Aggregator

2 weeks 4 days ago

A vulnerability was found in Kofax Power PDF. It has been rated as critical. This issue affects some unknown processing of the component JP2 File Parser. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-5513. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-10394 | OpenAFS PAG up to 1.6.24/1.8.12.2/1.9.1 integer overflow (Nessus ID 213984)

2 weeks 4 days ago

A vulnerability was found in OpenAFS PAG up to 1.6.24/1.8.12.2/1.9.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2024-10394. An attack has to be approached locally. There is no exploit available.

vuldb.com

CVE-2024-8185 | HashiCorp Vault/Vault Enterprise up to 1.18.0 API Endpoint failing open (Nessus ID 210710)

2 weeks 4 days ago

A vulnerability classified as critical has been found in HashiCorp Vault and Vault Enterprise up to 1.18.0. Affected is an unknown function of the component API Endpoint. The manipulation leads to not failing securely. This vulnerability is traded as CVE-2024-8185. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-20504 | Cisco Secure Email Web-based Management Interface cross site scripting (cisco-sa-esa-wsa-sma-xss-zYm3f49n / Nessus ID 210599)

Penetration Testing Tools - Metepreter.org

2 weeks 4 days ago

A vulnerability was found in Cisco Secure Email, Secure Email and Web Manager and Secure Web Appliance. It has been declared as problematic. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2024-20504. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Sophisticated Kimsuky Campaign: New Malware Bypasses Windows Defender

2 weeks 4 days ago

The Kimsuky group has once again found itself at the center of attention following a campaign that deftly combined social engineering tactics with sophisticated techniques for bypassing Windows security mechanisms. Their targets included South...

The post Sophisticated Kimsuky Campaign: New Malware Bypasses Windows Defender appeared first on Penetration Testing Tools.

ddos

日程确定！2025 Let's GoSSIP 暑期学校火热报名中！

安全研究GoSSIP

2 weeks 4 days ago

2025 Let's GoSSIP 暑期学校日程已定，快来报名！

Looking for Real Ones: Where Can I Learn Real-World Hacking from the Ground Up (Not Just Theory)?

2 weeks 4 days ago

作者致力于深入学习黑客技术，从编程与网络基础到高级渗透测试与数字隐匿，结合AI与安全哲学构建自研框架。寻求资源建议与合作机会以实现目标。

全周期防护，威努特给农业大数据上“保险”

威努特工控安全

2 weeks 4 days ago

智慧农业要快跑，数据安全先筑牢！

全周期防护，威努特给农业大数据上“保险”

2 weeks 4 days ago

当前环境异常，需完成验证后方可继续访问。

科技爱好者周刊（第 360 期）：Dan Wang 的新书

2 weeks 4 days ago

本文是一份周刊类文章，记录每周值得分享的科技内容，并于每周五发布。内容涵盖科技新闻、工具资源、AI动态及观点分享等。其中包括Dan Wang的新书《冲：中国对未来的探索》，对比中美两国在工程与法律社会模式上的差异；冷冻胚胎诞生时间最久世界纪录；南非为犀牛角植入放射性物质防止偷猎；开源工具如Tinyauth、Hyprnote等；以及关于AI验证不对称性及编程教育的观点讨论。

史上最大规模GreedyBear攻击：650种黑客工具窃取百万美元资产

Penetration Testing Tools - Metepreter.org

2 weeks 4 days ago

代号GreedyBear的网络犯罪组织近期通过650多种恶意工具窃取超百万美元加密货币。该组织采用工业化攻击模式，结合AI技术生成多样化载荷，并利用"扩展程序空心化"技术规避安全审查。其武器化扩展程序精确模仿主流钱包界面，截获用户凭据并传输至远程服务器。

TeamFiltration: enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

2 weeks 4 days ago

TeamFiltration TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the Example Attack flow at the bottom of this readme for a general introduction into how TeamFiltration works! This tool has...

The post TeamFiltration: enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts appeared first on Penetration Testing Tools.

ddos

Lynx

Dark Feed IO

2 weeks 4 days ago

You must login to view this content

cohenido

UnitedHealth Group's Latest Health Data Breach Woes

2 weeks 4 days ago

Lawmakers Demand Answers From UHG Amid New Breach and Growing Fallout
When you've been the victim of the largest health data breach in U.S. history, and you've been under intense public and regulatory scrutiny for months, the last thing you want to do is to report another major breach less than a year after the last one. But that just happened to UnitedHealth Group.

Nvidia Pushes Back on Chinese 'Kill-Switch' Claims

2 weeks 4 days ago

Chipmaker Argues Against Growing Interest in US to Require New Security Measures
Artificial intelligence chip-making powerhouse Nvidia is rejecting claims from China’s top cyber agency that its H20 chips include location tracking and kill-switch features - while warning U.S. lawmakers against requiring those capabilities in future chip designs.

Breach Roundup: Chinese Duo Held for Illegal AI Chip Exports

2 weeks 4 days ago

Also: Ukrainian Hackers Find Evidence of Russian Child Abduction
This week, a Chinese duo arrested in Los Angeles for illegal artificial intelligence chip exports back to China, France extradited an accused Nigerian hacker, Ukraine hacked Crimean servers, Florida prison email leak, Tea App clone exposed users’ IDs.

Axis Security Camera Flaws Enable Remote Takeover

2 weeks 4 days ago

4 Bugs Affecting at Least 6,500 Camera Servers Enable Pre-Auth Attacks on Devices
Researchers who uncovered four severe flaws in Axis Communications' video management and camera software say thousands of internet-connected surveillance systems are vulnerable to remote attacks. Attackers can execute arbitrary code without authentication.

联合营销生态下的广告机制设计与实践

美团技术团队

2 weeks 4 days ago

即时零售行业蓬勃发展，在此生态下美团零售广告成为助力零售商家和品牌商扩大生意规模的重要驱动力。文章首先介绍了在全新业务模式“联合营销”场景下，首创的多协同方参竞拍卖机制算法——“集资拍卖”，然后梳理了集资拍卖在美团的技术发展路径和实践，围绕规则化集资拍卖、模型化集资拍卖、整体集资拍卖进行了展开，最后是一些总结，希望能对大家有所帮助或启发。

美团技术团队

联合营销生态下的广告机制设计与实践