Aggregator

确保人工智能安全、可靠、可控，有利于人类文明进步，是人工智能发展必须解决的重要课题。如何加强人工智能治理，有效防范化解人工智能发展带来的各类安全风险，不断提升人工智能安全监管的制度化、法治化水平？

“指尖上的形式主义”是形式主义问题在数字化背景下的变异翻新，是当前基层负担的主要表现之一。近期中央网信办印发了《“指尖上的形式主义”全国整治工作方案》，对持续深化整治“指尖上的形式主义”作出部署。

近日，全国网络安全标准化技术委员会发布《关于2024年44项网络安全国家标准项目立项的通知》。

随着全球数字化进程的加速，越来越多的业务系统转向在线操作，这为勒索软件提供了更多的攻击目标。攻击者通过精心策划的攻击，不仅能够造成巨大的经济损失，还可能对公共服务和社会秩序造成严重影响。

点击文章，了解最前沿的国际网安资讯！

共话网络安全前沿科技，共谋数智赋能发展路径。

传递乙方价值，解决甲方需求，共筑安全生态。

我实验室4篇论文被网安顶会NDSS 2025接收

Миссия выходит на финальный этап, приближаясь к Солнцу.

A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id with the input 1%27%20union%20select%20group_concat(table_name),database(),3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20information_schema.tables%20where%20table_schema=database()--+ as part of String leads to sql injection. This vulnerability is traded as CVE-2024-10810. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The identification of this vulnerability is CVE-2024-10809. The attack may be initiated remotely. Furthermore, there is an exploit available. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that the parameter "message" is affected as well.

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-10808. The attack can be initiated remotely. Furthermore, there is an exploit available.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Disposal’ appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in Magisk App. This affects the function install of the file ProviderInstaller.java. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-48336. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Submit #437018 / VDB-283038

Submit #436759 / VDB-283037