Aggregator

Early-MFC：基于早期网络流量的多视图三元组网络对Tor的增强流关联攻击 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in Leadinfo Plugin up to 1.0 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-32112. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Visitor Analytics TWIPLA Plugin up to 1.2.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-31937. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Tooltips Plugin up to 9.5.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-31285. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in BracketSpace Simple Post Notes Plugin up to 1.7.6 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-31935. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Pdfcrowd Save as Image Plugin up to 3.2.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-31931. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in WP Darko Top Bar Plugin up to 3.0.5 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-31928. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Link Whisper Free Plugin up to 0.6.9 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-31934. The attack may be launched remotely. There is no exploit available.

前不久返回地面的 Starliner 宇航员 Butch Wilmore 回顾了其不幸的飞行经历。他称，Starliner 飞船有 28 个反应控制系统推进器，当飞船飞到距离国际空间站一箭之遥的地方，有 4 个推进器发生了故障。按照任务飞行规则，他们应该返回地球，以免危及价值 1000 亿美元的空间站和上面的宇航员。但能否安全返回地面也是未知数。休斯顿地面团队认为最佳方法是重置故障推进器——类似 PC 发生故障之后强制关机重启，看看能不能解决问题。在此过程中，Wilmore 需要放开对飞船的控制。重置之后四个故障推进器中有两个恢复了工作。然而接着第五个推进器又停止了工作。任务控制中心再次尝试恢复故障推进器。最后只有一个推进器故障其它都恢复了，飞船恢复了自主飞行。 Wilmore 称在飞船对接空间站之后，他确信 Starliner 不太可能成为他们返回地球的飞船。

A vulnerability was found in Polevaultweb Intagrate Lite Plugin up to 1.3.7 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-31929. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Pdfcrowd Save as PDF Plugin up to 3.2.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-31930. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in AyeCode UsersWP Plugin up to 1.2.5 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-31936. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in bunny.net Plugin up to 2.0.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-31361. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in CreativeThemes Blocksy Companion Plugin up to 2.0.28 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-31932. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Popup Like Box Plugin up to 3.7.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-31387. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Faktor Vier F4 Improvements Plugin up to 1.8.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-31925. It is possible to initiate the attack remotely. There is no exploit available.

An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. [...]

A vulnerability was found in Siemens Automation License Manager up to 5.1. It has been rated as critical. This issue affects some unknown processing of the component License Manager. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2011-4529. The attack may be initiated remotely. Furthermore, there is an exploit available.

Meta 宣布了其最新的开放权重原生多模模型 Llama 4 Scout 和 Llama 4 Maverick。新模型使用了混合专家架构（mixture-of-experts）构建，每个有 170 亿活跃参数。Llama 4 Scout 有 16 个专家，适合单个 NVIDIA H100 GPU，提供了 1000 万上下文窗口，性能强于 Gemma 3、Gemini 2.0 Flash-Lite 和 Mistral 3.1。Llama 4 Maverick 有 128 个专家，在基准测试中超过 GPT-4o 和 Gemini 2.0 Flash，在 LMArena 的 ELO 得分为 1417，它适合单台 H100 主机。Meta 还训练了一个教师模型 Llama 4 Behemoth，它有 16 个专家和 2880 亿个活跃参数，在多项 STEM 测试中超过了 GPT-4.5、Claude Sonnet 3.7 和 Gemini 2.0 Pro，该模型仍然在训练中。最新模型通过 llama.com 和 Hugging Face 提供下载。

Author/Presenter: Mea Clift

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – HireGround – How Living And Quilting History Made Me A Better Cybersecurity Professional appeared first on Security Boulevard.