Aggregator

古尔曼：苹果公司正在打造 ChatGPT 竞品；马斯克宣布推出文本转视频 AI 工具；大疆回应首款全景相机镜头起雾。

The GreyNoise team has uncovered a disquieting pattern: in 80% of cases, anomalous spikes in suspicious internet activity occur prior to the official disclosure of new vulnerabilities (CVEs). These are not coincidences or random...

The post The Six-Week Window: New Report Finds 80% of Cyberattacks Begin Before CVE Disclosure appeared first on Penetration Testing Tools.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.9/6.13-rc6. This affects the function tcpci_irq. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-57914. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. This issue affects the function generic_handle_irq of the component GPIO IRQ Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-57916. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. It has been classified as problematic. Affected is an unknown function of the component u_serial. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-57915. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. It has been rated as critical. Affected by this issue is the function usb_ffs_open_thread. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-57913. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6 and classified as problematic. Affected by this issue is the function iio_simply_dummy_buffer. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-57911. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-57912. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

当前环境出现异常，需完成验证后才能继续访问。

提示当前环境异常，需完成验证后方可继续访问。

当前环境异常，请完成验证后继续访问。

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. Affected by this issue is the function regmap_read. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-57910. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.9/6.13-rc6. Affected by this vulnerability is the function iio_for_each_active_channel. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-57909. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. Affected is the function iio_for_each_active_channel. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-57908. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

TripleCross TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON...

The post TripleCross: Linux eBPF rootkit appeared first on Penetration Testing Tools.

Threat actors operating under the name ShinyHunters have orchestrated a series of cyberattacks targeting major corporations, including Qantas, Allianz Life, LVMH, and Adidas. Each incident centers around attempts to infiltrate client Salesforce environments through...

The post The ShinyHunters Salesforce Attack: Vishing & OAuth Abuse Blamed for Qantas, Allianz, LVMH Breaches appeared first on Penetration Testing Tools.

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. It has been declared as problematic. This vulnerability affects the function iio_for_each_active_channel. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-57906. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.