Aggregator

WhatsApp披露一起黑客活动，七名意大利人及十几个欧洲国家的受害者遭间谍软件攻击。意大利政府否认参与，并称正调查Paragon Solutions公司的行为。受害者包括记者和移民倡导者等。WhatsApp称攻击者使用恶意PDF文件，并已关闭攻击途径。

本文介绍了播客《Smashing Security》第403集的内容，探讨了Coinbase用户损失6500万美元事件、PowerSchool数据泄露问题及QR码安全风险。主持人Graham Cluley和Carole Theriault邀请嘉宾Geoff White参与讨论，并提醒听众内容可能包含成人主题和粗俗语言。

文章探讨了人工智能（AI）技术的快速发展及其在网络安全领域的双刃剑作用。从历史里程碑到当前应用，AI不仅提升了威胁检测和防御能力（如漏洞挖掘、异常行为检测），也为攻击者提供了更高效的工具（如自动化攻击链）。尽管技术进步显著，但安全研究仍滞后于技术发展。未来需关注AI自身的安全性及潜在风险。

AI技术是一把双刃剑。

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Moroccan Soldiers Targeted Multiple Websites

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]

A vulnerability, which was classified as very critical, has been found in ManageEngine PasswordManager Pro. Affected by this issue is some unknown functionality. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2007-2429. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Intel AMT. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2022-26845. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel AMT. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-27497. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Intel XMM 7560. Affected is an unknown function of the component Cleanup Handler. The manipulation leads to incomplete cleanup. This vulnerability is traded as CVE-2022-27639. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Intel Hyperscan Library. Affected by this vulnerability is an unknown functionality. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2022-29486. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Intel Quartus Prime Standard Edition 21.1 and classified as critical. This vulnerability affects unknown code. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2022-27187. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Advanced Link Analyzer Pro and classified as critical. This issue affects some unknown processing. The manipulation leads to uncontrolled search path. The identification of this vulnerability is CVE-2022-27638. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel XMM 7560. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2022-27874. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel XMM 7560. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper input validation. This vulnerability is known as CVE-2022-28126. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel XMM 7560. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2022-28611. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Intel SPS 04.01.04.530.0/04.04.04.300.0/04.08.04.330.0. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-29515. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.