Aggregator

主站 分类 漏洞 工具 极客

借助降级攻击，他们能够捕获部分WPA3交互信息，再结合社会工程技术恢复网络密码。

云鲸张峻彬的野心终于藏不住了。作者 | 拉风的极客整个双十一，云鲸创始人张峻彬被问得最多的问题是，云鲸的产品和追觅、石头、科沃斯有什么区别。当每天被问几十次的时候，他认定，「这是我最不想回答的一个问题

云鲸张峻彬的野心终于藏不住了。

In this Help Net Security interview, Vineet Chaku, President of Reaktr.ai, discusses how AI is transforming cybersecurity, particularly in anomaly detection and threat identification. Chaku talks about the skills cybersecurity professionals need to collaborate with AI systems and address the ethical concerns surrounding deployment.

The post The sixth sense of cybersecurity: How AI spots threats before they strike appeared first on Help Net Security.

A vulnerability was found in code-projects Simple Chat System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /add_user.php. The manipulation of the argument name/email/password/number leads to sql injection. This vulnerability is handled as CVE-2024-13039. The attack may be launched remotely. Furthermore, there is an exploit available.

Serv00 注册门槛并不高，所以全民几乎人手一个，更有 s1-15 全程参与的。作者为了演示需要，注册过几个 serv00 账号，除当期演示外一直闲置，弃之可惜、食之无味。对于同样持有吃灰 serv

Serv00 注册门槛并不高，所以全民几乎人手一个，更有 s1-15 全程参与的。作者为了演示需要，注册过几个 serv00 账号，除当期演示外一直闲置，弃之可惜、食之无味。对于同样持有吃灰 s...

A vulnerability classified as problematic was found in Linux Kernel up to 2.6.11. Affected by this vulnerability is the function sys_epoll_wait. The manipulation leads to memory corruption. This vulnerability is known as CVE-2005-0736. Access to the local network is required for this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OrangeHRM up to 2.6.11. Affected by this issue is some unknown functionality in the library lib/controllers/centralcontroller.php of the file index.php. The manipulation of the argument isAdmin leads to cross site scripting. This vulnerability is handled as CVE-2011-5258. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

纽约州长签署了《The Climate Change Superfund Act》，通过设立由大型石化公司出资的气候超级基金（Climate Superfund），追究污染者对环境所造成破坏的责任。法案分 25 年实施，每年从石油天然气巨头收取 30 亿美元，总共 750 亿美元。以 GDP 计算，纽约州是全球第十大经济体，州参议员 Liz Krueger 称石化行业对全球气候造成的破坏十分严重，到 2050 年纽约州应对气候变化造成的极端天气上的花费将超过 5000 亿美元。代表石化行业的美国石油协会（American Petroleum Institute）谴责了这项法律。石化行业预计会迅速提起诉讼。

纽约州长签署了《The Climate Change Superfund Act》，通过设立由大型石化公司出资的气候超级基金（Climate Superfund），追究污染者对环境所造成破

In the final episode of the S

In the final episode of the Shared Security Podcast for 2024, join us as we recap our predictions for the year, discuss what we got right and wrong, and highlight our top episodes on YouTube. We also extend a heartfelt thank you to our Patreon supporters and special guests. Plus, stay tuned for our predictions […]

The post 2024 Year in Review: What We Got Right and Looking to 2025 appeared first on Shared Security Podcast.

The post 2024 Year in Review: What We Got Right and Looking to 2025 appeared first on Security Boulevard.

reconFTW is an open-source tool that simplifies and automates the reconnaissance process, delivering subdomain enumeration, vulnerability assessment, and gathering intelligence about a target. Using various techniques — such as passive and brute-force methods, permutations, certificate transparency analysis, source code scraping, analytics tracking, and DNS record analysis — reconFTW ensures comprehensive subdomain enumeration. This approach helps you uncover the most relevant and intriguing subdomains, giving you a competitive edge. Beyond enumeration, reconFTW performs vulnerability assessments, identifying … More →

The post reconFTW: Open-source reconnaissance automation appeared first on Help Net Security.

A vulnerability was found in wbce_cms. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2021-3817. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendance_report of the file /admin/report.php. The manipulation of the argument course_id leads to sql injection. This vulnerability is traded as CVE-2024-13037. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in CodeAstro Simple Loan Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. This vulnerability is known as CVE-2024-13038. The attack can be launched remotely. Furthermore, there is an exploit available.