Aggregator

澳大利亚面临太阳能供大于求

A vulnerability, which was classified as critical, has been found in Tenda AC6V2 up to 15.03.06.50. This issue affects the function setDoubleL2tpConfig. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-52274. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Tenda AC6V2 up to 15.03.06.50. Affected is the function setDoublePppoeConfig. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-52273. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Tenda AC6V2 up to 15.03.06.50 and classified as critical. Affected by this vulnerability is the function fromWizardHandle. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-52275. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Tenda AC6V2 up to 15.03.06.50 and classified as critical. Affected by this issue is the function fromAdvSetLanip. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-52272. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in uD3TN BPv7 up to 0.14.1. It has been classified as critical. This affects an unknown part of the component Endpoint Identifier Handler. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2024-12107. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Infinix Mobile com.transsion.agingfunction 13 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper verification of intent by broadcast receiver. The identification of this vulnerability is CVE-2024-10576. An attack has to be approached locally. There is no exploit available.

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a “Mobile Threat Hunting” feature to its mobile device security solution for Android-based phones and iPhones and urged users to try it out. 2,500 of them did, and six (possibly seven) discovered that they’ve been infected with … More →

The post How widespread is mercenary spyware? More than you think appeared first on Help Net Security.

思科安全设备ASA十年老漏洞正在被利用

China's growing presence in the global market for LiDAR, a remote sensing technology widely used in defense and commercial system, presents a national security risk for the United States, which already is dealing with intrusions into critical infrastructure networks by China-backed threat groups, according to a reporte.

The post Chinese-Made LiDAR Systems a National Security Risk, Think Tank Says appeared first on Security Boulevard.

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

亚马逊在 AWS re:Invent 活动上宣布了一系列使用 Nova 品牌名称的 AI 模型：为速度和成本进行优化的文本模型 Nova Micro；低成本多模模型 Nova Lite，输入图像、视频和文本输出文本；强大的多模模型 Nova Pro；计划于 2025 年初推出的最强多模模型 Nova Premier；图像生成模型 Nova Canvas 以及视频生成模型 Nova Reel，这些模型生成的内容都会嵌入水印以促进负责任的 AI 使用。这些模型将通过 AWS Amazon Bedrock 模型库提供给客户。亚马逊还表示正与其投资的 AI 创业公司 Anthropic 合作构建庞大的 AI 计算集群。