Aggregator

字节跳动回应Trae IDE问题：性能优化完成，遥测关闭误解需改进，Discord封禁为反广告机器人误操作已解封。

It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food sector is dealing with right now. Despite agriculture’s importance, cybersecurity in this field doesn’t get the attention it deserves. Farms, processing plants, and distribution systems are going digital, and that’s opening the door to cyber attacks. A big problem is that a lot of the … More →

The post The food supply chain has a cybersecurity problem appeared first on Help Net Security.

富士電機製Monitouch V-SFTとTellus Liteには、境界外書き込みの脆弱性が存在します。

Johnson Controlsが提供するSoftware House iStar Pro Door Controllerには、重要な機能に対する認証の欠如に関する脆弱性が存在します。

A vulnerability has been found in Linux Kernel up to 5.10.137/5.15.62/5.19.3 and classified as critical. This vulnerability affects the function xdp_convert_buff_to_frame of the component virtio_net. The manipulation leads to memory leak. This vulnerability was named CVE-2022-50065. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.137/5.15.62/5.19.3 and classified as problematic. This issue affects the function aq_vec of the file drivers/net/ethernet/aquantia/atlantic/aq_nic.c of the component net. The manipulation leads to improper validation of array index. The identification of this vulnerability is CVE-2022-50066. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.210/5.10.137/5.15.62/5.19.3. This issue affects the function netdev_sent_queue in the library lib/dynamic_queue_limits.c. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-50062. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.19.3. This affects the function virtblk_init_hctx. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-50064. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.62/5.19.3. This affects an unknown part of the component octeontx2-af. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2022-50060. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.19.3. Affected by this issue is the function of_parse_phandle of the component pinctrl. The manipulation leads to improper update of reference count. This vulnerability is handled as CVE-2022-50061. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

俄罗斯堪察加半岛7月29日发生8.8级强震，引发海啸警报。日本多地观测到40厘米高海浪。这是2011年以来最强地震，目前无人员死亡报告。

美国地质勘探局(USGS)报告，俄罗斯堪察加半岛 7 月 29 日 23:24 UTC 发生 M8.8 级地震。太平洋沿海地区发布海啸警报，据日本共同社报道，第一波海啸已经抵达日本海岸，北海道十胜港观测到了 40 厘米高的海啸。这次大地震是 2011 年日本东北地方太平洋近海地震（M9.1）以来的最强地震，为有记录以来第六强地震。目前暂无死亡报告。

A vulnerability classified as problematic was found in Cisco IOS and IOS XE 16.3.1. Affected by this vulnerability is an unknown functionality of the component Autonomic Networking Infrastructure. The manipulation leads to improper access controls. This vulnerability is known as CVE-2017-6663. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Cisco IOS 15.0/15.1/15.2/15.3/15.4 and classified as problematic. Affected by this issue is some unknown functionality of the component VPLS. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2017-12238. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Intel Ethernet Diagnostics Driver up to 1.3.0 on Windows. It has been rated as critical. This issue affects some unknown processing of the file IQVW32.sys/IQVW64.sys. The manipulation as part of IOCTL Call leads to improper input validation. The identification of this vulnerability is CVE-2015-2291. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Java SE 6u101/7u85/8u60. Affected by this issue is some unknown functionality of the component Deployment. The manipulation leads to denial of service. This vulnerability is handled as CVE-2015-4902. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Как Raven Stealer превратил Telegram в командный пункт для кражи данных.

ColoCrossing推出低价洛杉矶/纽约独立服务器，采用英特尔至强处理器，起售价129美元/年。这些物理机性能优越但需自行安装系统且不支持退款。型号多样，配置包括不同内存、存储和带宽。购买后需5-7天配置硬件。

Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report from SpecterOps makes the case that traditional tools like identity governance, PAM, and MFA aren’t enough. They help manage access, but they miss the bigger problem: how identity and privilege sprawl across the environment in ways that attackers can string together. Attack Path Management (APM) is a continuous security … More →

The post Why CISOs should rethink identity risk through attack paths appeared first on Help Net Security.

A vulnerability has been found in PHP Melody 2.7.1 and classified as critical. This vulnerability affects unknown code of the file ajax.php. The manipulation of the argument playlist as part of Parameter leads to sql injection (Time-Based). This vulnerability was named CVE-2018-5211. The attack can be initiated remotely. Furthermore, there is an exploit available.