Aggregator

A vulnerability was found in AXIS AXIS OS up to 11.6. It has been rated as critical. This issue affects some unknown processing of the file dynamicoverlay.cgi of the component VAPIX API. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-21416. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in AXIS AXIS OS up to 11.6. This affects an unknown part of the file manageoverlayimage.cgi of the component VAPIX API. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2023-21417. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in AXIS AXIS OS up to 11.6 and classified as critical. This vulnerability affects unknown code of the file irissetup.cgi of the component VAPIX API. The manipulation leads to path traversal. This vulnerability was named CVE-2023-21418. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Merlix Educate Server and classified as problematic. This issue affects some unknown processing of the file config.asp. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2008-6870. The attack may be initiated remotely. Furthermore, there is an exploit available.

НКЦКИ готовит закон о расширении системы киберзащиты.

A vulnerability, which was classified as critical, was found in Hasomed Elefant 1.4.2.1811/24.03.03. This affects an unknown part of the component FHIR API. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2024-50589. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hasomed Elefant 1.4.2.1811. It has been classified as critical. Affected is an unknown function of the component Hotline. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2024-50593. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hasomed Elefant and classified as critical. This issue affects some unknown processing of the component Update Service. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-50591. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Hasomed Elefant 1.4.2.1811/24.03.03 and classified as critical. This vulnerability affects unknown code of the file C:\Elefant1\Firebird_2\bin\fbserver.exe. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2024-50590. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Hasomed Elefant 1.4.2.1811/24.03.03. This affects an unknown part of the component FHIR API. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2024-50589. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point

历经数年探索，集结来自细胞图谱、大脑类器官等研究获得的海量数据，科学家终于部分揭开了人脑与众不同的秘密。与其它灵长类动物的大脑相比，人脑的一个独特之处是体积大。人脑的体积比黑猩猩、大猩猩以及许多已灭绝的人类“近亲”的大脑大 3 倍以上。进化促使人脑变大，但不同区域的进化程度并不均衡，有些区域会变大更多。其中皮层区域尤为突出。这一区域负责执行计划、推理、语言等众多人类擅长的行为。此外大脑后部神经元密集的小脑区域，与运动和规划息息相关，这个区域也变大了很多。人脑中神经元的数量也与其它动物存在极大差异：人脑的神经元数量约为小鼠大脑的 1000 倍，是猕猴的 13.5 倍。大脑发育的速度因物种而异，但人脑的发育过程尤为漫长。如小鼠大脑在其寿命 5% 时就已发育完全；猕猴和黑猩猩在其寿命的三分之一时大脑发育完全。但人脑需要约 30 年光阴，来生长、成熟并精心织就内部的连接网络，这几乎占据人类平均寿命的一半。科学家认为，这种缓慢的发育节奏为人脑的生长提供了更多可能性。在这段漫长的岁月中，大脑能够孕育出更多的神经元，培育出更为丰富和复杂的连接。同时这也让大脑有了更多时间来适应这个瞬息万变的世界。

国际刑警组织披露，一波“空前”的网络犯罪浪潮席卷全球，每39秒就会发生一次黑客攻击，给受害者造成重大经济损失。

A vulnerability was found in perfSONAR Monitoring and Debugging Dashboard 2.0.2. It has been classified as problematic. This affects an unknown part of the file /style/. The manipulation leads to information disclosure (Directory). This vulnerability is uniquely identified as CVE-2018-12522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

黑莓公司旗下的类 Unix 实时操作系统 QNX 宣布对非商业使用免费，此举旨在吸引嵌入式用户使用，但很多人认为黑莓此举可能已经晚了。QNX 诞生于 1982 年，由加拿大公司 Quantum Software Systems 开发，它后来改名为 QNX Software Systems，2004 年出售给 Harman International Industries，2010 年 Research In Motion（后改名为黑莓）从 Harman International Industries 收购了 QNX。QNX 曾两次尝试开源或公开部分源代码，但因为两次收购案，它的开源行动都无疾而终，黑莓公司在收购 QNX 之后就立即限制了其源代码的访问。QNX Everywhere 是黑莓尝试向感兴趣的用户开放 QNX 的最新举措，它还在 GitLab 上公开一系列示例、应用、框架和库，发布了用于 Raspberry Pi 4 的可启动 QNX 映像文件。

The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense.

And it’s confusing; most “open source” AI models—like LLAMA—are open source in name only. But the OSI seems to have been co-opted by industry players that want both corporate secrecy and the “open source” label. (Here’s one ...

The post AI Industry is Trying to Subvert the Definition of “Open Source AI” appeared first on Security Boulevard.

A vulnerability was found in Quassel 0.10.0. It has been classified as critical. This affects the function CoreUserInputHandler::doMode of the file core/coreuserinputhandler.cpp. The manipulation with the input /op * leads to code. This vulnerability is uniquely identified as CVE-2015-8547. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

International energy solution provider Newpark Resources has confirmed it was hit by a ransomware attack that disrupted critical systems

A vulnerability was found in Impero Education Pro and classified as critical. This issue affects some unknown processing of the component CBC Key Handler. The manipulation leads to missing encryption of sensitive data. The identification of this vulnerability is CVE-2015-5997. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available