Aggregator

A vulnerability was found in Collabtive 3.1. It has been classified as problematic. This affects an unknown part of the file managemilestone.php. The manipulation of the argument name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-48707. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Collabtive 3.1 and classified as problematic. Affected by this issue is some unknown functionality of the file managemessage.php. The manipulation of the argument title leads to cross site scripting. This vulnerability is handled as CVE-2024-48706. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Client Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bwdates-reports-ds.php. The manipulation of the argument Between Dates Reports leads to sql injection. This vulnerability is known as CVE-2024-48570. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Umbraco CMS up to 8.18.14/10.8.6/13.5.1. Affected is an unknown function of the component SVG File Preview. The manipulation leads to injection. This vulnerability is traded as CVE-2024-48927. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the

A vulnerability, which was classified as critical, has been found in Python CPython up to 3.13.0. This issue affects some unknown processing of the file /venv/bin/python of the component venv. The manipulation leads to unquoted search path. The identification of this vulnerability is CVE-2024-9287. The attack needs to be approached locally. There is no exploit available.

Гидроцилиндр, как символ нового этапа в развитии инженерных технологий.

Socket Plans to Triple Headcount After Big Growth, Deliver Open-Source Tools Faster
A $40 million Series B investment will support Socket in rapidly scaling its team and product development. Following a 400% revenue increase, the company plans to build on its success by expanding its application security offerings and enterprise support for more programming languages.

Authors/Presenters:Minghao Li, Ran Ben Basat, Shay Vargaftik, ChonLam Lao, Kevin Xu, Michael Mitzenmacher, Minlan Yu

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – THC: Accelerating Distributed Deep Learning Using Tensor Homomorphic Compression appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Temperature Scales’ appeared first on Security Boulevard.

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

Крупная утечка обнажила всю поднаготную когнитивной войны между странами.

360漏洞云作为安全领域唯一的社群合作伙伴参与大会

Cloud attacks surged in 2024 as attackers exploited cloud resources at unprecedented levels

The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.

波音在商业飞机以及英特尔在先进芯片领域所面临的危机被认为危及到了美国国家安全。波音和英特尔的问题是它们自身的失误造成的，但其影响波及到了美国的科技生态系统，而国家安全要求美国保留在飞机和半导体方面的专门知识。其它国家也都在这么做。欧盟补贴了空客，中国的大基金在半导体领域投资了千亿美元，截至 2020 年中国商飞的政府补贴就达到 720 亿美元。美国民主党和共和党都认识到制造业的重要性，但制造业的战略目标不只是创造就业，还应该创造一流的产品。

Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack.

The post From Exploit to Extraction: Data Exfil in Blind RCE Attacks appeared first on Dana Epp's Blog.

10月17日，由威胁猎人主办的「2024 互联网黑灰产攻防技术沙龙」在北京拉开序幕，来自快手、58集团、威胁猎人的多位安全专家与北京当地200多名业务安全从业者共聚一堂，面对面交流黑灰产攻防、业务安全领域的新发现、新思路和新实践。