. Executing manipulation can lead to use after free. This vulnerability appears as CVE-2024-41092. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts. [...]

Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems. "MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse shell, and socket management," QiAnXin XLab said in a report published last week. "Compared to typical

A vulnerability marked as problematic has been reported in wasmtime 19.0.0. Affected by this issue is some unknown functionality of the component extenref-typed Element Segment Handler. Performing manipulation results in type confusion. This vulnerability is known as CVE-2024-30266. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.

为了更好地培养学生掌握先进的数据挖掘与分析方法，锻炼学生敏锐的情报洞察力，为将来投身于开源情报领域的工作奠定坚实的基础。特举办“第三届全国大学生开源情报数据采集与分析大赛”。

今天给大家推送联合国毒品与犯罪问题办公室的一些与犯罪情报分析相关的资料。

Добро пожаловать в термоэлектрическое будущее.

如果目前的趋势持续下去，2025 年可能是美国有记录以来人口总数首次下降的一年。人口增长有两大来源：自然增长（出生人口数减去死亡人口数）和净移民（入境人口数减去出境人口数）。去年美国的出生人口数比死亡人口数多 51.9 万人。这意味着净移民人口只要下降逾 50 万，就可能导致美国人口总数下降。皮尤研究中心最近对人口普查数据进行的分析发现，今年 1-6 月，美国外国出生人口几十年来首次下降超过 100 万。尽管部分经济学家对该报告提出质疑，但美国企业研究所（American Enterprise Institute）的另一项独立分析预测，2025 年美国净移民人数可能低至 -52.5 万。这一切都意味着美国 2025 的人口增长很可能是负值。