Aggregator

本周，互联网网络安全态势整体评价为良。

本周，互联网网络安全态势整体评价为良。

本周，互联网网络安全态势整体评价为优。

本周，互联网网络安全态势整体评价为良。

February Patch Tuesday sees Microsoft fix four zero-days, including two under active exploitation

A vulnerability classified as problematic has been found in GNU Emacs. Affected is an unknown function of the component man URI Scheme Handler. The manipulation leads to injection. This vulnerability is traded as CVE-2025-1244. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Extra Innovation acmailer CGI up to 4.0.5. It has been rated as problematic. This issue affects some unknown processing of the component Management Page. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-49780. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in smackcoders Export All Posts, Products, Orders, Refunds & Users Plugin up to 2.9.3 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the file /wp-content/uploads/smack_uci_uploads/exports/. The manipulation leads to insecure storage of sensitive information. This vulnerability was named CVE-2024-12315. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in LCweb Global Gallery Plugin up to 9.1.5 on WordPress. It has been classified as problematic. This affects an unknown part of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-13814. It is possible to initiate the attack remotely. There is no exploit available.

研究人员开发出一种被称为 Torque Clustering 的新 AI 算法，它比目前的方法更接近自然智能。它极大地改善了 AI 系统在没有人类指导的情况下独立学习和发现数据模式的方式。目前几乎所有的 AI 技术都依赖于监督学习，这种训练方法需要人类使用预定义的类别或值对大量数据进行标记，这样 AI 可以做出预测并看到关系。Torque Clustering 算法优于传统的无监督学习方法，提供了潜在的范式转换。它是完全自主的，无参数的，并且能够以卓越的计算效率处理大型数据集。它已经在 1000 个不同的数据集上进行了严格的测试，达到了97.7%的 AMI 得分。相比之下，其他最先进的方法只能达到 80% 的分数。

Как китайский чат-бот превратил смартфоны в инструмент слежки.

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge

Thales launched OneWelcome FIDO Key Lifecycle Management, a new solution to help large organizations successfully deploy and manage FIDO security passkeys at scale. OneWelcome FIDO Key Lifecycle Management combines an interoperable management platform with Thales hardware FIDO security keys (passkeys) specifically designed by Thales for use in large organizations. The solution helps CISOs accelerate and secure their passwordless journey by managing FIDO security keys at scale, in a simple and efficient way, throughout their lifecycle. … More →

The post Thales launches OneWelcome FIDO Key Lifecycle Management appeared first on Help Net Security.

The US and its allies have sanctioned Russian bulletproof hoster Zservers for abetting ransomware attacks

Currently trending CVE - hypeScore: 1 - The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the

Currently trending CVE - hypeScore: 2 - SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Currently trending CVE - hypeScore: 1 - SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.

Currently trending CVE - hypeScore: 1 - An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were no