Aggregator

Submit #420798 / VDB-280758

The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This

A vulnerability has been found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2016-6961. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞91个，影响到Oracle产品的其他厂商漏洞226个。

A vulnerability has been found in PHP-Nuke Sections module and classified as critical. This vulnerability affects unknown code. The manipulation of the argument artid leads to sql injection. This vulnerability was named CVE-2006-3598. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ourgame.com GLWorld 2.6.1.29 and classified as very critical. Affected by this issue is some unknown functionality in the library hangameplugincn18.dll of the component ActiveX Control. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2008-0647. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in X.Org Xserver 1.4 and classified as critical. This vulnerability affects unknown code of the component Error Message Handler. The manipulation of the argument filename leads to information disclosure. This vulnerability was named CVE-2007-5958. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iPhoto 4.0.3. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2008-0830. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Thecus N5200pro Nas Server Control Panel. It has been rated as critical. This issue affects some unknown processing of the file usrgetform.html. The manipulation of the argument name leads to code injection. The identification of this vulnerability is CVE-2008-0804. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in sCssBoard 1.0/1.1/1.11/1.12. This affects an unknown part of the file index.php. The manipulation of the argument inc_function leads to code injection. This vulnerability is uniquely identified as CVE-2008-5577. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a […]

The post New macOS vulnerability, “HM Surf”, could lead to unauthorized data access appeared first on Microsoft Security Blog.

本文将详细阐述英特尔产品所面临的网络安全挑战，并探讨其对中国国家安全和消费者权益的潜在影响。

英特尔和 AMD 对可用于攻击的TDXDown 和 CounterSEVeillance 做出了回应。

有观点称，鱼类养殖是一种可持续的食物来源，能在保护野生鱼类种群的同时，帮助养活全球日益增长的人口，但事实并非如此。研究人员发现，为养殖鱼类而捕杀的野生鱼类数量比先前的估计高出 27% 至 307%。养殖食肉鱼类所需的野生鱼重量远远超过通过养殖获得的重量。例如生产 1 公斤养殖三文鱼可能需要消耗 4 到 5 公斤的野生鱼类。此外，增加食肉鱼类饲料中的植物性产品比例，或者养殖杂食性或草食性鱼类，也会引发一系列新问题。如果本应供人类食用的植物性食物被用于养鱼，那么生产鱼饲料将需要更多的土地和水资源，从而导致诸如森林砍伐等问题。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

《连线》的调查发现，Telegram 上至少有 50 个机器人程序提供了创建深度伪造色情的功能，用户只需点击几下就能创建裸露的照片或视频，部分机器人程序声称能移除照片中的衣服。《连线》发现这 50 个机器人程序的月用户数超过 400 万，其中两个机器人的月活跃用户数都超过 40 万，14 个机器人月活跃用户都超过 10 万。它的调查只涉及英语机器人，可能只占到 Telegram 深度伪造机器人的一小部分。《连线》发现这些机器人程序得到了至少有 25 个相关 Telegram 频道的支持，这些频道共有逾 300 万名成员。在《连线》联系 Telegram 之后，该公司删除了 75 个机器人和频道，但没有对此发表评论。

Nederland en een aantal NAVO-partnerlanden gaan samen zorgen voor betere satellietcommunicatie boven het Arctisch gebied. Daarnaast wordt de volgende stap gezet in de ontwikkeling van een nieuwe generatie rotorvliegtuigen. Dat is besproken tijdens de NATO Defence Minister’s Meeting in Brussel.

Банкротство одной компании стало золотой жилой для энтузиастов.

A vulnerability classified as problematic was found in Adobe Substance3D Sampler up to 4.5. This vulnerability affects unknown code. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-47459. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.