Randall Munroe’s XKCD ‘University Age’
Community Chats Webinars LibraryHomeCybersecurity NewsFeaturesIndustry SpotlightNews R
Aggregator
Randall Munroe’s XKCD ‘University Age’
8 months 1 week ago
via the comic & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘University Age’ appeared first on Security Boulevard.
Marc Handelman
New AMD SinkClose flaw helps install nearly undetectable malware
8 months 1 week ago
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. [...]
Bill Toulas
甜味剂赤藻糖醇可能增加心血管疾病风险
8 months 1 week ago
根据发表在《Arteriosclerosis, Thrombosis, and Vascular Biology》上的一项研究,广泛使用的低热量甜味剂赤藻糖醇(Erythritol)可能会增加心血管疾病风险。赤藓糖醇是低热量和无糖食品中使用的非糖甜味剂之一,甜度与糖一样但热量却低得多。但最近的多项研究发现,赤藓糖醇与心脏病和中风风险增加相关。它可能会增加血小板的粘稠度,更容易凝结和阻塞静脉或动脉,导致心脏病发作和中风。最新研究招募了两组健康的中年男性和女性志愿者,其中 10 人食用赤藓糖醇,10 人食用糖。两组志愿者都禁食一夜。研究人员在早上抽取其血液测量血小板活性。然后一半志愿者喝一杯加了 30 克葡萄糖的水,另一半喝一杯加 30 克赤藓糖醇的水,这是添加赤藓糖醇的食品的典型用量。30 分钟后研究人员再次抽取血液测量。结果显示,喝赤藓糖醇的人血小板聚集增加,意味着血液更容易凝结。对照组的血小板聚集没有变化。
#BHUSA: CISA Encourages Organizations to Adopt a 'Secure by Demand' Strategy
8 months 1 week ago
CISA Director Jen Easterly calls on organizations to drive cybersecurity improvements through a 'Secure by Demand' approach
Iranian hackers ramping up US election interference, Microsoft warns
8 months 1 week ago
Iranian hackers have increased their efforts to influence the upcoming U.S. election, attempting to
Microsoft discloses Office zero-day, still working on a patch
8 months 1 week ago
error code: 1106
Microsoft discloses unpatched Office flaw that exposes NTLM hashes
8 months 1 week ago
Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. [...]
Sergiu Gatlan
Microsoft discloses Office zero-day, still working on a patch
8 months 1 week ago
Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]
Sergiu Gatlan
CVE-2024-40479 | Kashipara Online Exam System 1.0 /admin/quizquestion.php eid sql injection
8 months 1 week ago
A vulnerability classified as critical has been found in Kashipara Online Exam System 1.0. Affected is an unknown function of the file /admin/quizquestion.php. The manipulation of the argument eid leads to sql injection.
This vulnerability is traded as CVE-2024-40479. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
Modified Gravity Theories From the Barrow Hypothesis: Quantum Gravity
8 months 1 week ago
Authors:(1) Ankit Anand, Department of Physics, Indian Institute of Technology Madras, Chennai 600
Unlocking the Power of Zero-Knowledge Proofs
8 months 1 week ago
Sachin Kumar is Keeping Blockchain Honest With Smart Contracts That Respect Your Essential Right to
积木报表授权绕过漏洞缓解措施
8 months 1 week ago
0x00 前言近期,积木报表被曝出存在一个授权绕过漏洞。该漏洞允许攻击者在请求中包含特定参数时绕过授权机制,从而访问诸如 save、queryFieldBySql、show 等接口。尽管之前的远程代码
积木报表授权绕过漏洞缓解措施
8 months 1 week ago
0x00 前言
近期,积木报表被曝出存在一个授权绕过漏洞。该漏洞允许攻击者在请求中包含特定参数时绕过授权机制,从而访问诸如 save、queryFieldBySql、show 等接口。尽管之前的远程代码执行(RCE)漏洞已被修复,但攻击者仍能通过 AviatorScript 表达式注入,继续实现 RCE 攻击。
目前,积木报表的最新版本为 1.7.9,但测试发现,该版本仍存在授权绕过的风险。漏洞修复的版本暂未发布。为此,本文将提供一种有效的缓解措施,以帮助用户降低该漏洞带来的安全风险。
浮萍
积木报表授权绕过漏洞缓解措施
8 months 1 week ago
针对积木报表授权绕过漏洞的缓解措施
积木报表授权绕过漏洞缓解措施
8 months 1 week ago
针对积木报表授权绕过漏洞的缓解措施
积木报表授权绕过漏洞缓解措施
8 months 1 week ago
针对积木报表授权绕过漏洞的缓解措施
积木报表授权绕过漏洞缓解措施
8 months 1 week ago
针对积木报表授权绕过漏洞的缓解措施
积木报表授权绕过漏洞缓解措施
8 months 1 week ago
针对积木报表授权绕过漏洞的缓解措施
SecWiki News 2024-08-09 Review
8 months 1 week ago
学科拔尖人才自主培养之路 by ourren
PyPI 2024年上半年恶意包回顾 by ourren
CS2外部静默原理剖析及实现 by ourren
多起典型泄密案例 by ourren
更多最新文章,请访问SecWiki
PyPI 2024年上半年恶意包回顾 by ourren
CS2外部静默原理剖析及实现 by ourren
多起典型泄密案例 by ourren
更多最新文章,请访问SecWiki