Aggregator

A vulnerability, which was classified as critical, was found in SOPlanning up to 1.44. This affects an unknown part of the file /soplanning/www/user_groupes.php of the component Query Handler. The manipulation of the argument by leads to sql injection. This vulnerability is uniquely identified as CVE-2024-9574. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Finding TeamViewer 0days - Part I by ourren

Finding TeamViewer 0days - Part II by ourren

更多最新文章，请访问SecWiki

Новый проект снизит задержку до 1 мс для ключевых сфер.

Get Online Student Safety Alerts & Reporting using Content Filter by ManagedMethods As students spend more time on social media and screens, concerns about the impact on their mental health are growing. According to the American Psychological Association, U.S. teens spend an average of 4.8 hours per day using popular social media apps. Additionally, 60% ...

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on Security Boulevard.

The Indian Securities and Exchange Board (SEBI) recently took a significant step to enhance software security by incorporating software bill of materials (SBOM) mandates under its Cybersecurity and Cyber Resilience Framework (CSCRF).

The post Simplifying SBOM compliance with Sonatype under India’s cybersecurity framework appeared first on Security Boulevard.

GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found

微软宣布，开发 Halo 系列的游戏工作室 343 Industries 重命名为 Halo Studios，放弃自家的 Slipspace 引擎，采用 Epic Games 的虚幻引擎 5 开发 Halo 系列的新作。工作室负责人表示，能在游戏行业招聘到更多熟悉虚幻引擎的开发者，不需要对他们培训训练使用私有的引擎。343 Industries 以前需要投入大量员工去维护和开发 Slipspace 引擎，从现在起它将与 Epic Games 合作，确保虚幻引擎能满足 Halo 的需求。

对蜜罐捕获的一个shell样本的简单分析。

随着LLM的广泛应用，其安全性问题也逐渐浮出水面，尤其是越狱注入攻击，已成为不容忽视的安全威胁。

Verizon, AT&T and Lumen's Systems for Lawful Broadband Wiretaps Reportedly Breached
The U.S. government is reportedly probing suspected national security breaches tied to Chinese nation-state hackers infiltrating broadband providers' infrastructure used to comply with court-authorized "lawful intercept" wiretaps of subscribers' networking traffic.

Authors/Presenters:Jason Lei, Vishal Shrivastav

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Seer: Enabling Future-Aware Online Caching in Networked Systems appeared first on Security Boulevard.

The UK NCSC found that there is a lot of confusion between board members and security leaders of who is responsible for cybersecurity within their organizations

Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. [...]

Man pleads guilty to stealing over $37 Million worth of cryptocurrencyA man from Indiana plead

A vulnerability, which was classified as critical, has been found in Linux Workbooth 2.5. Affected by this issue is some unknown functionality of the component Network Configuration Script. The manipulation leads to improper access controls. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-9576. Attacking locally is a requirement. There is no exploit available.