Aggregator

Кто стоит за очередной крупной кражей криптовалюты?

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

久違的筆記，想寫很久了但一直拖延，像是 CTF 這種東西的 writeup 其實速度滿重要的，因為賽後討論大部分都在 Discord 裡面發生，時間久了訊息比較難找，而且很有可能忘記，要趕快寫成 writeup 才能把那些實用的資訊記錄下來。

這篇一次帶來三個 CTF 的 writeup，有些我沒有打，只是純粹看著別人的筆記重新記一遍而已。

關鍵字列表：

1. bfcache
2. response splitting
3. Service-Worker-Allowed
4. gunicorn script_name
5. socket.io disconnect
6. socket.io JSONP CSP bypass
7. performance API
8. streaming HTML parsing
9. content-type ISO-2022-JP

The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training

A vulnerability classified as problematic was found in Acronis Cyber Protect Cloud Agent 36943/37758/38235 on Windows/macOS. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to execution with unnecessary privileges. This vulnerability is known as CVE-2024-8903. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Microsoft Windows 10/Server 2016. Affected is an unknown function of the component Kernel Memory Address Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2016-7258. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

这家公司希望成为为机器人热卖铲子的公司。

A vulnerability classified as critical has been found in Xiaomi Router AX9000 1.0.173. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-45348. It is possible to launch the attack remotely. There is no exploit available.

Bitdefender has unveiled Bitdefender GravityZone Proactive Hardening and Attack Surface Reduction (PHASR), a technology that transforms how defense-in-depth-security is applied and managed across businesses. GravityZone PHASR analyzes individual user behavior such as application use, resource privileges, and others, clustering users into groups with similar patterns. This approach ensures security policies and controls are mapped precisely to user intended privileges and behaviors, dynamically adjusting as the attack surface evolves. Security teams struggle to keep pace as … More →

The post Bitdefender debuts GravityZone PHASR, enhancing security through user behavior analysis appeared first on Help Net Security.

A recent discovery has highlighted significant security risks within the widely used Expat XML parsing C library. Security researcher Shang-Hung Wan identified three critical Expat vulnerabilities that could potentially lead to denial-of-service attacks or the execution of arbitrary code. These vulnerabilities are identified in versions of libexpat before 2.6.3 and have the severity score of […]

The post Critical Expat Vulnerabilities Fixed: Urgent Update Required appeared first on TuxCare.

The post Critical Expat Vulnerabilities Fixed: Urgent Update Required appeared first on Security Boulevard.

节约 CPU 40w core！本文主要介绍字节跳动在治理大规模微服务中的技术思考、解决方案和应用实践。

你可能错过的新鲜事高通接触英特尔探讨收购意向据《华尔街日报》报道，高通近期接洽英特尔，提议收购。若交易达成，将成为近年来规模最大、影响最深远的科技行业并购案，价值也可能创下历史新高。英特尔曾是全球

A vulnerability was found in Manga Facts 1. It has been declared as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6952. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in OneFile OneFile Ignite 1.19. It has been classified as critical. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-6951. The attack can only be done within the local network. There is no exploit available.

Что выбирает правительство - TLS-рукопожатие или удушающий захват?

A vulnerability, which was classified as critical, has been found in Lynx Internet Solutions Evolve Merchant. This issue affects some unknown processing of the file products.asp. The manipulation of the argument partno leads to sql injection. The identification of this vulnerability is CVE-2006-6207. The attack may be initiated remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment.

Adobe Animate越界读取漏洞（CNVD-2024-38541）

2024年09月16日-2023年09月22日 本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。

A vulnerability, which was classified as critical, has been found in Qt-cute QuickTicket 1.2. Affected by this issue is some unknown functionality of the file qti_checkname.php. The manipulation of the argument lang leads to path traversal. This vulnerability is handled as CVE-2007-3547. The attack may be launched remotely. Furthermore, there is an exploit available.