Aggregator

A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online with the name name Altam Beezley, gained access to files containing confidential testimony from a woman who claims she had […]

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sp

随着Zero Day Quest黑客活动的启动，微软正在加强其漏洞悬赏计划。该活动的潜在奖励高达 400 万美元，主要用于推动云计算和人工智能等关键领域的研究。 活动重点 该活动邀请安全研究人员发现并报告微软人工智能和云赏金计划中具有重大影响的漏洞： AI、Microsoft Azure、Microsoft Identity、M365、Microsoft Dynamics 365 和 Power Platform。 “为了促进人工智能安全，我们将提供双倍的人工智能赏金奖励。我们还将为研究人员提供直接接触微软人工智能工程师（专注于开发安全的人工智能解决方案）和我们的人工智能红队（AI Red Team）的机会。微软安全响应中心（MSRC）工程副总裁汤姆-加拉格尔（Tom Gallagher）解释说：“这个机会将使参与者能够利用最先进的工具和技术提高自己的技能，并与微软合作提高整个生态系统的人工智能安全标准–让每个人都更安全。”他还邀请感兴趣的研究人员注册参加微软人工智能红队的培训课程。 一旦漏洞得到修复，我们将鼓励研究人员公开讨论他们的发现。微软表示，它将通过 “常见漏洞与暴露”（CVE）计划透明地分享云服务漏洞，即使这些漏洞不需要客户采取行动。 零日探索挑战 零日探索 “为参与者提供了两个独特的机会： 研究挑战： 这项挑战向所有人开放，邀请世界各地的研究人员通过发现和报告上述解决方案中的漏洞来展示他们的专业知识。研究挑战赛将从太平洋时间 2024 年 11 月 19 日上午 12:00 开始，持续到太平洋时间 2025 年 1 月 19 日晚上 11:59。 现场黑客活动： 这项仅限受邀者参加的活动将于 2025 年在华盛顿州雷德蒙德的微软园区举行，专为在 2024 年 Azure、Dynamics 和 Office 年度排行榜上排名前 10 位的微软研究人员准备。此外，还将根据参加公开研究挑战赛的实力邀请另外45名研究人员。     转自安全客，原文链接：https://www.anquanke.com/post/id/302015 封面来源于网络，如有侵权请联系删除

也不知道美军对我军的战术总结得怎样，他们真的对我军了解吗​？

Тот случай, когда ваш телефон выступает главным инструментом хакеров.

A vulnerability was found in KafooeyBlog 1.55b. It has been classified as critical. This affects an unknown part in the library lib/image_upload.php of the component File Upload. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2008-5732. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Entechtaiwan PowerStrip. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2008-5725. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as very critical has been found in CoolPlayer 2.17/2.18/2.19. Affected is an unknown function of the file skin.c. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2008-5735. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Emefa Guestbook 3.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2008-5852. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Cilekyazilim ChiCoMaS 2.0.4. This vulnerability affects unknown code of the file index.php. The manipulation of the argument q leads to cross site scripting. This vulnerability was named CVE-2008-2186. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in ChiCoMaS 2.0.3/2.0.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file backup. The manipulation leads to improper access controls. This vulnerability is known as CVE-2008-5853. The attack can be launched remotely. Furthermore, there is an exploit available.

Toekomstbestendig, duurzaam en vooral: effectief. Het Logistiek Centrum Soesterberg (LCS) wordt hét nieuwe logistieke knooppunt voor de Koninklijke Landmacht. Vandaag werd de eerste paal van het gebouw in de grond geslagen op Kamp Soesterberg. De realisatie gebeurt in samenwerking met verschillende civiele partners, onder leiding van Rhenus Logistics.

error code: 521

A vulnerability classified as critical has been found in Pegasystems Pega Infinity up to 24.1.1. This affects an unknown part. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-10094. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

苹果计划向竞争对手的流媒体服务授权 Apple TV+ 的独占内容，此举旨在节省资金和扩大影响面。自 2019 年 Apple TV+ 推出以来，苹果斥资逾 200 亿美元打造原创内容。但

Though information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.