Aggregator

A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-3847. The attack can be initiated remotely. Furthermore, there is an exploit available. We tried to contact the vendor early about the disclosure but the official mail address was not working properly. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Check Point

Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal privileges to escalate their access and take full control over the APIM service. These vulnerabilities were reported to Microsoft, leading to some fixes. However, certain issues remain unresolved, exposing many users unless they manually disable legacy API […]

The post Azure API Management Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

用于自动化工业系统实时分布式控制的 Fieldbus 子系统于 2019 年合并到 Linux 主线，但五年之后由于无人维护它面临从内核移除。目前不清楚 Fieldbus 的实际使用情况，该子系统维护者上一次评估代码是在 2021 年 5 月，维护者显然已经失去了兴趣。移除该子系统的补丁已进入 staging-next 队列，预计将在 Linux 6.13 合并窗口中合并将其删除。

A vulnerability was found in Apple iOS up to 9.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Kernel. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-1827. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

主站 分类 漏洞 工具 极客

Переход на облачные сервисы — новая тенденция защиты.

Interpol claims an international policing operation has shuttered 22,000 IPs connected with cybercrime

Месопотамия преподносит нам новые сюрпризы.

Authlete launched Authlete 3.0, offering support for OpenID for Verifiable Credential Issuance (OID4VCI). This new capability empowers organizations—including governments, financial institutions, and educational establishments—to revolutionize how they issue and manage user credentials. With the introduction of Authlete 3.0, Authlete now offers a simple API solution for quickly issuing interoperable verifiable credentials (VCs) conformant with OID4VCI. Built on OAuth and OIDC—proven and widely used global standards for authentication and authorization—OID4VCI supports various credential formats, including SD-JWT … More →

The post Authlete 3.0 empowers organizations to improve how they issue and manage user credentials appeared first on Help Net Security.

Искусственный голос мастерски понимает нюансы и паузы человеческой речи.

超越苹果，英伟达再度登顶「全球第一」；OpenAI 据悉同美国加州洽谈，推动向营利性结构转变；腾讯开源最大 MoE 大语言模型

为了揭开人类衰老的秘密，研究人员可能最好观察在沙发上打盹的宠物，而不是实验室中的小鼠。近日公布的一项研究结果显示，随着猫的年龄增长，它们的大脑出现了萎缩和认知能力下降的迹象，与衰老的小鼠大脑的变化相比，这种退化更类似于衰老的人类。这一结果是名为“翻译时间（Translating Time）”的大型项目的一部分，该项目比较了 150 多种哺乳动物的大脑发育情况，目前正在扩展到包括衰老的数据。研究人员希望这些数据将有助于破解与年龄相关的疾病的原因，特别是影响大脑的疾病，如阿尔茨海默病。研究小组收集的大脑扫描显示，老年猫的脑容量变化与老年人的脑容量变化相似。先前的研究还表明，猫可以积聚斑块和异常蛋白质缠结，类似于人类阿尔茨海默病的特征。

Welcome to ANY.RUN‘s monthly updates, where we share our latest achievements and improvements.  October has been another productive month here at ANY.RUN, filled with new features to enhance your cybersecurity toolkit. We’ve introduced TI Lookup Notifications for real-time threat updates, rolled out a newly improved Linux sandbox for smoother malware analysis, and added the ability to export STIX reports for seamless […]

The post Release Notes: TI Lookup Notifications, Upgraded Linux Sandbox, STIX Reports, <br>and More  appeared first on ANY.RUN's Cybersecurity Blog.

Synology addressed a critical vulnerability in DiskStation and BeePhotos NAS devices that could lead to remote code execution. Taiwanese vendor Synology has addressed a critical security vulnerability, tracked as CVE-2024-10443, that impacts DiskStation and BeePhotos. An attacker can exploit the flaw without any user interaction and successful exploitation of this flaw could lead to remote […]

Социальная сеть толкает детей в пропасть.

新闻速览 •《终端计算机通用安全技术规范》等3项网络安全国家标准获批发布 •OWASP推出三大AI应用安全指南 […]

当前，随着数字经济的快速发展，数字中国的建设在各行各业中蓬勃推进。金融作为数字化转型的先锋行业，其探索已经从浅 […]