Aggregator

CVE-2023-20609 | MediaTek MT8797 ccu out-of-bounds (ALPS07570864 / EUVD-2023-24788)

Vuldb Updates
5 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in MediaTek MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8768, MT8786, MT8791 and MT8797. This affects an unknown part of the component ccu. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2023-20609. Local access is required to approach this attack. No exploit exists. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2023-20608 | MediaTek MT8675 Display DRM use after free (ALPS07363599 / EUVD-2023-24787)

Vuldb Updates
5 months 3 weeks ago
A vulnerability labeled as problematic has been found in MediaTek MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8365 and MT8675. Affected by this vulnerability is an unknown functionality of the component Display DRM. Such manipulation leads to use after free. This vulnerability is documented as CVE-2023-20608. The attack needs to be performed locally. There is not any exploit available. It is best practice to apply a patch to resolve this issue.
vuldb.com

China-Based Threat Actor Mustang Panda’s TTPs Leaked

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months 3 weeks ago

A significant milestone for cybersecurity experts is the disclosure of specific tactics, methods, and procedures (TTPs) used by Mustang Panda, an advanced persistent threat (APT) group based in China, which has illuminated their intricate activities. First observed in 2017 but potentially active since 2014, Mustang Panda is a state-sponsored actor specializing in cyber espionage, targeting […]

The post China-Based Threat Actor Mustang Panda’s TTPs Leaked appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2012-0708 | IBM Rational ClearQuest up to 8.0.0.0 ActiveX Control cqole.dll memory corruption (EDB-19576 / Nessus ID 59293)

Vuldb Updates
5 months 3 weeks ago
A vulnerability described as critical has been identified in IBM Rational ClearQuest up to 8.0.0.0. Affected by this vulnerability is an unknown functionality in the library cqole.dll of the component ActiveX Control. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-0708. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.
vuldb.com

CVE-2012-5946 | IBM SPSS SamplePower 3.0 ActiveX Control C1sizer.ocx memory corruption (EDB-25814 / Nessus ID 66473)

Vuldb Updates
5 months 3 weeks ago
A vulnerability marked as critical has been reported in IBM SPSS SamplePower 3.0. Impacted is an unknown function of the file C1sizer.ocx of the component ActiveX Control. Performing manipulation results in memory corruption. This vulnerability is reported as CVE-2012-5946. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.
vuldb.com

CVE-2012-0201 | IBM Personal Communications prior 6.0.3.0 pcsws.exe memory corruption (EDB-18539 / XFDB-73127)

Vuldb Updates
5 months 3 weeks ago
A vulnerability identified as critical has been detected in IBM Personal Communications. This vulnerability affects unknown code in the library pcspref.dll of the file pcsws.exe. This manipulation causes memory corruption. The identification of this vulnerability is CVE-2012-0201. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should upgrade the affected component.
vuldb.com

CVE-2012-2176 | IBM Lotus Quickr up to 8.1 ActiveX Control qp2.cab memory corruption (EDB-23737 / XFDB-75322)

Vuldb Updates
5 months 3 weeks ago
A vulnerability classified as critical has been found in IBM Lotus Quickr up to 8.1. This affects an unknown part of the file qp2.cab of the component ActiveX Control. Performing manipulation results in memory corruption. This vulnerability was named CVE-2012-2176. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2012-2175 | IBM Lotus iNotes 8.5 ActiveX Control dwa85W.dll memory corruption (EDB-23736 / Nessus ID 59685)

Vuldb Updates
5 months 3 weeks ago
A vulnerability categorized as critical has been discovered in IBM Lotus iNotes 8.5. The affected element is an unknown function in the library dwa85W.dll of the component ActiveX Control. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2012-2175. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2012-5100 | Luizpicanco HServer 0.1.1 path traversal (EDB-24915 / Nessus ID 10297)

Vuldb Updates
5 months 3 weeks ago
A vulnerability described as problematic has been identified in Luizpicanco HServer 0.1.1. The impacted element is an unknown function. Executing manipulation can lead to path traversal. This vulnerability is registered as CVE-2012-5100. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is recommended.
vuldb.com

Play

Dark Feed IO
5 months 3 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
5 months 3 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
5 months 3 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
5 months 3 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
5 months 3 weeks ago

You must login to view this content

cohenido

Microsoft’s New AI Risk Assessment Framework – A Step Forward

Security Boulevard
5 months 3 weeks ago

 

Microsoft recently introduced a new framework designed to assess the security of AI models. It’s always encouraging to see developers weaving cybersecurity considerations into the design and deployment of emerging, disruptive technologies. Stronger security reduces the potential for harmful outcomes — and that’s a win for everyone.

It is wonderful to see that Microsoft leveraged its expertise to publish a clear framework for anyone to use.

While this framework provides a reasonable foundation for securing Large Language Model (LLM) AI deployments, it falls short when applied to more advanced AI systems — especially those with agentic capabilities. This limitation in applicability highlights a persistent problem in cybersecurity: tools and practices are often outdated or under-scaled, even before the industry has a chance to implement them.

AI is evolving at a breathtaking pace, and security adaptation consistently lags several steps behind. The release of this framework is a valuable step forward, but it’s critical to recognize that it’s just a step on a very long journey. The ongoing challenge is not to declare “mission accomplished,” but to treat security as a continuously adaptive process — always be looking to embrace the next best practices.

Risk governance for AI requires ongoing investment, flexibility, and willingness to evolve. Even then, the best we may achieve is keeping pace with evolving risks, maintaining as few steps behind as possible.

Paper Download: https://github.com/Azure/AI-Security-Risk-Assessment/blob/main/AI_Risk_Assessment_v4.1.4.pdf

The post Microsoft’s New AI Risk Assessment Framework – A Step Forward appeared first on Security Boulevard.

Matthew Rosenquist

Managed ad