Aggregator

Загадочный AI-браузер готовится к выходу.

尽管美国的制裁旨在限制中国在 AI 上取得进展，但中国科技巨头今年在 AI 基础设施上大举投资，资本支出翻了一番。阿里巴巴、腾讯和百度今年上半年合计资本支出 500 亿元人民币，而去年同期为 230 亿元人民币。这几家集团表示，支出重点是购买处理器和基础设施，为 AI 的大型语言模型训练提供支持，包括它们自己的模型和其他公司的模型。TikTok 母公司字节跳动也增加了 AI 支出，它是非上市公司，不受投资者审查，拥有逾 500 亿美元现金储备。阿里巴巴上半年资本支出 230 亿元人民币，比去年同期增长 123%。尽管美国限制向中国出售最先进的 AI 芯片，但中国科技公司正大量采购允许出口的芯片如英伟达的 H20。英伟达未来几个月将向中国公司出口逾百万个价格在 1.2-1.3 万美元的 AI 芯片，它主要的客户是字节跳动。字节跳动除了购买 H20 用于中国的数据中心，还在马来西亚的 Johor 与合作伙伴建造数据中心。腾讯今年上半年资本支出 230 亿元人民币，同比增长 176%。百度的 AI 支出相当克制，它上半年支出 42 亿元人民币，同比增长 4%。

SPIFFE stands for Secure Production Identity Framework for Everyone, and aims to replace single-factor access credentials with a highly scalable identity solution. This blog post provides some practical applications of SPIFFE in real-world environments.

The post Getting Started With SPIFFE For Multi-Cloud Secure Workload Authentication appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in Stark Digital WP Testimonial Widget Plugin up to 3.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43967. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Kashipara Music Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /music/ajax.php?action=delete_genre. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-42791. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Stark Digital WP Testimonial Widget Plugin up to 3.1 on WordPress. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-43966. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Kashipara Music Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /music/controller.php?page=test. The manipulation of the argument page leads to cross site scripting. The identification of this vulnerability is CVE-2024-42789. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Kashipara Music Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /music/ajax.php?action=save_music. The manipulation of the argument title/artist leads to cross site scripting. This vulnerability was named CVE-2024-42788. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in BPQ32 6.0.24.1. It has been classified as critical. This affects an unknown part of the file /TermInput of the component HTTP Server. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-34087. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as very critical. Affected by this issue is the function setIptvInfo. The manipulation of the argument adv.iptv.stbpvid leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-44558. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function setIptvInfo. The manipulation of the argument stballvlans leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-44556. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Checkmk up to 2.0.0p39/2.1.0p46/2.2.0p32/2.3.0p13. Affected is an unknown function of the component View Page. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2024-38859. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.4. This issue affects some unknown processing of the component Login. The manipulation of the argument url leads to open redirect. The identification of this vulnerability is CVE-2024-39097. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Apache Portable Runtime up to 1.7.4 on Unix. This vulnerability affects unknown code in the library apr.h. The manipulation leads to memory corruption. This vulnerability was named CVE-2023-49582. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Kashipara Music Management System 1.0. This affects an unknown part of the file /music/ajax.php?action=save_playlist. The manipulation of the argument title/description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-42787. It is possible to initiate the attack remotely. There is no exploit available.

As the entire Port of Seattle struggles to become fully operational once more, the airport recommends that those who are traveling take extra precautions.

Authors/Presenters:Komail Dharsee and John Criswell, University of Rochester

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Jinn: Hijacking Safe Programs with Trojans appeared first on Security Boulevard.

Greasy Opal is a Czech Republic-based hacking group selling products that can be used for deploying cyber-attacks

SonicWall's SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash. [...]

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS