Aggregator

Author/Presenter: Josh Corman, Aanne Isam

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – IATC – Time Is Up. You Have Three Years, 3 Months, 3 Weeks, To Protect Your Stuff. What Do You Do? appeared first on Security Boulevard.

The U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via 'romance baiting' scams. [...]

天文学家首度确认海王星上存在极光现象，由 NASA 韦伯太空望远镜所发现，补上了太阳系四颗巨行星极光观测的最后一块拼图。这也是我们首次直接捕捉到这颗最远行星的极光辉光与光谱特征。海王星位于太阳系边缘，距离太阳约45亿公里，是一颗冰冷巨行星。自 1989 年航海家二号飞掠海王星后，这颗遥远行星便再无太空船造访。如今韦伯太空望远镜首度捕捉到海王星上明亮的极光活动。这项突破得益于韦伯望远镜优异的近红外灵敏度，不仅能拍下极光发出的辉光，还能透过光谱清楚辨识代表极光活动的重要指标：三氢阳离子（H₃⁺）。这种离子也曾在木星、土星与天王星的极光中被侦测到，被视为气体行星极光的重要证据。与地球或木星不同，海王星的极光并不集中于南北极，而是分布在行星的中纬度地区。这是因为海王星具有异常倾斜的磁场结构，其磁轴与自转轴倾斜达 47 度，这一特征最早由航海家二号所发现。

微软 Windows 官方博客宣布了 Windows 11 最新预览版本 Build 26200.5516，主要变化包括改进 AMD 和英特尔 Copilot+ PC 的本地语义搜索等等，其中一项值得注意变化是“从该版本中删除了bypassnro.cmd 脚本以增强 Windows 11 的安全性和用户体验。此更改确保所有用户在退出设置时都有网络连接和 Microsoft Account。”这一变化意味着未来的 Windows 版本将必须要有网络连接和 Microsoft Account 账号才能安装。

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.5. This affects the function iso_listen_bis of the component Bluetooth. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2024-57879. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.63/6.12.3. It has been classified as critical. Affected is an unknown function of the file mtk_jpeg_core.c of the component mtk-jpeg. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-56577. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.6. Affected by this vulnerability is the function nsim_pp_hold_write of the component netdevsim. The manipulation of the argument return leads to unchecked return value. This vulnerability is known as CVE-2024-56713. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.6. Affected is the function copy_user_gigantic_page. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-51729. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.3. This affects the function kunit_init_suite. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56772. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.67/6.12.6. It has been declared as critical. Affected by this vulnerability is the function get_net_track of the component SMB Client. The manipulation leads to use after free. This vulnerability is known as CVE-2024-54680. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.7. It has been declared as critical. Affected by this vulnerability is the function rk_hdptx_phy_runtime_resume of the component samsung-hdptx. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-57799. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been classified as critical. This affects the function ieee80211_purge_tx_queue of the file net/mac80211/main.c. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2024-56609. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been declared as problematic. This vulnerability affects the function hsr_init_skb of the file net/core/skbuff.c of the component net. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-56639. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.7 and classified as problematic. This issue affects the function btrfs_quota_enable of the file fs/btrfs/qgroup.c. The manipulation leads to reachable assertion. The identification of this vulnerability is CVE-2024-57806. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.8. Affected is the function damon_commit_targets. The manipulation leads to memory leak. This vulnerability is traded as CVE-2024-57886. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.69/6.12.8 and classified as problematic. Affected by this issue is the function in_atomic. The manipulation leads to insufficient verification of data authenticity. This vulnerability is handled as CVE-2024-57885. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.