Aggregator

AI 只能完成高等数学新测试问题的不到 2%

Solidot
10 months ago
基于大模型的 AI 系统如 GPT-4 和 Gemini 1.5 Pro 能以九成以上的正确率完成传统数学测试问题。但如果设计出一种全新的、大模型不可能训练过的数学难题呢?包括菲尔兹奖得主陶哲轩和 Timothy Gowers 在内的 60 多名数学家合作编写了数百道原创研究级数学难题,推出了新的高等数学基准测试 FrontierMath。这些问题非常具有挑战性,陶哲轩称需要相关领域研究生级别的专业人士合作才能完成。问题被设计为防猜测,如果没有正确的数学推理能力,它们是不可能解出的。顶级的 AI 系统只能完成不到 2% 的 FrontierMath 问题,显示它们的推理能力有局限性。

Malware Spotlight:  A Deep-Dive Analysis of WezRat

Check Point Research
10 months ago

Key Findings: Introduction On October 30th, the FBI, the US Department of Treasury, and the Israeli National Cybersecurity Directorate (INCD) released a joint Cybersecurity Advisory regarding recent activities of the Iranian cyber group Emennet Pasargad. The group recently operated under the name Aria Sepehr Ayandehsazan (ASA) and is affiliated with the Iranian Islamic Revolutionary Guard Corps (IRGC). […]

The post Malware Spotlight:  A Deep-Dive Analysis of WezRat appeared first on Check Point Research.

[email protected]

CVE-2024-11207 | Apereo CAS 6.6 /login redirect_uri

Vuldb Updates
10 months ago
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. This vulnerability is known as CVE-2024-11207. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-11209 | Apereo CAS 6.6 2FA /login?service improper authentication

Vuldb Updates
10 months ago
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-11209. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-7730 | QEMU virtio-snd Device virtio_snd_pcm_in_cb heap-based overflow (Nessus ID 210736)

Vuldb Updates
10 months ago
A vulnerability was found in QEMU. It has been declared as critical. Affected by this vulnerability is the function virtio_snd_pcm_in_cb of the component virtio-snd Device. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-7730. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

NIST is chipping away at NVD backlog

Help Net Security
10 months ago

The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the NVD The National Vulnerability Database is a public repository of vulnerabilities that have been published on MITRE’s CVE List. “NVD staff are tasked with enrichment of CVEs by aggregating data points from the description, references … More →

The post NIST is chipping away at NVD backlog appeared first on Help Net Security.

Zeljka Zorz

Managed ad