Aggregator

A vulnerability was found in EleForms Plugin up to 2.9.9.9 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-6628. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Exclusive Divi Plugin up to 1.4 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9386. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in WP Video Robot Plugin up to 1.20.0 on WordPress. Affected is an unknown function of the component User Meta Update Handler. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2024-9192. It is possible to launch the attack remotely. There is no exploit available.

Программа в реальном времени создает игру, где реальность ускользает из-под ног.

A vulnerability, which was classified as problematic, has been found in ConvertCalculator Plugin up to 1.1.1 on WordPress. This issue affects some unknown processing. The manipulation of the argument id/type leads to cross site scripting. The identification of this vulnerability is CVE-2024-10015. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in PeproDev WooCommerce Receipt Uploader Plugin up to 2.6.9 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8873. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP Log Viewer Plugin up to 1.2.1 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-11085. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PDF Generator Addon for Elementor Page Builder Plugin up to 1.7.5 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-9935. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Drop Shadow Boxes Plugin up to 1.7.14 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is known as CVE-2024-10262. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Uix Slideshow Plugin up to 1.6.5 on WordPress. It has been classified as critical. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-9839. It is possible to launch the attack remotely. There is no exploit available.

Gundaz Aghayev 写道：俄罗斯 Yandex 公司的搜索引擎一直以来给中国也提供未经审查的搜索结果，很久没有被封锁，原因可能是其中国用户太少。今年七月，Yandex 对中国 IP 锁定最高“安全搜索”级别，阻止了露骨的色情图片和视频的搜索。如今看起来 Yandex 无意为中国推出特供版，它现在对中国简单地移除了搜索图片和视频的选项，它们在首页原本的位置被其他 2 个服务代替。访问旧的图片搜索页面则显示“We will be back soon.”。这已经持续了几天。截至目前，网页搜索仍然没有任何额外审查。

Authors/Presenters: General Paul M. Nakasone

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Spies And Bytes: Victory In The Digital Age appeared first on Security Boulevard.

LedgerHQ软件供应链安全事件 by ourren

TLS在审查规避中的使用 by ourren

更多最新文章，请访问SecWiki

Судебный департамент при Верховном суде создаст отдел информационной безопасности.

最近TG、论坛有些用户诈骗行为非常猖狂，表现为： 看到交易贴就私聊用户telegram，通过大量私聊欺骗不小心的用户 不断变换自己的telegram用户名 骗不到就立马换下一个目标，似乎有大量...

A&O IT Group Has Been Claimed a Victim to HUNTERS INTERNATIONAL Ransomware

一项全球调查显示，高管们对 AI 仍然十分热衷，但办公室员工对其热情在逐渐降温，全世界对 AI 的热情下降了 6 个百分点。2023 年 9 月到 2024 年 3 月，全球 AI 普及率从 20% 增长到 32%，但过去三个月普及率开始停滞，法国仅增长了两个百分点，从 31% 增加到 33%；美国仅增长了一个百分点，从 32% 增加到 33%。AI 热呈现明显的上热下冷：99% 的高管表示将投资 AI，97% 的高管表示迫切需要将 AI 整合到业务中；48% 的办公室员工不愿意向经理承认使用 AI 完成常见的工作，他们担心这会被视为作弊或能力不足或懒惰；员工希望 AI 能让他们专注于更有意义的事情，但怀疑 AI 会导致他们更忙碌，工作量增加；61% 的办公室员工总共花了不到 5 个小时学习如何使用 AI。

The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation

OpenAI 在 9 月完成了内部代号 Orion 的新大模型的初步训练，该公司希望新模型能大幅超越旧版本。但内部人士透露训练结果并未达到预期，性能与现有模型相差不大。OpenAI 不是唯一一家遭遇瓶颈的公司。Google 的 Gemini 模型新版本也未达到预期。Anthropic 推迟了其大模型 Claude 3.5 Opus 的发布。三家业内最领先的 AI 公司面临着重重挑战，它们越来越难以找到新的高质量、人造数据源。知情人士表示，Orion 编程性能不佳的一个重要原因缺乏足够的编程数据进行训练。这些问题对科技行业的 AI 信念发出了挑战。科技公司相信更多的算力和数据，以及更大的模型将为 AI 能力的巨大飞跃铺平道路。AI 初创公司 Hugging Face 的首席伦理科学家 Margaret Mitchell 认为，AI 泡沫在逐渐破灭，可能需要不同的训练方法才能让 AI 模型在不同任务上良好工作。

A Threat Actor is Allegedly Selling KFC Chicken of KFC Indonesia