Aggregator

One of these flaws detected using LLMs was in the widely used OpenSSL library

Genisten van de Koninklijke Landmacht kunnen sinds gisteren een beroep doen op de nieuwe wegenmattenlegger. De militaire bouwvakkers kunnen deze gebruiken om een onverhard oppervlak tijdelijk te verharden. Denk bijvoorbeeld aan drassige bodems en oevers. Het nieuwe systeem is gisteren in Vught overgedragen.

Halo Security, a leader in external attack surface management and penetration testing, has announced the launch of its new Slack® app, empowering cybersecurity teams to receive real-time alerts on newly discovered assets, vulnerabilities, and other essential security updates directly within the Slack collaboration software. This new integration allows Halo Security’s customers to seamlessly incorporate important […]

The post Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

在数字互动维持社交纽带的时代，印度研究人员提出了如何用最少的精力去维持数字友谊的方法：对朋友发送的各种梗回复“Haha So True!”。研究报告发表在《Journal of Astrological Big Data Ecology》期刊上。研究人员对 150 名参与者进行了三盲随机实验，测量了 Haha So True! 回复的效果，并对比了类似 OMG LMAO 或 LOL, I just snorted coffee 不同回复的效果差异。结果显示，Haha So True! 相比字数更多更努力的回复，在让朋友满意、减轻罪恶感和投射“我在乎……就够了”氛围上效果相差无几。

A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. [...]

A vulnerability was found in Apple Mac OS X up to 10.10. It has been rated as problematic. This issue affects some unknown processing of the component IOGraphics. The manipulation leads to information disclosure (Kernel Memory). The identification of this vulnerability is CVE-2015-5865. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple Mac OS X up to 10.10. Affected is an unknown function of the component IOHIDFamily. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2015-5866. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Mac OS X up to 10.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component IOGraphics. The manipulation leads to memory corruption. This vulnerability is known as CVE-2015-5890. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple Mac OS X up to 10.10. Affected by this issue is some unknown functionality of the component IOGraphics. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2015-5871. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple Mac OS X up to 10.10. This affects an unknown part of the component IOGraphics. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2015-5872. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Mac OS X up to 10.10 and classified as problematic. This vulnerability affects unknown code of the component IOGraphics. The manipulation leads to memory corruption. This vulnerability was named CVE-2015-5873. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

苹果公司19日发布安全更新，修复了两个被用于攻击Mac用户的安全漏洞，并建议所有用户安装。 苹果在官网发布的安全公告中表示，发现了两个漏洞（CVE-2024-44308、CVE-2024-44309），可能在基于英特尔处理器的Mac系统上“被积极利用”。这类漏洞属于零日漏洞，因为在漏洞被攻击者利用时，苹果尚未意识到它们的存在。 为修复这两个漏洞，苹果发布了一系列软件更新，包括macOS、iOS和iPadOS。 目前尚不清楚针对Mac用户的攻击是由谁发起，也不清楚有多少用户成为目标，或者是否有用户设备已经被成功攻破。这些漏洞由谷歌威胁分析小组报告，该小组专注于调查政府支持的黑客行为和网络攻击。这表明，此次攻击可能涉及某个政府背景的行为者。而政府支持的网络攻击有时会使用商业间谍软件针对目标设备展开行动。 苹果在公告中表示，这些漏洞与WebKit和JavaScriptCore有关。WebKit是Safari浏览器运行网络内容的核心引擎，同时也是恶意攻击者的常见目标。攻击者通常通过利用WebKit引擎中的漏洞，侵入设备的软件系统，进而窃取用户的隐私数据。 安全公告进一步指出，这些漏洞可通过诱使易受攻击的苹果设备处理恶意构造的网络内容（如伪造的网站或电子邮件），触发任意代码执行，从而在目标设备上植入恶意软件。 苹果建议用户尽快更新其iPhone、iPad和Mac设备，以降低安全风险。 苹果生态已成零日攻击高发地带 加上这两个漏洞，苹果在2024年已累计修复了六个零日漏洞。今年的首次修复发生在1月，随后在3月修复了两个漏洞，5月修复了第四个漏洞。 相比2023年修复的20个遭在野利用的零日漏洞，今年的情况有了显著改善。 以下是2023年苹果修复零日漏洞的时间表： 11月修复的两个零日漏洞（CVE-2023-42916和CVE-2023-42917） 10月修复的两个零日漏洞（CVE-2023-42824和CVE-2023-5217） 9月修复的五个零日漏洞（CVE-2023-41061、CVE-2023-41064、CVE-2023-41991、CVE-2023-41992和CVE-2023-41993） 7月修复的两个零日漏洞（CVE-2023-37450和CVE-2023-38606） 6月修复的三个零日漏洞（CVE-2023-32434、CVE-2023-32435和CVE-2023-32439） 5月修复的三个零日漏洞（CVE-2023-32409、CVE-2023-28204和CVE-2023-32373） 4月修复的两个零日漏洞（CVE-2023-28206和CVE-2023-28205） 2月修复的另一个WebKit零日漏洞（CVE-2023-23529）。       转自安全内参，原文链接：https://www.secrss.com/articles/72598 封面来源于网络，如有侵权请联系删除

A vulnerability, which was classified as problematic, was found in mra13 Simple Membership Plugin up to 4.5.5 on WordPress. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-11088. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in cayenne Anonymous Restricted Content Plugin up to 1.6.5 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-11089. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Automatic Bug Reporting Tool. It has been rated as problematic. This issue affects some unknown processing of the file /var/tmp/abrt/*/maps. The manipulation leads to link following. The identification of this vulnerability is CVE-2015-3315. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The U.S. Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. The U.S. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944, 0ktapus) with conspiracy to commit wire fraud. “Law enforcement today unsealed criminal charges against five defendants who allegedly targeted employees of […]

An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front companies US authorities have been warning about North Korean IT workers’ tactics to bypass sanctions for a number of years, and have repeatedly seized website domains that looked like they belong to legitimate IT services … More →

The post Active network of North Korean IT front companies exposed appeared first on Help Net Security.