Aggregator
Sophos: Attacks Drop in Nearly All Sectors But Healthcare
1 year 9 months ago
Survey Finds 37% of Providers Take Over a Month to Recover From Ransomware
Ransomware attacks are declining across many sectors - but not in healthcare, where an ongoing surge is reaching a four-year high in incidents, according to new research from security firm Sophos, which surveyed 5,000 IT leaders across 15 sectors and 14 countries between January and February.
Ransomware attacks are declining across many sectors - but not in healthcare, where an ongoing surge is reaching a four-year high in incidents, according to new research from security firm Sophos, which surveyed 5,000 IT leaders across 15 sectors and 14 countries between January and February.
OpenAI Exits, Appointments and New Corporate Model
1 year 9 months ago
OpenAI Seeks to Become a For-Profit Company
Wednesday brought more turmoil in the top ranks of OpenAI after three executives in leadership positions quit the company at a time when the AI giant seeks to convert itself into a for-profit entity. The new structure may affect how the company prioritizes and addresses AI risks.
Wednesday brought more turmoil in the top ranks of OpenAI after three executives in leadership positions quit the company at a time when the AI giant seeks to convert itself into a for-profit entity. The new structure may affect how the company prioritizes and addresses AI risks.
CVE-2024-8771 | icegram Email Subscribers Plugin up to 5.7.34 on WordPress preview_email_template_design authorization
1 year 9 months ago
A vulnerability was found in icegram Email Subscribers Plugin up to 5.7.34 on WordPress and classified as problematic. This issue affects the function preview_email_template_design. The manipulation leads to missing authorization.
The identification of this vulnerability is CVE-2024-8771. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-46632 | Open Asset Import Library Assimp 5.4.3 LoadMD5MeshFile buffer overflow
1 year 9 months ago
A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as critical. This vulnerability affects the function MD5Importer::LoadMD5MeshFile. The manipulation leads to buffer overflow.
This vulnerability was named CVE-2024-46632. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com
CVE-2024-7259 | Red Hat Virtualization 4 oVirt cleartext storage
1 year 9 months ago
A vulnerability, which was classified as problematic, was found in Red Hat Virtualization 4. This affects an unknown part of the component oVirt. The manipulation leads to cleartext storage of sensitive information.
This vulnerability is uniquely identified as CVE-2024-7259. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-9155 | Mattermost up to 9.5.8/9.9.2/9.10.1 Channel authorization
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.5.8/9.9.2/9.10.1. Affected by this issue is some unknown functionality of the component Channel Handler. The manipulation leads to incorrect authorization.
This vulnerability is handled as CVE-2024-9155. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
SecWiki News 2024-09-26 Review
1 year 9 months ago
Moving DevOps Security Out of 'the Stone Age'
1 year 9 months ago
Developers need to do more than scan code and vet software components, and ops should do more than just defend the deployment pipeline.
Robert Lemos, Contributing Writer
CVE-2024-43191 | IBM Cloud Pak for Multicloud Management 2.3/2.3 FP8 YAML File deserialization
1 year 9 months ago
A vulnerability classified as critical was found in IBM Cloud Pak for Multicloud Management 2.3/2.3 FP8. Affected by this vulnerability is an unknown functionality of the component YAML File Handler. The manipulation leads to deserialization.
This vulnerability is known as CVE-2024-43191. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-30134 | HCL Traveler for Microsoft Outlook prior 3.0.9 HTMO.exe Local Privilege Escalation (KB0114723)
1 year 9 months ago
A vulnerability classified as critical has been found in HCL Traveler for Microsoft Outlook prior 3.0.9. Affected is an unknown function of the file HTMO.exe. The manipulation leads to Local Privilege Escalation.
This vulnerability is traded as CVE-2024-30134. Attacking locally is a requirement. There is no exploit available.
vuldb.com
US sanctions crypto exchanges used by Russian ransomware gangs
1 year 9 months ago
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned PM2BTC and Cryptex, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. [...]
Sergiu Gatlan
规模更大的 AI 聊天机器人倾向于更可能胡说八道
1 year 9 months ago
根据发表在《自然》期刊上的一项研究,参数规模更大的 AI 聊天机器人倾向于更可能胡说八道。西班牙 Valencian Research Institute for Artificial Intelligence 的研究员分析了大模型的幻觉,观察随着模型参数规模愈来愈大其幻觉或错误是如何变化的。研究团队发现,更大更精调的大模型更精确,但也更不可靠。它们产生的错误答案比例略有增加。原因是更大参数规模的模型倾向于更不可能回避问题,比如说不知道答案或改变话题。研究人员说,结果是大模型尝试回答所有问题,生成了更多正确的答案以及更多错误的答案。大模型愈来愈擅长于伪装成无所不知。用户可能会高估 AI 聊天机器人的能力。研究人员分析了三种模型家族:OpenAI 的 GPT、Meta 的 LLaMA 和 BigScience 的开源模型 BLOOM。
CVE-2011-2201 | Mark Stosberg Data::FormValidator up to 3.54 access control (Bug 712694 / EDB-35836)
1 year 9 months ago
A vulnerability was found in Mark Stosberg Data::FormValidator up to 3.54. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls.
This vulnerability was named CVE-2011-2201. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
刚刚,美国参议院国土安全委员会发布2024 年 7 月 13 日特朗普暗杀未遂中期报告133页(附下载)
1 year 9 months ago
CVE-2016-1000110 | Python up to 2.7.11 CGI Script CGIHandler HTTP_PROXY redirect (Nessus ID 96165 / ID 11662)
1 year 9 months ago
A vulnerability classified as critical was found in Python up to 2.7.11. This vulnerability affects the function CGIHandler of the component CGI Script Handler. The manipulation of the argument HTTP_PROXY as part of HTTP Requests leads to open redirect.
This vulnerability was named CVE-2016-1000110. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2014-7034 | Senator Inn / Spa 1.2.2.160 X.509 Certificate cryptographic issues (VU#582497)
1 year 9 months ago
A vulnerability, which was classified as critical, was found in Senator Inn and Spa 1.2.2.160. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues.
This vulnerability is traded as CVE-2014-7034. The attack can only be done within the local network. There is no exploit available.
vuldb.com
Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud
1 year 9 months ago
The data leak exposed personal data of 100m US citizens, resulting from a misconfigured database made accessible online
CVE-2014-7033 | Curecos Cure Viewer 1.03 X.509 Certificate cryptographic issues (VU#582497)
1 year 9 months ago
A vulnerability, which was classified as critical, has been found in Curecos Cure Viewer 1.03. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues.
The identification of this vulnerability is CVE-2014-7033. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com
Tails 项目和 Tor 项目合并
1 year 9 months ago
Tor 匿名网络项目与基于 Tor 的匿名操作系统项目 Tails 宣布了合并,此举有助于简化合作、更好的可持续性、降低开销,扩大培训和推广的区域。Tails 是在 2023 年底向 Tor 项目提出合并运营的设想。Tails 现有结构难以应付更大的规模,相比下 Tor 项目有着更大更成熟的结构,与 Tor 合并提供了一种解决方案。Tails 可以专注于其核心使命——维护和改进操作系统,探索更多互补用例,同时能受益于 Tor 项目更大的组织结构。