CrowdStrike Fires Worker Over Insider Leak to Scattered Lapsus Hunters
CrowdStrike fired an insider for selling internal screenshots to Scattered Lapsus$ Hunters for $25,000. Read how the security team detected the activity and protected customers.
Aggregator
Play
6 months 4 weeks ago
You must login to view this content
cohenido
Play
6 months 4 weeks ago
You must login to view this content
cohenido
Play
6 months 4 weeks ago
You must login to view this content
cohenido
密码学会因密钥丢失被迫重新选举
6 months 4 weeks ago
总部位于美国华盛顿 Bellevue 的密码学会 International Association of Cryptologic Research(IACR)在全世界有数千名会员,该组织于 10 月 17 日至 11 月 16 日之间举行了包括主席在内的多个领导职位的选举,使用名为 Helios 的电子投票系统。该系统对每张选票进行加密,允许投票者追踪自己投的票。投票结果使用三个密钥进行解密,这三个密钥掌握在三位选举委员会成员手中。然而问题是其中一人——Google 的 Moti Yung 的密钥丢了,导致结果无法解密。密码学会表示这一轮投票作废,新一轮投票将于 11 月 21 日至 12 月 20 日举行。该组织同时表示 Moti Yung 已经辞去了选举委员会成员职位。IACR 表示为避免再次出现类似的问题,他们将放宽密钥使用要求,采用三分之二密钥使用门槛。
NDSS 2025 – Explanation As A Watermark
6 months 4 weeks ago
SESSION
Session 3D: AI Safety
-----------
-----------
Authors, Creators & Presenters: Shuo Shao (Zhejiang University), Yiming Li (Zhejiang University), Hongwei Yao (Zhejiang University), Yiling He (Zhejiang University), Zhan Qin (Zhejiang University), Kui Ren (Zhejiang University)
-----------
PAPER
Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution
Ownership verification is currently the most critical and widely adopted post-hoc method to safeguard model copyright. In general, model owners exploit it to identify whether a given suspicious third-party model is stolen from them by examining whether it has particular properties 'inherited' from their released models. Currently, backdoor-based model watermarks are the primary and cutting-edge methods to implant such properties in the released models. However, backdoor-based methods have two fatal drawbacks, including harmfulness and ambiguity. The former indicates that they introduce maliciously controllable misclassification behaviors ( backdoor) to the watermarked released models. The latter denotes that malicious users can easily pass the verification by finding other misclassified samples, leading to ownership ambiguity.
In this paper, we argue that both limitations stem from the 'zero-bit' nature of existing watermarking schemes, where they exploit the status (misclassified) of predictions for verification. Motivated by this understanding, we design a new watermarking paradigm "Explanation as a Watermark (EaaW)", that implants verification behaviors into the explanation of feature attribution instead of model predictions. Specifically, EaaW embeds a 'multi-bit' watermark into the feature attribution explanation of specific trigger samples without changing the original prediction. We correspondingly design the watermark embedding and extraction algorithms inspired by explainable artificial intelligence. In particular, our approach can be used for different tasks (image classification and text generation). Extensive experiments verify the effectiveness and harmlessness of our EaaW and its resistance to potential attacks.
-----------
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Explanation As A Watermark appeared first on Security Boulevard.
Marc Handelman
CVE-2024-23690 | Netgear FVS336Gv3/FVS336Gv2 up to 4.3 Telnet backup_configuration os command injection (EUVD-2024-21151)
6 months 4 weeks ago
A vulnerability was found in Netgear FVS336Gv3 and FVS336Gv2 up to 4.3. It has been classified as critical. Affected by this vulnerability is the function backup_configuration of the component Telnet. The manipulation leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is referenced as CVE-2024-23690. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2024-13975 | Commvault up to 11.32.59/11.34.33/11.36.7 on Windows privileges management (EUVD-2024-54819)
6 months 4 weeks ago
A vulnerability, which was classified as critical, was found in Commvault up to 11.32.59/11.34.33/11.36.7 on Windows. Impacted is an unknown function. The manipulation results in improper privilege management.
This vulnerability was named CVE-2024-13975. The attack needs to be approached locally. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2024-13976 | Commvault on Windows Installation uncontrolled search path (EUVD-2024-54818)
6 months 4 weeks ago
A vulnerability has been found in Commvault up to 11.20.201/11.28.123/11.32.64/11.34.36/11.36.14 on Windows and classified as problematic. The affected element is an unknown function of the component Installation. This manipulation causes uncontrolled search path.
The identification of this vulnerability is CVE-2024-13976. The attack can only be executed locally. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2024-12856 | Four-Faith F3x24/F3x36 2.0 apply.cgi os command injection (EUVD-2024-51157)
6 months 4 weeks ago
A vulnerability, which was classified as critical, was found in Four-Faith F3x24 and F3x36 2.0. Affected by this issue is some unknown functionality of the file apply.cgi. The manipulation results in os command injection.
This vulnerability is known as CVE-2024-12856. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2024-23692 | Rejetto HTTP File Server up to 2.3m HTTP Request special elements used in a template engine (EUVD-2024-21153 / EDB-52102)
6 months 4 weeks ago
A vulnerability was found in Rejetto HTTP File Server up to 2.3m. It has been rated as very critical. This affects an unknown part of the component HTTP Request Handler. Performing manipulation results in improper neutralization of special elements used in a template engine. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability was named CVE-2024-23692. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2024-0401 | Asus RT-AX3000 Custom OpenVPN Profile os command injection (EUVD-2024-16197)
6 months 4 weeks ago
A vulnerability was found in Asus ExpertWiFi, RT-AX55, RT-AX58U, RT-AC67U, RT-AC68R, RT-AC68U, RT-AX86 Series, RT-AC86U, RT-AX88U and RT-AX3000 and classified as critical. This vulnerability affects unknown code of the component Custom OpenVPN Profile Handler. The manipulation results in os command injection.
This vulnerability is known as CVE-2024-0401. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2010-20120 | Maplesoft Maple up to 13 Maplet File code injection (EUVD-2010-5322)
6 months 4 weeks ago
A vulnerability classified as critical was found in Maplesoft Maple up to 13. Affected by this issue is some unknown functionality of the component Maplet File Handler. Executing manipulation can lead to code injection.
This vulnerability is tracked as CVE-2010-20120. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2009-20005 | InterSystems Caché up to 2009.1 HTTP GET Request UtilConfigHome.csp stack-based overflow (EUVD-2009-5127 / EDB-16807)
6 months 4 weeks ago
A vulnerability classified as critical has been found in InterSystems Caché up to 2009.1. This affects an unknown part of the file UtilConfigHome.csp of the component HTTP GET Request Handler. The manipulation leads to stack-based buffer overflow.
This vulnerability is documented as CVE-2009-20005. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
CVE-2024-11680 | ProjectSend up to r1719 HTTP Request options.php improper authentication (EUVD-2024-34152 / Nessus ID 271956)
6 months 4 weeks ago
A vulnerability was found in ProjectSend up to r1719. It has been rated as critical. Affected by this issue is some unknown functionality of the file options.php of the component HTTP Request Handler. This manipulation causes improper authentication.
This vulnerability is handled as CVE-2024-11680. The attack can be initiated remotely. Additionally, an exploit exists.
Upgrading the affected component is advised.
vuldb.com
CVE-2012-10061 | Sockso Project Music Host Server up to 1.5 HTTP Interface /file/ path traversal (EUVD-2012-6607)
6 months 4 weeks ago
A vulnerability was found in Sockso Project Music Host Server up to 1.5. It has been rated as critical. This affects an unknown part of the file /file/ of the component HTTP Interface. Performing manipulation results in path traversal. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is reported as CVE-2012-10061. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2014-125115 | Artica Pandora FMS up to 5.0 SP2 File Manager mobile/index.php loginhash_data sql injection (Exploit 35380 / EUVD-2014-9806)
6 months 4 weeks ago
A vulnerability was found in Artica Pandora FMS up to 5.0 SP2 and classified as critical. This impacts an unknown function of the file mobile/index.php of the component File Manager Component. Such manipulation of the argument loginhash_data leads to sql injection.
This vulnerability is listed as CVE-2014-125115. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
SecWiki News 2025-11-22 Review
6 months 4 weeks ago
LLM 与安全代码 by ourren
智能溯源分析与入侵检测:洞察、挑战与展望 by ourren
DARPA在人工智能领域的项目资助布局启示 by ourren
大模型越狱攻击方法(ForgeDAN) by ourren
更多最新文章,请访问SecWiki
智能溯源分析与入侵检测:洞察、挑战与展望 by ourren
DARPA在人工智能领域的项目资助布局启示 by ourren
大模型越狱攻击方法(ForgeDAN) by ourren
更多最新文章,请访问SecWiki
CVE-2025-13557 | Campcodes Online Polling System 1.0 /registeracc.php email sql injection (EUVD-2025-198578)
6 months 4 weeks ago
A vulnerability marked as critical has been reported in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection.
This vulnerability is listed as CVE-2025-13557. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2025-13556 | Campcodes Online Polling System 1.0 /admin/checklogin.php myusername sql injection (EUVD-2025-198574)
6 months 4 weeks ago
A vulnerability labeled as critical has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing manipulation of the argument myusername can lead to sql injection.
This vulnerability is tracked as CVE-2025-13556. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com