Aggregator

A vulnerability, which was classified as problematic, has been found in IBM Aspera Faspex up to 5.0.9. This issue affects some unknown processing. The manipulation leads to trusting http permission methods on the server side. The identification of this vulnerability is CVE-2024-45097. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in za-internet C-MOR Video Surveillance 5.2401. This vulnerability affects unknown code of the file download-bkf.pml. The manipulation leads to path traversal. This vulnerability was named CVE-2024-45178. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in za-internet C-MOR Video Surveillance 5.2401. This affects an unknown part of the component Web Interface. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-45173. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in za-internet C-MOR Video Surveillance 5.2401. It has been rated as critical. Affected by this issue is some unknown functionality of the file /srv/www/backups. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-45171. The attack may be launched remotely. There is no exploit available.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Lava Lakes’ appeared first on Security Boulevard.

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. [...]

昨天，“数说安全”微信公众号发布了一篇文章《各网安上市公司的现金还能撑多久》，本文用今年中报的数据进行了更新，和扩展。

North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. [...]

大模型能比人类更快的概述一篇长文，因此很多用户和企业尝试用它去概述冗长的文档以方便阅读。澳大利亚证券和投资委员会(ASIC)对此展开了研究，他们测试了开源大模型 Llama2-70B，发现它提供的概述相比人类提供的差很多。Llama2-70B 不是目前最先进的大模型，这一结果不太能够推广到最先进大模型的概述能力。尽管如此，研究表明，大型组织在将大模型的输出集成到现有工作流前需要三思。ASIC 发现，大模型生成的概述太笼统，还常常包含不正确的信息，语法正确，但幻觉无法避免。对比测试发现，AI 的平均得分为 7/15，而人类是 12.2/15。

Проект по оцифровке книг был запущен в разгар пандемии для поддержки читателей.

Post-Quantum Cryptography (PQC) is a new generation of encryption algorithms for protecting data against powerful quantum computers. Quantum computers use quantum mechanics to solve complex problems much faster than traditional computers. With rapid advancements in quantum computing, current encryption algorithms like RSA are at risk of being broken, which would take regular computers hundreds or […]

The post Understanding Quantum Threats and How to Secure Data with Post-Quantum Cryptography appeared first on Security Boulevard.

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1

Эксперимент показал: люди переоценивают возможности ИИ.

繼輔仁大學及國立臺灣科技大學戴夫寇爾資訊安全獎學金頒布後，我們很高興地宣佈，2024 年度「全國資訊安全獎學金」及「資安教育活動贊助計畫」於即日起開放報名。

自 2012 年創立之初，DEVCORE 即秉持著提升台灣資安競爭力、讓世界更安全的初衷，將人才培育視為己任，透過參與教育部資安人才培育計畫、創辦 DEVCORE 實習生計畫、啟動戴夫寇爾資安獎學金、辦理資安教育活動贊助計畫等方式，協助資安人才茁壯成長。

DEVCORE 全國資訊安全獎學金

DEVCORE 於 2020 年首次舉辦「戴夫寇爾資安獎學金計畫」，原為感念過去學生時代受到的多方資源及鼓勵，獎學金頒發範圍為經營團隊母校的輔仁大學及國立臺灣科技大學，後為培育更多有志青年學子，擴大獎學金範圍，開放全國各地學生報名申請，期待能推廣「駭客思維」、強化資安技能，並幫助在學學生了解資安產業生態及現況、降低學用落差，未來成為新一代的攻擊型資安人才，為資安產業注入新活力。

「戴夫寇爾全國資訊安全獎學金」歡迎所有在資訊安全領域有出眾研究成果的學生報名申請，有意申請者須提出學習資安的動機與歷程，並繳交資安研究或比賽成果，我們將從中擇優選取 10 名，獲選者可獲最高 2 萬元的研究補助。詳細申請辦法如下：

• 申請資格：全國各大專院校學生皆可以申請。
• 獎學金金額/名額：每年度取 10 名，每名可獲得獎學金新台幣 20,000 元整，共計 20 萬元。如報名踴躍，我們將視申請狀況增加名額。
• 申請時程：
  • 2024/9/6 官網公告獎學金計畫資訊
  • 2024/9/6 - 2024/10/3 開放收件
  • 2024/10/31 公布審查結果，並將於 11 至 12 月間頒發獎學金
• 申請辦法：
  • 請依⽂件檢核表項次順序排列已附⽂件，彙整為⼀份 PDF 檔案，寄⾄ [email protected]。
  • 信件主旨及 PDF 檔案名稱請符合以下格式：[全國獎學⾦申請] 學校名稱_學號_姓名（範例：[全國獎學⾦申請] 輔仁⼤學_B11100000_王⼩美）。
  • 請申請⼈⾃我檢核並於申請⼈檢核區勾選已附⽂件，若⽂件不⿑或未確實勾選恕不受理申請。
• 須檢附文件：
  • 本獎學⾦申請表
  • 在學證明
  • 最近⼀學期成績單
  • 學習資訊安全之動機與歷程⼼得⼀篇：字數 500 - 2000 字
  • 資訊安全技術相關研究成果：至少須從以下六項目中擇一繳交，包含研討會投稿、漏洞獎勵計畫、弱點研究、資訊安全比賽、資安工具研究、技術文章發表等成果
  • 社群經營成果：至少須從以下兩項目中擇一繳交，包含校園資安社團、公開資安社群等
  • 推薦函：導師、系主任、其他教授或業界⼈⼠推薦函，⾄少須取得兩封以上推薦函

DEVCORE 資安教育活動贊助計劃

今年我們也將持續贊助資安教育活動，提供經費予資安相關之社群、社團辦理各項活動，凝聚台灣資安社群，加速培育台灣的資安新銳。

• 申請資格：與資安議題相關之社群、社團活動，請由 1 位社團代表人填寫資料。
• 贊助金額：依各社團活動需求及與 DEVCORE 團隊討論而定，每次最高補助金額為新台幣 20,000 元整。
• 申請時程：如欲申請此計畫的社團或活動，請於 2024/10/31 前透過以下連結填寫初步資料，我們將於 30 日內通知符合申請資格者提供進一步資料，不符合資格者將不另行通知。
• 申請連結：DEVCORE 2024 年資安教育活動贊助調查
• 須提供資料：
  • 申請資格：申請人需以各資安社群或社團名義提出申請。
  • 聯絡電子郵件
  • 想要辦理的活動類型
  • 想要辦理的活動方式
  • 活動總預算
  • 預計需要贊助金額
  • 代表人姓名、連絡電話
  • 團體名稱
  • 團體單位網址
• 注意事項：
  • 申請案審核將經過 DEVCORE 內部審核機制，並保有最終核決權。
  • 本問卷僅供初步意願蒐集用途，符合申請資格者，DEVCORE 將於 30 日內通知提供進一步資料供審核，其餘將不另行通知。
  • DEVCORE 保有修改、暫停或終止本贊助計畫之權利。

Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads

A SaaS security playbook provides a strategic approach to securing Software-as-a-Service (SaaS) environments, which have become an integral part of modern business operations. With SaaS platforms hosting critical applications and data, it's essential...