Aggregator

CVE-2025-13357 | HashiCorp Tooling up to 5.4.x LDAP Auth Method deny_null_bind insecure default initialization of resource (EUVD-2025-198491)

VulDB Recent Entries
7 months 1 week ago
A vulnerability classified as problematic was found in HashiCorp Tooling up to 5.4.x. Affected by this vulnerability is an unknown functionality of the component LDAP Auth Method Handler. Executing manipulation of the argument deny_null_bind can lead to insecure default initialization of resource. This vulnerability is handled as CVE-2025-13357. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

如何关闭 Google 应用中的 Gemini AI

Solidot
7 months 1 week ago
Google 被发现默认启用了“在 Gmail、Chat 和 Meet 中启用智能功能”选项,默认启用“Google Workspace 智能功能”。根据 Google 的说明,“启用此设置即表示您同意 Gmail、Google Chat 和 Google Meet 使用您在这些产品中的内容和活动记录,为您提供智能功能和个性化体验”,以及“启用此设置即表示您允许 Google Workspace 使用您的 Workspace 内容和活动记录,从而在 Workspace 中为您提供个性化体验。Workspace 包含适用于企业和学校的多个应用,例如 Gmail、Chat、Meet、云端硬盘等。”用户需要手动选择才能取消这些 AI 功能,方法是 Gmail ——> 设置 ——> 查看所有设置——> 智能功能,去除“在 Gmail、Chat 和 Meet 中启用智能功能”勾选框,在重启应用之后,在智能功能下打开“管理 Google Workspace 智能功能设置”,去除所有勾选框。

NDSS 2025 – A Key-Driven Framework For Identity-Preserving Face Anonymization

Security Boulevard
7 months 1 week ago

SESSION
Session 3D: Al Safety

-----------

-----------

Authors, Creators & Presenters: Miaomiao Wang (Shanghai University), Guang Hua (Singapore Institute of Technology), Sheng Li (Fudan University), Guorui Feng (Shanghai University)

-----------

PAPER
A Key-Driven Framework for Identity-Preserving Face Anonymization

Virtual faces are crucial content in the metaverse. Recently, attempts have been made to generate virtual faces for privacy protection. Nevertheless, these virtual faces either permanently remove the identifiable information or map the original identity into a virtual one, which loses the original identity forever. In this study, we first attempt to address the conflict between privacy and identifiability in virtual faces, where a key-driven face anonymization and authentication recognition (KFAAR) framework is proposed. Concretely, the KFAAR framework consists of a head posture-preserving virtual face generation (HPVFG) module and a key-controllable virtual face authentication (KVFA) module. The HPVFG module uses a user key to project the latent vector of the original face into a virtual one. Then it maps the virtual vectors to obtain an extended encoding, based on which the virtual face is generated. By simultaneously adding a head posture and facial expression correction module, the virtual face has the same head posture and facial expression as the original face. During the authentication, we propose a KVFA module to directly recognize the virtual faces using the correct user key, which can obtain the original identity without exposing the original face image. We also propose a multi-task learning objective to train HPVFG and KVFA. Extensive experiments demonstrate the advantages of the proposed HPVFG and KVFA modules, which effectively achieve both facial anonymity and identifiability.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – A Key-Driven Framework For Identity-Preserving Face Anonymization appeared first on Security Boulevard.

Marc Handelman

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

The Hackers News
7 months 1 week ago
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First
The Hacker News

Google 曝光 APT24 使用的 BadAudio 恶意程序

Solidot
7 months 1 week ago
Google Threat Intelligence Group(GTIG) 通过官方博客曝光了 APT24 间谍组织使用的 BadAudio 恶意程序。APT24 过去三年在受害者网络部署了此前未有记录的 BadAudio——一种高度混淆的第一阶段下载工具,用于建立持久访问权限。APT24 利用了供应链入侵、多层社会工程攻击以及滥用合法云服务如 Google Drive 和 OneDrive,展示了其攻击能力的持续演进。举例来说,从 2024 年 7 月起,APT24 多次入侵了一家台湾的数字营销公司,该公司为客户网站提供了 JS 库。APT24 通过入侵该公司,将恶意的 JS 代码注入到该公司的一个广泛使用的 JS 库,它还使用误植域名(Typosquatting)冒充合法 CDN 的域名。

Ransomware Actors Primarily Targeting Retailers This Holiday Season to Deploy Malicious Payloads

Cyber Security News
7 months 1 week ago

Retailers are facing a sharp rise in targeted ransomware activity as the holiday shopping season begins. Threat groups are timing their attacks to peak sales periods, when downtime is most painful and the pressure to pay is highest. This campaign focuses on point-of-sale networks, e‑commerce backends, and supporting IT systems that handle orders, loyalty data, […]

The post Ransomware Actors Primarily Targeting Retailers This Holiday Season to Deploy Malicious Payloads appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad