Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events
Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sp
Aggregator
Microsoft 宣布 Zero Day Quest 黑客活动并提供丰厚奖励
1 week ago
随着Zero Day Quest黑客活动的启动,微软正在加强其漏洞悬赏计划。该活动的潜在奖励高达 400 万美元,主要用于推动云计算和人工智能等关键领域的研究。 活动重点 该活动邀请安全研究人员发现并报告微软人工智能和云赏金计划中具有重大影响的漏洞: AI、Microsoft Azure、Microsoft Identity、M365、Microsoft Dynamics 365 和 Power Platform。 “为了促进人工智能安全,我们将提供双倍的人工智能赏金奖励。我们还将为研究人员提供直接接触微软人工智能工程师(专注于开发安全的人工智能解决方案)和我们的人工智能红队(AI Red Team)的机会。微软安全响应中心(MSRC)工程副总裁汤姆-加拉格尔(Tom Gallagher)解释说:“这个机会将使参与者能够利用最先进的工具和技术提高自己的技能,并与微软合作提高整个生态系统的人工智能安全标准–让每个人都更安全。”他还邀请感兴趣的研究人员注册参加微软人工智能红队的培训课程。 一旦漏洞得到修复,我们将鼓励研究人员公开讨论他们的发现。微软表示,它将通过 “常见漏洞与暴露”(CVE)计划透明地分享云服务漏洞,即使这些漏洞不需要客户采取行动。 零日探索挑战 零日探索 “为参与者提供了两个独特的机会: 研究挑战: 这项挑战向所有人开放,邀请世界各地的研究人员通过发现和报告上述解决方案中的漏洞来展示他们的专业知识。研究挑战赛将从太平洋时间 2024 年 11 月 19 日上午 12:00 开始,持续到太平洋时间 2025 年 1 月 19 日晚上 11:59。 现场黑客活动: 这项仅限受邀者参加的活动将于 2025 年在华盛顿州雷德蒙德的微软园区举行,专为在 2024 年 Azure、Dynamics 和 Office 年度排行榜上排名前 10 位的微软研究人员准备。此外,还将根据参加公开研究挑战赛的实力邀请另外45名研究人员。 转自安全客,原文链接:https://www.anquanke.com/post/id/302015 封面来源于网络,如有侵权请联系删除
内容转载
Dark Vault
1 week ago
cohenido
BianLian
1 week ago
cohenido
【资料】美军总结的我军战术
1 week ago
也不知道美军对我军的战术总结得怎样,他们真的对我军了解吗?
Ghost Tap: масштабное мошенничество с банковскими картами стало реальностью
1 week ago
Тот случай, когда ваш телефон выступает главным инструментом хакеров.
CVE-2008-5732 | KafooeyBlog 1.55b File Upload lib/image_upload.php input validation (EDB-7537 / XFDB-47535)
1 week ago
A vulnerability was found in KafooeyBlog 1.55b. It has been classified as critical. This affects an unknown part in the library lib/image_upload.php of the component File Upload. The manipulation leads to improper input validation.
This vulnerability is uniquely identified as CVE-2008-5732. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-5725 | Entechtaiwan PowerStrip up to 3.84 access control (EDB-7533 / XFDB-47532)
1 week ago
A vulnerability was found in Entechtaiwan PowerStrip. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls.
This vulnerability is handled as CVE-2008-5725. An attack has to be approached locally. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-5735 | CoolPlayer 2.17/2.18/2.19 skin.c memory corruption (EDB-7536 / XFDB-47527)
1 week ago
A vulnerability classified as very critical has been found in CoolPlayer 2.17/2.18/2.19. Affected is an unknown function of the file skin.c. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2008-5735. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-5852 | Emefa Guestbook 3.0 access control (EDB-7534 / XFDB-47534)
1 week ago
A vulnerability was found in Emefa Guestbook 3.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2008-5852. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-2186 | Cilekyazilim ChiCoMaS 2.0.4 index.php q cross site scripting (EDB-7532 / XFDB-42156)
1 week ago
A vulnerability classified as problematic was found in Cilekyazilim ChiCoMaS 2.0.4. This vulnerability affects unknown code of the file index.php. The manipulation of the argument q leads to cross site scripting.
This vulnerability was named CVE-2008-2186. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-5853 | ChiCoMaS 2.0.3/2.0.4 backup access control (EDB-7532 / SA30080)
1 week ago
A vulnerability was found in ChiCoMaS 2.0.3/2.0.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file backup. The manipulation leads to improper access controls.
This vulnerability is known as CVE-2008-5853. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Logistiek Centrum Soesterberg komt van de grond
1 week ago
Toekomstbestendig, duurzaam en vooral: effectief. Het Logistiek Centrum Soesterberg (LCS) wordt hét nieuwe logistieke knooppunt voor de Koninklijke Landmacht. Vandaag werd de eerste paal van het gebouw in de grond geslagen op Kamp Soesterberg. De realisatie gebeurt in samenwerking met verschillende civiele partners, onder leiding van Rhenus Logistics.
Kubernetes(K8S)集群服务器取证详解
1 week ago
跨国抓捕:俄罗斯勒索软件头目被引渡至美国
1 week ago
error code: 521
CVE-2024-10094 | Pegasystems Pega Infinity up to 24.1.1 code injection
1 week ago
A vulnerability classified as critical has been found in Pegasystems Pega Infinity up to 24.1.1. This affects an unknown part. The manipulation leads to code injection.
This vulnerability is uniquely identified as CVE-2024-10094. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
苹果计划授权其 Apple TV+独占内容
1 week ago
苹果计划向竞争对手的流媒体服务授权 Apple TV+ 的独占内容,此举旨在节省资金和扩大影响面。自 2019 年 Apple TV+ 推出以来,苹果斥资逾 200 亿美元打造原创内容。但
Apple Urgently Patches Actively Exploited Zero-Days
1 week ago
Though information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
Dark Reading Staff
Products in evaluation
1 week ago
Canadian Centre for Cyber Security
После прочтения сжечь: как Google стирает улики и уклоняется от судебных исков
1 week ago
Корпорацию обвиняют в намеренном удалении доказательств и сокрытии фактов.