Aggregator

miyako is Allegedly Selling Root-level Access to a Server Hosting the Firewall of a Large US Bank

A vulnerability was found in gnome libzvt2 1.4.2.19. It has been classified as problematic. Affected is an unknown function of the component Helper. The manipulation leads to authentication bypass by spoofing. This vulnerability is traded as CVE-2005-0023. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability was found in Apple Mac OS X up to 10.11.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component OpenSSL. The manipulation leads to information disclosure. This vulnerability is known as CVE-2016-2107. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

列举一些 2024 年我常用的小东西。

列举一些 2024 年我常用的小东西。手机有俩：- Samsung S24 Ultra。这是今年安卓机里我最喜欢的，用过其他几款比如 Pixel 9 Pro Fold、Nothing 2a 等，各有缺

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Analyzing Malicious Intent in Python Code: A Case Study       DigiEver Fix That IoT Thing!   Botnets Continue to Target Aging D-Link Vulnerabilities   OtterCookie, […]

SECURITY AFFAIRS MALWARE NEWSLETTE

本周举行的混沌计算机俱乐部 38C3 会议披露了大众汽车收集的 80 万电动汽车车主行踪信息暴露在互联网上数个月之久。这些信息保存在亚马逊 AWS 服务中，但安全性很差，信息暴露了车主汽车

本周举行的混沌计算机俱乐部 38C3 会议披露了大众汽车收集的 80 万电动汽车车主行踪信息暴露在互联网上数个月之久。这些信息保存在亚马逊 AWS 服务中，但安全性很差，信息暴露了车主汽车精确的 GPS 位置、电池状态和习惯（用报告者的话是汽车是否曾在妓院前停留都一目了然）。受影响的车主包括了德国政客、企业家、汉堡警方，甚至可能还有情报部门的间谍。软件 bug 是在 2024 年夏天引入的，一位匿名告密者发现了问题，报告给了混沌计算机俱乐部，混沌计算机俱乐部立即报告给了德国政府以及大众旗下的软件开发商 Cariad。Cariad 迅速修复了问题，堵上了对其客户数据未经授权的访问漏洞。

一周情报速览~

一周情报速览~

一周情报速览~

A vulnerability was found in Public Knowledge Project Open Conference Systems up to 2.1.1-1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2011-5195. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Linux Kernel 2.6.16.9. Affected by this vulnerability is the function xfs_ioc_fsgetxattr. The manipulation leads to improper resource management. This vulnerability is known as CVE-2010-3078. Attacking locally is a requirement. There is no exploit available.

A vulnerability classified as critical has been found in VMware Studio 2.0. Affected is an unknown function. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2010-2667. It is possible to launch the attack remotely. There is no exploit available.