Aggregator
Cisco Talos 发现威胁行为者利用 MacroPack 生成框架传播恶意软件
10 months ago
安全客
PyPI Revival 劫持使数千个应用程序面临风险
10 months ago
安全客
Microchip Technology 确认员工数据被盗
10 months ago
安全客
恶意广告活动针对Lowe's员工构建钓鱼陷阱
10 months ago
安全客
Earth Lusca将其多平台恶意软件KTLVdoor添加到其武器库中
10 months ago
安全客
Veeam修复了Veeam Backup & Replication软件中的一个严重漏洞
10 months ago
安全客
周鸿祎谈360安全大模型:相当于已具备L4级“自动驾驶” 360数字安全
10 months ago
安全客
Atomic macOS Stealer leads sensitive data theft on macOS
10 months ago
Sophos X-Ops explores the distribution and capabilities of the Atomic macOS Stealer (AMOS)
Jagadeesh Chandraiah
360打造!首个“津牌”大模型办公平台上线
10 months ago
天津高新区携手360,打造大模型办公业务平台
百城联动!360与您相约2024网安周
10 months ago
2024网安周即将启幕 360与您不见不散
Predator возвращается: мировая элита вновь под прицелом цифрового хищника
10 months ago
Чьи секреты окажутся следующим трофеем злоумышленников?
这辆纯电新车,决定给小米 SU7 上点强度
10 months ago
刀刀见血。
离开 OpenAI 后,Ilya 拿了 10 亿美金对抗 AI 作恶
10 months ago
只有安全生产才能保障扩大规模
美国起诉向乌克兰释放破坏性恶意程序的俄罗斯军官
10 months ago
美国联邦检方起诉了六名俄罗斯人,他们被控在战前合谋入侵乌克兰政府及其盟友的计算机网络,窃取或破坏敏感数据。其中五人是总参情报总局第 29155 部队的军官。微软早在 2022 年 1 月就披露了被称为 WhisperGate 的破坏性恶意软件,感染了数十家乌克兰政府、非营利组织和 IT 组织。它伪装成勒索软件,但实际上会通过擦除主引导记录(Master Boot Record)永久性破坏计算机及其数据。2022 年 4 月微软发布新报告称,WhisperGate 是更广泛行动的一部分,旨在通过破坏乌克兰基础设施帮助俄罗斯发动进攻。被美国起诉的六人包括了 29155 部队网络行动指挥官 Yuriy Denisov 上校,他手下的 Vladislav Borokov 中尉、Denis Denisenko 中尉、Dmitriy Goloshubov 中尉、Nikolay Korchagin 中尉,以及一位参与合谋的平民 Amin Stigal。
一种比较综合的ssrf绕过手法
10 months ago
CVE-2024-6835 | Ivory Search Plugin up to 5.5.6 on WordPress AJAX Search Form information disclosure
10 months ago
A vulnerability classified as problematic was found in Ivory Search Plugin up to 5.5.6 on WordPress. This vulnerability affects unknown code of the component AJAX Search Form. The manipulation leads to information disclosure.
This vulnerability was named CVE-2024-6835. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com
CVE-2024-45288 | FreeBSD nvlist Array String null termination
10 months ago
A vulnerability, which was classified as problematic, was found in FreeBSD. This affects an unknown part of the component nvlist Array String Handler. The manipulation leads to improper null termination.
This vulnerability is uniquely identified as CVE-2024-45288. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-42416 | FreeBSD Kernel ctl_report_supported_opcodes improper filtering of special elements
10 months ago
A vulnerability has been found in FreeBSD and classified as critical. This vulnerability affects the function ctl_report_supported_opcodes of the component Kernel. The manipulation leads to improper filtering of special elements.
This vulnerability was named CVE-2024-42416. The attack needs to be approached locally. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-43110 | FreeBSD ctl_request_sense out-of-bounds
10 months ago
A vulnerability was found in FreeBSD and classified as critical. This issue affects the function ctl_request_sense. The manipulation leads to out-of-bounds read.
The identification of this vulnerability is CVE-2024-43110. An attack has to be approached locally. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com