Aggregator

Password resets are more expensive for your organization than you may realize. Learn more from Specops Software on why password resets are so expensive and how a self-service password reset solution can save you money. [...]

If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.

基于大模型的 AI 系统如 GPT-4 和 Gemini 1.5 Pro 能以九成以上的正确率完成传统数学测试问题。但如果设计出一种全新的、大模型不可能训练过的数学难题呢？包括菲尔兹奖得主陶哲轩和 Timothy Gowers 在内的 60 多名数学家合作编写了数百道原创研究级数学难题，推出了新的高等数学基准测试 FrontierMath。这些问题非常具有挑战性，陶哲轩称需要相关领域研究生级别的专业人士合作才能完成。问题被设计为防猜测，如果没有正确的数学推理能力，它们是不可能解出的。顶级的 AI 系统只能完成不到 2% 的 FrontierMath 问题，显示它们的推理能力有局限性。

Key Findings: Introduction On October 30th, the FBI, the US Department of Treasury, and the Israeli National Cybersecurity Directorate (INCD) released a joint Cybersecurity Advisory regarding recent activities of the Iranian cyber group Emennet Pasargad. The group recently operated under the name Aria Sepehr Ayandehsazan (ASA) and is affiliated with the Iranian Islamic Revolutionary Guard Corps (IRGC). […]

The post Malware Spotlight:  A Deep-Dive Analysis of WezRat appeared first on Check Point Research.

A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function smb2_open of the component ksmbd. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2023-4458. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in lunary-ai lunary up to 1.3.3. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument id leads to improper access controls. This vulnerability was named CVE-2024-7474. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in mudler localai up to 2.20. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-7010. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. This vulnerability is known as CVE-2024-11207. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-11209. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in WPvivid Plugin up to 0.9.107 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2024-10962. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in QEMU. It has been declared as critical. Affected by this vulnerability is the function virtio_snd_pcm_in_cb of the component virtio-snd Device. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-7730. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in QEMU. It has been classified as critical. This affects the function sdhci_write_dataport. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-3447. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the NVD The National Vulnerability Database is a public repository of vulnerabilities that have been published on MITRE’s CVE List. “NVD staff are tasked with enrichment of CVEs by aggregating data points from the description, references … More →

The post NIST is chipping away at NVD backlog appeared first on Help Net Security.

Новая директива меняет правила для всех разработчиков программного обеспечения.