Aggregator

期刊出版商 Elsevier 旗下的《Ain Shams Engineering Journal》撤下了两篇讨论溃坝的论文，原因是论文使用的计算流体力学软件 FLOW-3D 被开发商 Flow Science 投诉是盗版。期刊主编称，他们在收到投诉之后展开了调查，论文作者承认 FLOW-3D 没有购买许可证。而论文发表的条件之一是不能侵犯任何个人或实体的知识产权，任何软件的使用都需要在软件所有者的授权或许可下进行。

NIST’s latest report, “Hardware Security Failure Scenarios: Potential Hardware Weaknesses” (NIST IR 8517), explores the hidden vulnerabilities in computer hardware, a domain often considered more secure than software. The report highlights how hardware flaws embedded in chip designs can lead to security risks that are difficult to fix post-production. The document outlines 98 failure scenarios, detailing various ways attackers can exploit hardware design and implementation weaknesses. Issues such as improper access control, faulty coding standards … More →

The post NIST report on hardware security risks reveals 98 failure scenarios appeared first on Help Net Security.

本篇文章为翻译文章，让我们跟随梅苑师傅的脚步，一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞！

本篇文章为翻译文章，让我们跟随梅苑师傅的脚步，一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞！

本篇文章为翻译文章，让我们跟随梅苑师傅的脚步，一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞！

本篇文章为翻译文章，让我们跟随梅苑师傅的脚步，一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞！

本篇文章为翻译文章，让我们跟随梅苑师傅的脚步，一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞！

匈牙利官员向当地媒体证实，该国国防采购机构（VBÜ）遭到“国际黑客组织”的攻击。 周四早些时候，名为 INC Ransomware 或 INC Ransom 的网络犯罪组织声称可以访问该机构的数据，并在其暗网门户网站上发布了示例截图。 先前的研究表明，该组织于去年出现，主要针对医疗保健、教育和政府实体。其背后的运营者仍然未知。 匈牙利国防部在回应媒体询问时拒绝透露可能的信息泄露，称调查仍在进行中。该部补充说，VBÜ 不存储敏感的军事数据。匈牙利是北约联盟的成员。 总理维克托·欧尔班的幕僚长盖尔盖利·古利亚斯将此次袭击归咎于“敌对的外国非国家黑客组织”，但没有透露该组织的名字。 古利亚斯在周四的新闻发布会上表示，可能被访问的最敏感数据包括“有关军事采购的计划和数据”。 匈牙利新闻媒体 Magyar Hang报道称，INC 勒索软件入侵了该机构的服务器，下载并加密了所有文件。据称，黑客发布了包含匈牙利军队空中和陆地能力数据的文件截图，以及标有“非公开”的文件。 媒体报道称，泄露的数据“相当新”，一些文件可追溯到今年 10 月。据报道，黑客索要 500 万美元赎金。 匈牙利官员没有就他们是否正在与黑客谈判发表评论。国防部尚未回应 Recorded Future News 的置评请求。     转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/bIPxaypcWTd3AUp9Ov9O8g 封面来源于网络，如有侵权请联系删除

A vulnerability was found in Apple macOS up to 13.2.1. It has been classified as problematic. This affects an unknown part of the component curl. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2022-43551. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle HTTP Server 12.2.1.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSL Module. The manipulation leads to information disclosure. This vulnerability is known as CVE-2022-43551. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle MySQL Server up to 5.7.41/8.0.32. Affected is an unknown function of the component Packaging. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-43551. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in cURL. Affected is an unknown function of the component Proxy Error Handler. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-43552. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in cURL and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is known as CVE-2022-43551. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 13.2.1. It has been declared as problematic. This vulnerability affects unknown code of the component curl. The manipulation leads to use after free. This vulnerability was named CVE-2022-43552. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in protobuf-python and protobuf-cpp. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component ProtocolBuffers. The manipulation leads to resource consumption. This vulnerability is known as CVE-2022-1941. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle MySQL Connectors up to 8.0.31. Affected by this issue is some unknown functionality of the component Connector/Python. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-1941. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Banking Platform 2.9.0. It has been classified as critical. Affected is an unknown function of the component Security. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-3171. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Banking Trade Finance Process Management 14.5.0.8.0/14.6.0.4.0/14.7.0.2.0/14.7.1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component Dashboard. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-3171. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle GoldenGate Veridata up to 12.2.1.4.230922. This issue affects some unknown processing of the component Veridata. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-3171. The attack can only be done within the local network. There is no exploit available.

研究人员最近在高级人工智能图像生成器中发现了潜在的安全漏洞，能够泄露敏感系统指令，尤其是在高级扩散模型Recraft中。