Aggregator

新闻速览•第八届“强网杯”全国网络安全挑战赛正式启动•我国科研人员成功用量子计算破解RSA加密算法•美国背景调查巨头因重大数据泄露事件陷入破产困境•《精灵宝可梦》开发商遭遇大规模数据泄露，近1TB敏感

10月11日在备受瞩目的特斯拉Robotaxi发布会上，特斯拉创始人马斯克仅用了短短20分钟，就展示了包括Robotaxi产品Cybercab、无人驾驶厢式车Robovan和人形机器人Optimus等

A vulnerability, which was classified as very critical, has been found in Adobe Flash Player up to 21.0.0.213 on Windows. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-4116. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in OISF Suricata up to 7.0.6. This affects an unknown part of the component TLS/QUIC. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2024-47522. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in OISF libhtp up to 0.5.48. Affected by this issue is some unknown functionality of the component HTTP Protocol Parser. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2024-45797. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in OISF Suricata up to 7.0.6. Affected by this vulnerability is an unknown functionality of the component Traffic Reassembly. The manipulation leads to off-by-one. This vulnerability is known as CVE-2024-45796. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in OISF Suricata up to 7.0.6. Affected is an unknown function of the component Hash Table Handler. The manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2024-47188. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OISF Suricata up to 7.0.6. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to reachable assertion. The identification of this vulnerability is CVE-2024-45795. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in admidio up to 4.3.11. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2024-47836. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OISF Suricata up to 7.0.6. It has been classified as critical. This affects an unknown part of the component thash Handler. The manipulation leads to insufficiently random values. This vulnerability is uniquely identified as CVE-2024-47187. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenSSL up to 3.3.2 and classified as critical. Affected by this issue is the function EC_GROUP_new_curve_GF2m of the component Elliptic Curve API. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-9143. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vivo安全发展的四大里程碑2021年，vivo提出隐私保护三原则——透明可控、隐私端侧处理、数据最小化，并构建了千镜安全架构，全面加强从芯片到应用的隐私保护能力。2022年，vivo专注于用户需求痛

A vulnerability was found in McAfee Asset Manager 6.6. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2014-2587. The attack may be launched remotely. Furthermore, there is an exploit available.

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [...]

Te hulp geschoten om Nederlanders te evacueren uit Soedan, overlevenden te zoeken in Turkije na de grote aardbeving en gewonden naar ziekenhuizen te verplaatsen. Hierbij waren 270 mensen betrokken: onder anderen van de brandweer, politie,  medisch personeel en militairen. Plaatsvervangend Commandant der Strijdkrachten viceadmiraal Boudewijn Boots blikte vandaag terug op hun inzet van vorig jaar en reikte hen de Herinneringsmedaille voor Humanitaire Hulpverlening bij Rampen uit. Dat gebeurde in de evenementenhal in Gorinchem.

A vulnerability was found in Thedigitalcraft AtomCMS 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to sql injection. This vulnerability is known as CVE-2022-24223. The attack can be launched remotely. Furthermore, there is an exploit available.

By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated.

A vulnerability was found in PaperThin CommonSpot Content Server up to 4.5. It has been classified as problematic. This affects an unknown part of the file loader.cfm. The manipulation of the argument bNewWindow leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2005-4574. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Finnish Customs shut down the Tor darknet marketplace Sipulitie and seized the servers hosting the platform. Finnish Customs, with the help of Europol, Swedish and Polish law enforcement authorities and researchers at Bitdefender, shut down the Tor marketplace Sipulitie. “Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on […]

The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.