Aggregator

上周关注度较高的产品安全漏洞(20241125-20241201)

CNVD漏洞周报2024年第48期

官方紧急延长售油运营时间

A vulnerability has been found in Sun Solaris up to 7.0 and classified as critical. This vulnerability affects unknown code of the component profil. The manipulation leads to improper privilege management. This vulnerability was named CVE-1999-0674. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

亚马逊AWS开设线下门店专门提供高带宽数据上传 带着你的硬盘去门店就行

Our Favorite Word Is the One That Makes Us The Dumbest

Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives companies complete control over their data. Nextcloud Talk collaboration software delivers highly secure, GDPR-compliant communication while providing all the essential features modern teams require, from chat and video conferencing to webinars. Its open architecture enables integration with existing systems and allows for the customization of solutions tailored to specific needs. Nextcloud Talk highlights High-security … More →

The post Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams appeared first on Help Net Security.

A vulnerability was found in Aleadsoft.com Search Engine Builder Professional 2.40. It has been classified as problematic. This affects an unknown part of the file search.html of the component Search Engine. The manipulation of the argument searWords leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2007-4479. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

2024 年第三届国际网络安全挑战赛

盖帝图片社(Getty Images) CEO Craig Peters 在《财富》上刊文批评了 AI 公司在版权上的立场。盖帝是一家出售图像版权的公司，因 AI 创业公司 Stability AI 涉嫌收集了数百万张盖帝可能持有版权的图像训练其 AI 模型 Stable Diffusion，盖帝正对其提起诉讼。盖帝 CEO 质疑了微软 AI 高管 Mustafa Suleyman 的观点，Suleyman 认为互联网上公开访问的内容都是“freeware”——类似免费软件可以免费使用。他认为应该根据具体情况应用合理使用原则，区分用于科学进步和用于生成商业内容的 AI 模型。音乐流媒体行业从共享平台 Napster 转向授权平台 Spotify，AI 公司也可以采用类似的授权模式。

Thales launched Data Risk Intelligence, an Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it resides. This is the first solution uniting the risk and threat identification capabilities of the Imperva Data Security Fabric with the data protection capabilities of the Thales CipherTrust Data Security Platform, following Thales’s strategic acquisition of Imperva in December 2023. With data and operations spread across cloud, on-premises and hybrid systems, security teams require … More →

The post Thales Data Risk Intelligence identifies risks to sensitive data appeared first on Help Net Security.

曾是全球最大暗网黑市的九头蛇市场头目被俄罗斯法院判处终身监禁

A vulnerability, which was classified as critical, has been found in Navigate CMS 2.9.4. This issue affects the function feed_parser of the component Feed Handler. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2022-28117. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A significant vulnerability has been identified in TP-Link’s HomeShield function, affecting a range of their devices, including the Archer, Deco, and Tapo series routers. This vulnerability, labeled CVE-2024-53375, allows attackers to exploit a flaw in the device firmware, leading to the potential injection of malicious commands by unauthorized users. This article explores the details of […]

The post TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Врачи придумали кое-что получше неудобных длинных проводов.

供应商安全管理自动化平台解决方案实践浅析｜大湾区金融安全专刊·安全村

.NET 2024.11月度红队武器库和资源汇总