Aggregator

A vulnerability was found in Online Piggery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add-pig.php of the component POST Request Handler. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2023-37629. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

主站 分类 漏洞 工具 极客

This post first appeared on blog.netwrix.com and was written by Jonathan Blackwell.
Introduction to Microsoft Active Directory Overview of AD Microsoft Active Directory is a directory service for Windows domain networks. Active Directory serves as a centralized database which stores information about network resources, including users, computers, and services. It plays a significant role in network management and security, providing a framework for user authentication, authorization, resource … Continued

A Threat Actor is Claiming to Sell VPN Access to an Unidentified Thailand Bank

少数派 x 两颗皮蛋 | 更多新趋势，更有新精彩：第九届移动应用创新赛落幕 上周日，2024 年度移动应用创新赛在浙江杭州圆满落幕。这是移动应用创新赛举办的第九年，九届赛事的成功举办也像是 Appl

A vulnerability, which was classified as critical, was found in Apple iOS up to 9.0. This affects an unknown part of the component IOAcceleratorFamily. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2015-6996. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Mac OS X up to 10.11.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ImageIO. The manipulation as part of Image Metadata leads to memory corruption. This vulnerability is known as CVE-2015-5939. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.11.0 and classified as very critical. Affected by this issue is some unknown functionality of the component IOAcceleratorFamily. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2015-6996. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple iOS up to 9.0. Affected by this issue is some unknown functionality of the component ImageIO. The manipulation as part of Image Metadata leads to memory corruption. This vulnerability is handled as CVE-2015-5939. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple Mac OS X up to 10.11.0. Affected is an unknown function of the component ImageIO. The manipulation as part of Image Metadata leads to memory corruption. This vulnerability is traded as CVE-2015-5937. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

近日，印度竞争委员会已对社交媒体巨头 Meta 处以超过 2500 万美元的罚款，原因系该公司强迫 WhatsApp 用户同意与其他 Meta 平台全面共享数据。 该委员会指责WhatsApp 于2021 年 1 月更新的服务条款协议，该条款告知用户，他们的数据将与Meta的其他平台共享，以提升产品安全性、完整性并改善产品使用及广告推送体验。但用户面临的只有两种选择，要么接受，要么拒绝并无法使用应用。 对此，委员会表示，这一条款违反了印度2002年发布的“竞争法”当中的相关法规，是一种不公平竞争行为。此外，委员会还发现Meta 滥用其在消息应用和在线显示广告市场的主导地位，强迫 WhatsApp 现有用户同意其新的数据共享规则。 委员会最终裁定对Meta处以 21.314 亿卢比（约合2500万美元）的罚款，同时规定Meta在未来五年不得出于广告目的与其他 Meta 平台共享用户数据。出于其他目的收集数据，平台必须向用户详细说明此类数据共享的目的、与其他 Meta 平台共享的数据量，并将每种类型的数据与其相应的目的相关联。 委员会还明确表示，Meta必须让印度用户能够自由选择数据共享处理方式，有权拒绝并能随时修改相关选择。 Meta计划对这一裁决提起上述，称2021年1月的条款对用户来说完全是可选的。“2021 年的更新并没有改变人们个人信息隐私，而是作为当时用户的选择。此次更新是为了在 WhatsApp 上引入可选的业务功能，并进一步提高了我们如何收集和使用数据的透明度 ，”Meta表示。 对于涉及用户的不适当条款，Meta在欧盟已多次受罚。2021年，爱尔兰数据保护委员会对Meta处以 2.25 亿欧元的罚款，原因是该平台使用“强制同意”策略来处理用户数据，而没有为用户提供简单透明的方式选择是否要共享相关数据。 而就在刚过去不久的11月14日，欧盟委员会决定对Meta处以7.9772 亿欧元（约合 8.41 亿美元）的罚款，原因涉及在未事先获得用户是否同意的情况下，将在线分类广告服务 Facebook Marketplace 与个人社交网络Facebook集成。     转自Freebuf，原文链接：https://www.freebuf.com/news/415712.html 封面来源于网络，如有侵权请联系删除

A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online with the name name Altam Beezley, gained access to files containing confidential testimony from a woman who claims she had […]

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sp

随着Zero Day Quest黑客活动的启动，微软正在加强其漏洞悬赏计划。该活动的潜在奖励高达 400 万美元，主要用于推动云计算和人工智能等关键领域的研究。 活动重点 该活动邀请安全研究人员发现并报告微软人工智能和云赏金计划中具有重大影响的漏洞： AI、Microsoft Azure、Microsoft Identity、M365、Microsoft Dynamics 365 和 Power Platform。 “为了促进人工智能安全，我们将提供双倍的人工智能赏金奖励。我们还将为研究人员提供直接接触微软人工智能工程师（专注于开发安全的人工智能解决方案）和我们的人工智能红队（AI Red Team）的机会。微软安全响应中心（MSRC）工程副总裁汤姆-加拉格尔（Tom Gallagher）解释说：“这个机会将使参与者能够利用最先进的工具和技术提高自己的技能，并与微软合作提高整个生态系统的人工智能安全标准–让每个人都更安全。”他还邀请感兴趣的研究人员注册参加微软人工智能红队的培训课程。 一旦漏洞得到修复，我们将鼓励研究人员公开讨论他们的发现。微软表示，它将通过 “常见漏洞与暴露”（CVE）计划透明地分享云服务漏洞，即使这些漏洞不需要客户采取行动。 零日探索挑战 零日探索 “为参与者提供了两个独特的机会： 研究挑战： 这项挑战向所有人开放，邀请世界各地的研究人员通过发现和报告上述解决方案中的漏洞来展示他们的专业知识。研究挑战赛将从太平洋时间 2024 年 11 月 19 日上午 12:00 开始，持续到太平洋时间 2025 年 1 月 19 日晚上 11:59。 现场黑客活动： 这项仅限受邀者参加的活动将于 2025 年在华盛顿州雷德蒙德的微软园区举行，专为在 2024 年 Azure、Dynamics 和 Office 年度排行榜上排名前 10 位的微软研究人员准备。此外，还将根据参加公开研究挑战赛的实力邀请另外45名研究人员。     转自安全客，原文链接：https://www.anquanke.com/post/id/302015 封面来源于网络，如有侵权请联系删除

也不知道美军对我军的战术总结得怎样，他们真的对我军了解吗​？

Тот случай, когда ваш телефон выступает главным инструментом хакеров.

A vulnerability was found in KafooeyBlog 1.55b. It has been classified as critical. This affects an unknown part in the library lib/image_upload.php of the component File Upload. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2008-5732. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.