Aggregator

Aqua Security this week at the Black Hat USA 2024 conference revealed that it has discovered six vulnerabilities in the cloud services provided by Amazon Web Services (AWS).

The post Aqua Security Researchers Disclose Series of AWS Flaws appeared first on Security Boulevard.

Aqua Security this week at the Black Hat USA 2024 conference revealed that it has discovered six vu

In a panel at Black Hat 2024, journalists and investigators explain their differing goals when a victim organization is breached.

error code: 1106

Community Chats Webinars LibraryHomeCybersecurity NewsFeaturesIndustry SpotlightNews R

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘University Age’ appeared first on Security Boulevard.

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. [...]

根据发表在《Arteriosclerosis, Thrombosis, and Vascular Biology》上的一项研究，广泛使用的低热量甜味剂赤藻糖醇（Erythritol）可能会增加心血管疾病风险。赤藓糖醇是低热量和无糖食品中使用的非糖甜味剂之一，甜度与糖一样但热量却低得多。但最近的多项研究发现，赤藓糖醇与心脏病和中风风险增加相关。它可能会增加血小板的粘稠度，更容易凝结和阻塞静脉或动脉，导致心脏病发作和中风。最新研究招募了两组健康的中年男性和女性志愿者，其中 10 人食用赤藓糖醇，10 人食用糖。两组志愿者都禁食一夜。研究人员在早上抽取其血液测量血小板活性。然后一半志愿者喝一杯加了 30 克葡萄糖的水，另一半喝一杯加 30 克赤藓糖醇的水，这是添加赤藓糖醇的食品的典型用量。30 分钟后研究人员再次抽取血液测量。结果显示，喝赤藓糖醇的人血小板聚集增加，意味着血液更容易凝结。对照组的血小板聚集没有变化。

CISA Director Jen Easterly calls on organizations to drive cybersecurity improvements through a 'Secure by Demand' approach

Iranian hackers have increased their efforts to influence the upcoming U.S. election, attempting to

error code: 1106

​Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. [...]

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

A vulnerability classified as critical has been found in Kashipara Online Exam System 1.0. Affected is an unknown function of the file /admin/quizquestion.php. The manipulation of the argument eid leads to sql injection. This vulnerability is traded as CVE-2024-40479. It is possible to launch the attack remotely. There is no exploit available.

Authors:(1) Ankit Anand, Department of Physics, Indian Institute of Technology Madras, Chennai 600

Sachin Kumar is Keeping Blockchain Honest With Smart Contracts That Respect Your Essential Right to

0x00 前言近期，积木报表被曝出存在一个授权绕过漏洞。该漏洞允许攻击者在请求中包含特定参数时绕过授权机制，从而访问诸如 save、queryFieldBySql、show 等接口。尽管之前的远程代码

0x00 前言

近期，积木报表被曝出存在一个授权绕过漏洞。该漏洞允许攻击者在请求中包含特定参数时绕过授权机制，从而访问诸如 save、queryFieldBySql、show 等接口。尽管之前的远程代码执行（RCE）漏洞已被修复，但攻击者仍能通过 AviatorScript 表达式注入，继续实现 RCE 攻击。

目前，积木报表的最新版本为 1.7.9，但测试发现，该版本仍存在授权绕过的风险。漏洞修复的版本暂未发布。为此，本文将提供一种有效的缓解措施，以帮助用户降低该漏洞带来的安全风险。