Aggregator

CVE-2024-36671 | nodemcu prior 3.0.0-release_20240225 /modules/struct.c getnum integer overflow (ID 3626)

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in nodemcu. Affected is the function getnum of the file /modules/struct.c. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2024-36671. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-48406 | SunBK201 umicat up to 0.3.2 src/uct_upstream.c power buffer overflow

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as critical, has been found in SunBK201 umicat up to 0.3.2. This issue affects the function power of the file src/uct_upstream.c. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-48406. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Security Affairs
9 months 1 week ago
Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA. Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. In AiTM phishing, threat […]
Pierluigi Paganini

CVE-2018-13457 | Nagios up to 4.4.1 Unix Socket qh_echo null pointer dereference (FEDORA-2019-376ecc221c / EDB-45082)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in Nagios up to 4.4.1. It has been classified as problematic. Affected is the function qh_echo of the component Unix Socket Handler. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2018-13457. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2015-5531 | Elasticsearch up to 1.6.0 API Call path traversal (ID 132721 / EDB-38383)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in Elasticsearch up to 1.6.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component API Call Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2015-5531. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

道德愤慨会助长虚假信息传播

Solidot
9 months 1 week ago
根据发表在《科学》期刊上的一项研究,包含错误信息的社交媒体帖子会比那些有着可靠信息的帖子引发更多的道德愤慨,而这种愤怒又会促进错误信息的传播。研究人员还发现,人们更有可能在未先阅读帖子内容的情况下分享那些会引起愤怒的虚假信息。研究人员指出,这些发现表明,试图通过鼓励人们在分享前检查帖子准确性以减轻虚假信息的在线传播可能不会成功。研究人员认为,社交媒体平台先对内容进行排名,然后再显示给用户的方式可能也会在错误信息的传播中发挥作用;“由于愤怒与在线参与度的提高有关,因此激起愤怒的错误信息可能会传播得更远,其部分原因是算法会对那些吸引人的内容进行放大。这一点颇为重要,因为算法可能会提升与愤怒相关的新闻报道的排名,即使用户的意图只是为了对包含错误信息的文章表示愤怒。”

孙宇晨吃掉了花 624 万美元拍下的“香蕉”艺术品

Solidot
9 months 1 week ago
波场(TRON)创始人孙宇晨周五在香港的一个活动中吃掉了他上周斥资 624 万美元拍下的“香蕉”艺术品《喜剧演员》。 Maurizio Cattelan 创作的《喜剧演员》是一根用胶带黏在墙上的香蕉。香蕉极其容易腐烂,孙宇晨拍下的不是数天后就会熟透烂掉的香蕉,而是获得《喜剧演员》的授权,自此他就有权用胶带将香蕉黏在墙上,并对外宣称这就是《喜剧演员》的艺术品。孙宇晨宣称,“真正的价值在于概念本身”,他是用加密货币支付了拍卖款项。他面临美国证券交易委员(SEC)的欺诈和证券违规指控。

Tor 项目需要更多 WebTunnel 网桥

Solidot
9 months 1 week ago
俄罗斯 Tor 用户报告该国的审查力度在加大,其中包括尝试屏蔽 Tor 网桥和 pluggable transports。俄罗斯通信监管机构 Roscomnadzor 还将打击目标瞄准托管服务商,而很多帮助躲避审查的工具就依赖于这些服务商的服务器,其中包括了 Tor 网桥。随着审查的加大,Tor 项目需要更多 WebTunnel 网桥。WebTunnel 是一种新型的网桥,通过模拟 HTTPS 流量增加屏蔽 Tor 连接的难度。审查者不可能完全屏蔽 HTTPS 连接,因为这会导致绝大部分服务无法访问。Tor 项目希望到年底增加 200 个新 WebTunnel 网桥,为俄罗斯用户提供安全访问。

Managed ad