Aggregator

A vulnerability was found in Microsoft Windows and classified as very critical. This issue affects some unknown processing of the component CSRSS. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2022-22047. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Questions For Confluence App 2.7.34/2.7.35/3.0.2. Affected by this issue is some unknown functionality. The manipulation leads to hard-coded credentials. This vulnerability is handled as CVE-2022-26138. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component Support Diagnostic Tool. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2022-34713. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Synacor Zimbra Collaboration Suite 8.8.15/9.0 and classified as critical. Affected by this issue is some unknown functionality of the component mboximport. The manipulation leads to pathname traversal. This vulnerability is handled as CVE-2022-37042. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component Intents. The manipulation leads to improper input validation. This vulnerability was named CVE-2022-2856. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle SD-WAN Edge 7.0.7 and classified as critical. This vulnerability affects unknown code of the component Platform. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2021-4034. Local access is required to approach this attack. Furthermore, there is an exploit available.

В ЦЕРН протестировали машину, которая поможет ученым инспектировать коллайдер.

聚焦AI+YAK，推动安全产业融合发展。

两大院士谈网络空间安全，四大论坛探索前沿议题。

共建繁荣生态，达成互利共赢。

密码在身份认证、授权访问、数据加密等方面为智能网联汽车提供全面防护。

Third-party breaches pose a significant challenge to organizations, demanding meticulous attention and measures to prevent data compromises.

The post The Problem With Third-Party Breaches: A Data Protection Dilemma   appeared first on Security Boulevard.

近期威胁情报速览！

恶意软件整体较6月呈现活跃上升趋势

A vulnerability was found in HP Photo Digital Imaging Activex Control 2.0.0.133. It has been classified as critical. This affects an unknown part in the library hpqxml.dll of the component ActiveX Control. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2007-3487. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in AFTERLIFE WITH ARCHIE 2.4.1 and classified as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6953. Access to the local network is required for this attack. There is no exploit available.

Кто стоит за очередной крупной кражей криптовалюты?

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

久違的筆記，想寫很久了但一直拖延，像是 CTF 這種東西的 writeup 其實速度滿重要的，因為賽後討論大部分都在 Discord 裡面發生，時間久了訊息比較難找，而且很有可能忘記，要趕快寫成 writeup 才能把那些實用的資訊記錄下來。

這篇一次帶來三個 CTF 的 writeup，有些我沒有打，只是純粹看著別人的筆記重新記一遍而已。

關鍵字列表：

1. bfcache
2. response splitting
3. Service-Worker-Allowed
4. gunicorn script_name
5. socket.io disconnect
6. socket.io JSONP CSP bypass
7. performance API
8. streaming HTML parsing
9. content-type ISO-2022-JP

The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training