Aggregator

APT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT
A suspected South Asian threat actor targeted a Turkish defense organization, deploying malware via a RAR archive and using alternate data streams to deliver remote access Trojans. The group previously targeted multiple countries including China, India, Pakistan and Bangladesh.

Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps
The integration of Tidelift into Sonar's ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code.

Federal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025
The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack.

Regulators Say NIST's 2035 Deadline for Insecure Encryption Could Be Too Late
Australia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 - five years earlier than the deadline set by National Institute of Standards and Technology in the U.S.

推动煤矿行业向智能化、绿色化方向迈进。

背  景随着信息技术的日新月异，煤矿行业的智能化升级已成为提高生产效率、强化安全管理、促进可持续发展的关键路径。威努特超融合系统旨在助力煤矿企业打造一个以数据中心为核心，辐射各矿区及生产环节的统一云平

你可能错过的新鲜事ChatGPT 向所有用户开放 AI 搜索12 月 17 日，在其为期 12 天的直播发布活动中 OpenAI 宣布，ChatGPT 的 AI 搜索引擎正式向包含免费版用户在内的

A vulnerability classified as critical has been found in Google Android 12/12L/13/14. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-34719. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Google Android 14/15. Affected by this vulnerability is the function setTransactionState of the file SurfaceFlinger.cpp. The manipulation leads to state issue. This vulnerability is known as CVE-2024-40660. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android. It has been classified as problematic. Affected is the function PVRSRVRGXKickTA3DKM of the file rgxta3d.c. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2024-31337. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android. This affects an unknown part. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-34729. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Google Android. This issue affects the function DevmemXIntMapPages of the file devicemem_server.c. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-34747. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in NLnet Labs Unbound up to 1.21.0. This affects an unknown part. The manipulation leads to unchecked input for loop condition. This vulnerability is uniquely identified as CVE-2024-8508. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Android 12/12L/13/14. Affected by this issue is the function handleCreateConferenceComplete of the file ConnectionServiceWrapper.java. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-40656. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Android 14. This affects the function getRegistration of the file RemoteProvisioningService.java. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-40659. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12/12L/13/14. It has been declared as problematic. Affected by this vulnerability is the function addPreferencesForType of the file AccountTypePreferenceLoader.java. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-40657. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Google Android 12/12L/13/14. This vulnerability affects the function getConfig of the file SoftVideoDecoderOMXComponent.cpp. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-40658. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Google Android 12/12L/13/14. This issue affects the function scheme of the file Uri.java. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2024-40662. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.