Aggregator

A vulnerability classified as critical has been found in gcefcu Gulf Coast Educators FCU 1.0.27. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7077. The attack can only be done within the local network. There is no exploit available.

Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. The IDF breached the communication network of the control tower and threatened an Iranian civilian […]

Outstanding Paper Award Winner!

Authors/Presenters:Mohammad Javad Amiri, Chenyuan Wu, Divyakant Agrawal, Amr El Abbadi, Boon Thau Loo, Mohammad Sadoghi

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – The Bedrock of Byzantine Fault Tolerance: A Unified Platform for BFT Protocols Analysis, Implementation, and Experimentation appeared first on Security Boulevard.

A vulnerability was found in Sunhillo SureLine up to 8.7.0.1.0. It has been rated as critical. This issue affects some unknown processing of the file /cgi/networkDiag.cgi. The manipulation of the argument ipAddr/dnsAddr leads to os command injection. The identification of this vulnerability is CVE-2021-36380. The attack can only be done within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft SharePoint Server 2016/2019/Subscription Edition. It has been classified as critical. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2023-24955. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0. It has been classified as problematic. This affects the function applyRemoteView of the file NotificationContentInflater.java. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-21237. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Apple iOS and iPadOS. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2022-48618. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple watchOS. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2022-48618. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple tvOS. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2022-48618. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2022-48618. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Atlassian Confluence Data Center and Confluence Server 7.19.17/8.4.5 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. This vulnerability is known as CVE-2023-22527. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

第11期全国体制内单位及相关专业单位开源情报能力提升班—开源尖兵实战训练营10月20-25日成都开班。

这次袭击由以色列空军精心策划，多个情报机构通力合作，导致纳斯鲁拉身亡，真主党多名高级官员也身亡。

Обман зрения или научный факт.

A vulnerability was found in Apple watchOS up to 2.2.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Kernel. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-1863. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

因意外将6 亿 Facebook 用户的密码以明文形式存储，当地时间9月27日，爱尔兰数据保护委员会（DPC）宣布对Facebook母公司Meta处以9100万欧元（约合1.01亿美元）罚款。 这一处罚结果源自一起已经持续了5年的调查。2019年3月，美国安全研究员布赖恩·克雷布斯（Brian Krebbs） 发现Meta用户账户密码安全存在缺陷，随后，Meta证实其社交媒体用户的某些密码被以“明文”形式存储在其内部系统上（即没有加密保护或加密），并向DPC进行了通报，强调这些密码仅在 Meta 内部暴露，且没有证据表明其中任何密码被滥用，并立即采取行动修复了该错误。 2019年4月，DPC 启动了对Meta的调查，评估了Meta对《通用数据保护条例》（GDPR） 的遵守情况，最终，DPC认定Meta违反了GDPR中规定的相关安全要求： 违反GDPR 第 33（1） 条，Meta未能通知 DPC 有关以明文形式存储用户密码的个人数据泄露； 违反GDPR 第 33 条第 5 款，Meta 未能记录与以明文形式存储用户密码有关的个人数据泄露； 违反GDPR 第 5 条第 （1） 款第 （f） 项，Meta 没有使用适当的技术或组织措施来确保用户密码的适当安全性，防止未经授权的处理； 违反GDPR 第 32 条第 （1） 款，Meta 没有实施适当的技术和组织措施来确保与风险相适应的安全级别，包括确保用户密码持续机密性的能力。 “考虑到访问此类数据的人所带来的滥用风险，用户密码不应以明文形式存储，”DPC 副专员格雷厄姆·多伊尔 （Graham Doyle） 在一份关于谴责的声明中表示。 就在此次处罚宣布后，最初的爆料者克雷布斯在 LinkedIn 上发表评论称，虽然他没有发现 Facebook 员工当时访问了被曝光密码的证据，但 “安全/隐私缺陷可能会让 Facebook 20 万员工中的任何一人看到这多达 6 亿个账户的明文密码。 附：Meta近期因GDPR违规被罚记录 2022年11月，Meta 旗下的 Facebook被罚 2.65 亿欧元，原因是三年前的数据抓取泄露暴露了数亿条用户记录。 2023 年 1 月，DCP 宣布对 Meta 的 Facebook 处以 2.1 亿欧元的罚款，对 Instagram 处以 1.8 亿欧元的罚款，这两项罚款均因违反与用户同意和数据处理相关的 GDPR 规定。同月，Meta 还因 WhatsApp 的违规行为支付了 550 万欧元的罚款。 2023年5月，Meta 因向美国传输个人数据的方式而被处以 12 亿欧元的罚款，这是有史以来最大的 GDPR 罚款。Meta 正在对 DCP 的判决提出上诉。       转自Freebuf，原文链接：https://www.freebuf.com/articles/412005.html 封面来源于网络，如有侵权请联系删除

《通讯-地球与环境》上的一篇气候变化研究论文显示，自 1970 年以来，南美洲部分地区每年同时发生极端炎热、干旱和高火灾风险的天数增长到过去的 3 倍之多。南美洲的变暖速度和全球平均水平相似，但这片次大陆的部分区域同时出现多种极端气候的风险更高，此类复合型极端事件可能会对生态系统、经济和人类健康造成更大影响。研究人员发现，同时发生极端事件的频率在整个南美洲大陆都有增加，在委内瑞拉-哥伦比亚边界、北亚马孙和中南美洲的拉普拉塔河流域北部，这种情况增多得尤为显著，从每年少于 20 天增加到多达 70 天。

A vulnerability was found in magzter Sanctuary Asia 3. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7076. The attack needs to be approached within the local network. There is no exploit available.

超大质量黑洞会发射出强大的辐射和粒子喷流。Messier 87（M87星系）中心的超大质量黑洞 M87* 其质量是太阳的 65 亿倍，是第一个被天文学家直接成像的黑洞，它的喷流长达 3000 光年。根据发表在预印本平台 arXiv 上的一篇预印本，天文学家报告 M87* 喷流附近的新星数量是该星系其它区域的两倍。利用哈勃太空望远镜，天文学家在约一年时间里在 M87 中心附近发现了 94 颗新星，加上之前发现的 41 颗共有 135 颗星。对新星区域的分析显示，喷流区域有明显更多的新星数量。研究人员认为观测结果有 0.1%-1% 的可能性可归因于随机性，但可能的一种解释是喷流以某种方式催化了恒星爆发。

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. [...]