Aggregator

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Mobile and Snapdragon Wearables and classified as critical. Affected by this issue is some unknown functionality of the component OTA. The manipulation leads to buffer over-read. This vulnerability is handled as CVE-2024-23358. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables and classified as critical. Affected by this vulnerability is an unknown functionality of the component FM HCI Command Handler. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-33052. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Auto, Snapdragon Mobile and Snapdragon Wearables. Affected is an unknown function of the component MinkSocket Listener Thread Handler. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-23365. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables. This issue affects some unknown processing of the component Tracking Area Update Message Handler. The manipulation leads to buffer over-read. The identification of this vulnerability is CVE-2024-23359. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

【学术报告】LLM Security and Safety: Taxonomy, Current, and Future

A vulnerability classified as critical was found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MC, Snapdragon Mobile, Snapdragon Technology, Snapdragon WBC, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. This vulnerability affects unknown code of the component Beacon Frame Handler. The manipulation leads to buffer over-read. This vulnerability was named CVE-2024-23364. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple macOS up to 10.12.4. Affected is an unknown function of the component SQLite. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-6983. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

山河远阔，烟火人间，又一年，千里婵娟，挖娃带着中秋活动，让盒子白帽俱欢颜。

Interesting vulnerability:

…a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all...

The post SQL Injection Attack on Airport Security appeared first on Security Boulevard.

A vulnerability classified as critical was found in GuitarTuna Guitar Tuner Free - GuitarTuna 2.4.5. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5821. Access to the local network is required for this attack to succeed. There is no exploit available.

Ведомство ответило на главный вопрос - как повлияла атака на образование в стране.

「洞见未来 共筑安全」白帽交流活动及 BSRC 极客之夜在成都和大家见面～

For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES California-based Patelco Credit Union has confirmed a data breach following a ransomware attack resulted in the exposure of sensitive personal information belongs to 726K clients and employees. The compromised data includes names, […]

The post 2nd September – Threat Intelligence Report appeared first on Check Point Research.

·政策 自由贸易试验区数据出境负面清单管理办法、负面清单（2024版） ·报告 《中国网络安全市场十大创新方向》 ·标准 《网络安全技术 安全技术 网络安全 第7部分：网络虚拟化安全》征求意见稿 《数据安全技术 二手电子产品信息清除技术要求》 《网络安全技术　网络安全试验平台　体系架构》 《网络安全技术 网络空间安全图谱要素表示要求》

安全419将带来2024 CCS独家报道，敬请期待！

2024羊城杯wp-AI AK篇

A vulnerability has been found in Oracle Communications Diameter Signaling Router up to 8.5.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component API Gateway. The manipulation leads to information disclosure. This vulnerability is known as CVE-2021-34429. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

数据备份的国产化替代如何安全又高效？

A vulnerability classified as critical was found in Zoho WebNMS Framework 5.2/5.2 SP1. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument UserName leads to improper input validation. This vulnerability is known as CVE-2016-6603. The attack can be launched remotely. Furthermore, there is an exploit available.

Google раскрыла шпионаж в правительственных сетях с хитрым способом заражения.