Aggregator

A vulnerability has been found in GNU C Library up to 2.14 and classified as critical. This vulnerability affects the function __tzfile_read. The manipulation leads to numeric error. This vulnerability was named CVE-2009-5029. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Inteno iopsys. It has been classified as problematic. Affected is the function read_tmp/write_tmp of the file /tmp/etc/smb.conf. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2018-14533. Local access is required to approach this attack. Furthermore, there is an exploit available.

There is no outlook mesages in Autopsy

A vulnerability was found in Git up to 1.6.0.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2009-2108. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

本文提出了一种基于可定制指导的对齐人类主观偏好的图像质量评价方法—Align-IQA，该方法能够自适应地对自然场景图像、UGC图像和AIGC图像进行高效的质量评估。

Finland says latest fiber-optic cable break was an accident, not sabotage

Platform Used for Drugs, Arms trafficking, and Money Laundering
French and Dutch police led the takedown of an encrypted messaging platform used in international drug and arms trafficking. Dutch police discovered the app, named Matrix, on the phone of a criminal convicted in 2021 of murdering a journalist.

Flaws in Fuji's Tellus and V-Server Software Pose Risks to Critical Infrastructure
Security researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric's Tellus and V-Server remote monitoring software that enable attackers to execute malicious code in devices commonly used by utilities and other critical infrastructure providers.

Buy of Washington D.C.-Area Firm Adds Reverse Engineering, Data Analytics Expertise
Sixgen will enhance its cybersecurity operations through the purchase of Washington D.C.-area Kyrus. The move introduces reverse engineering and analytics expertise to Sixgen's portfolio, aligning with its mission to protect critical infrastructure and bolster American cyber defense capabilities.

Russian Threat Actor Delivers NetSupport RAT, BurnsRAT via Fake Requests
A malware campaign targeting Russian retailers and service businesses aims to deploy remote access tools and install infostealer malware. Kaspersky dubbed the campaign "Horns&Hooves," after a fake organization set up by fraudsters in the 1931 Soviet satirical novel "The Little Golden Calf."

A vulnerability, which was classified as critical, has been found in NEX-Forms Plugin up to 7.9.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2022-3142. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Our Leaders' Credentials Mean Nothing if They Can't See The Revolution Bitcoin is Bringing

为了进一步提升我国相关专业人员运用开源情报的实战能力，第12期全国开源情报能力提升培训班将于2024年12月17日至22日在北京市举办。

今天给大家推送美军《军事情报专业简报》

Meet The AI Tag-Team Method That Reduces Latency in Your Model's Response

Adding Observability with OpenTelemetry - Adriana Villela - ASW #309

银狐黑产最新加载器利用破解版VPN为诱饵进行传播

A vulnerability was found in GNU binutils up to 2.27 and classified as problematic. Affected by this issue is the function opy_special_section_fields of the component BFD Library. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2017-7304. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GNU binutils 2.28. This issue affects the function aout_link_add_symbols of the file bfd/aoutx.h of the component BFD Library. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2017-7301. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in GNU binutils 2.28. Affected is the function swap_std_reloc_out of the file bfd/aoutx.h of the component BFD Library. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2017-7302. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.