Aggregator

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The identification of this vulnerability is CVE-2024-8782. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Valve Source Engine. It has been rated as critical. This issue affects some unknown processing of the file /tmp/hl2_relaunch. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2020-12242. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

Submit #405528 / VDB-277433

A vulnerability, which was classified as critical, was found in HP Procurve Switch 4000M up to C.09.15. This affects an unknown part of the component HTTP Administration Interface. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2002-1147. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Weather Channel 5.2.0. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-6699. The attack needs to be done within the local network. There is no exploit available.

Over 600 patients and employees of Lehigh Valley Health Network in Pennsylvania had their medical record photos hacked and posted on the internet

A vulnerability, which was classified as critical, has been found in gnuedu. Affected by this issue is some unknown functionality of the file web/index.php. The manipulation of the argument LIBSDIR leads to code injection. This vulnerability is handled as CVE-2007-2609. The attack may be launched remotely. Furthermore, there is an exploit available.

A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.

A vulnerability classified as critical was found in gnuedu. Affected by this vulnerability is an unknown functionality of the file web/help.php. The manipulation of the argument LIBSDIR leads to code injection. This vulnerability is known as CVE-2007-2609. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in igg Galaxy Online 2 1.2.3. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6698. The attack can only be initiated within the local network. There is no exploit available.

新学年开始，不仅要预防被骗，更要警惕成为电诈“工具人”！

一图读懂如何更好的保护你的个人信息

随着互联网技术的迅猛发展，网络犯罪的形式和复杂性也在不断增加。黑客攻击、数据窃取、网络诈骗、网络恐怖主义等犯罪行为给各国经济、安全和社会秩序带来了严重威胁。为有效打击网络犯罪，一些国家结合本国实际制定...

9月9日至9月15日，以“网络安全为人民，网络安全靠人民”为主题的2024年国家网络安全宣传周将在全国范围内统一开展，通过多样的形式、丰富的内容，助力全社会网络安全意识和防护技能提升，把牢网络安全“主...

白皮书涵盖了网络安全服务的基本组成要素，通过利用网络安全、数据安全、信息安全服务的标准作为支撑，构造了一个覆盖全生命周期的理论框架。

CCS 2024成都网络安全大会于9月11日至12日在成都高新创合中心盛大召开，关键领域头部企业和行业大咖云集于此，共同探讨网络安全的未来之路。

白皮书由中国信息安全测评中心指导，华为技术有限公司联合中国移动通信集团有限公司等行业单位专家共同编撰。

Discover how to define use cases, scale SecOps automation, and align technologies to enhance your security operations and stay ahead of modern threats.

一项研究发现，与训练有素的 AI 聊天机器人进行对话有助于减少阴谋论信仰。研究调查了 GPT-4 Turbo 等大模型 (LLM) 是否能利用其巨大的信息获取能力以及使用直接针对相信者提出的对具体证据的定制反驳来有效地揭穿阴谋论。在一系列涵盖 2190 名相信阴谋论者的实验中，参与者与 LLM 进行了几次个性化互动，分享了他们的阴谋论信仰以及他们认为的支持这些信仰的证据。LLM 也会类似地通过定制的、事实的和基于证据的反驳直接驳斥这些说法。一位受雇评估 GPT-4 Turbo 所作声明准确性的专业事实核查员报告说，在这些声明中，99.2% 被评为“真实”，0.8% 被评为“误导”，0 被评为“虚假”；并且没有发现任何声明包含自由派或保守派偏见。研究人员发现，由 AI 驱动的对话能使参与者的被误导的信念平均减少 20%。这种效应持续了至少 2 个月，并且在各种不相关的阴谋论以及各个人口统计类别中均被观察到。这些发现挑战了这样一种观念，即某人一旦采信了阴谋论，证据和论据就无效了。他们还质疑了社会-心理学理论，该理论将心理需求和动机作为阴谋论信念的主要驱动因素。

Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system.  

At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life). 

CISA recommends users and administrators review CISA and FBI's joint guidance on eliminating OS command injections and the Ivanti security advisory and apply the recommended updates. 

Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.