Aggregator

A vulnerability classified as critical was found in Mostafa Shemeas 1. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6858. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Apple watchOS up to 3.1.2. Affected is an unknown function of the component CoreMedia Playback. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2016-7588. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Authors/Presenters:Peixuan Gao, Anthony Dalleggio, Jiajin Liu, Chen Peng, Yang Xu, H. Jonathan Chao

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Sifter: An Inversion-Free and Large-Capacity Programmable Packet Scheduler appeared first on Security Boulevard.

Critical Security Vulnerabilities (CVE-2024-38856 and CVE-2024-45195) in Apache OFBiz Expose Enterprise Systems to Potential Data Breaches and Disruption of Critical Business Functions Affected Platform  Apache OFBiz is an open-source framework designed for enterprise resource planning (ERP). It supports a range of web applications necessary for various business functions, including human resources, accounting, inventory management, customer...

The post CVE-2024-38856 and CVE-2024-45195 – Apache OFBiz Security Vulnerabilities – August 2024 appeared first on TrueFort.

The post CVE-2024-38856 and CVE-2024-45195 – Apache OFBiz Security Vulnerabilities – August 2024 appeared first on Security Boulevard.

A vulnerability was found in EDraw Office Viewer Component. It has been rated as very critical. Affected by this issue is some unknown functionality of the file edrawofficeviewer.ocx of the component ActiveX Control. The manipulation of the argument first leads to memory corruption. This vulnerability is handled as CVE-2007-3169. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Once a user's device is infected as part of an ongoing Flax Typhoon APT campaign, the malware connects it to a botnet called Raptor Train, initiating malicious activity.

探展 2024 云栖大会，直击当下大模型的「浪潮之巅」。

AI 发展很快，并且还在加速。

A vulnerability was found in Vizayn Urun Tanitim Sitesi 0.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file default.asp. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2007-2803. The attack can be launched remotely. Furthermore, there is an exploit available.

(Download trurl here)Release presentationAt 08:00 UTC I will do

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2024-9004. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.do of the component Attachment Handler. The manipulation of the argument oid leads to improper access controls. The identification of this vulnerability is CVE-2024-9003. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A US news website recently faced a 1.85 billion request DDoS attack. Learn how DataDome stopped the attack in its tracks, keeping the customer safe.

The post How DataDome Protected a US News Website from a 12-Hour DDoS Attack appeared first on Security Boulevard.

Submit #407023 / VDB-278154

Artificial intelligence (AI) is already embedded deep into the economic and social fabric of the world. It does everything from operating website chatbots to authenticating users with their bank. It keeps planes in the sky and cars on the road. It identifies criminals and reviews mortgage and job applications. But as it becomes more important to our daily lives, regulators are getting nervous.

The post The EU AI Act and the Need for Data-Centric Security appeared first on Security Boulevard.

German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. [...]

“Hoe kunnen datawetenschap en kunstmatige intelligentie bijdragen aan moderne oorlogsvoering?" Met die prikkelende vraag begon Roy Lindelauf vandaag zijn oratie Zwaartepunt Data: Datawetenschap en AI in het militaire domein. Lindelauf werd officieel geïnstalleerd als hoogleraar data science en AI op de Nederlandse Defensie Academie (NLDA) in Breda. Hij werkt aan de Faculteit Militaire Wetenschappen (FMW).

Submit #406225 / VDB-278153

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. This vulnerability was named CVE-2024-9001. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Sonatype Nexus Repository up to 3.68.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-4956. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.