AI自动挖洞不是梦,谷歌AI工具OSS-FASZ又发现26个开源漏洞
基于人工智能的模糊工具OSS-Fuzz 已被用于帮助识别各种开源代码库中的26个漏洞,包括 OpenSSL 加密库中的一个中度漏洞。
Aggregator
福特就客户数据遭泄露一事展开调查
18 hours 41 minutes ago
一名威胁者声称在黑客论坛上泄露了 44,000 条客户记录,还暗示黑客“IntelBroker”参与了 2024 年 11 月的泄密事件,泄露的福特客户记录中包含有客户信息,包括全名、位置、购买详细信息、经销商信息等。目前福特公司正在调查其遭受数据泄露的指控。
暴露的记录并不是极其敏感,但它们包含个人身份信息,这些信息可能会导致针对暴露个人的网络钓鱼和社会工程攻击。
目前,威胁者并没有试图出售该数据集,而是以 8 个积分(相当于 2 美元多一点)的价格将其提供给黑客论坛的注册会员。
据称福特数据在黑客论坛上泄露
该公司发言人表示福特公司已经意识到并正在积极调查有关福特数据被泄露的指控。
根据威胁者最近的表述,IntelBroker 参与此次泄露事件为威胁者的指控提供了一定的可信度。该黑客最近在思科的 DevHub 门户、诺基亚(通过第三方)、欧洲刑警组织的 EPE 门户网站和 T-Mobile(通过供应商)进行了实质性的违规行为。
威胁者泄露的数据样本中提到的地点来自世界各地,包括美国。为了减轻这种潜在数据泄露带来的风险,请谨慎对待未经请求的通信,并拒绝以任何借口透露更多信息的请求。
福特根据正在进行的调查的新发现确定福特的系统或客户数据没有遭到破坏。此事涉及第三方供应商和一小批公开的经销商的营业地址。目前此事现已得到解决。
胡金鱼
Come playlist e podcast su Spotify promuovono software pirata
18 hours 42 minutes ago
New infosec products of the week: November 22, 2024
18 hours 42 minutes ago
Here’s a look at the most interesting products from the past week, featuring releases from Aon, Arkose Labs, HiddenLayer, Hornetsecurity, Radware, and Tanium. Arkose Device ID detects suspicious activity patterns By adding Arkose Device ID to the Arkose Labs’ platform, enterprises can assign unique device identifiers to all incoming traffic, gaining visibility into user behaviors tied to those devices from the first interaction—without requiring additional vendors or datasets. Aon Cyber Risk Analyzer empowers organizations to … More →
The post New infosec products of the week: November 22, 2024 appeared first on Help Net Security.
Help Net Security
Over 2,000 Palo Alto firewalls hacked using recently patched bugs
18 hours 42 minutes ago
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploi
苹果修复了在英特尔 Mac 攻击中使用的两个零日漏洞
18 hours 42 minutes ago
本周,苹果发布了紧急安全更新提示,用于修复两个零日漏洞,这些漏洞针对英特尔的 Mac 系统攻击。据了解,这些是在 macOS 的 macOS Sequoia JavaScriptCore (CVE-2024-44308) 和 WebKit (CVE-2024-44309) 组件中发现的。
JavaScriptCore CVE-2024-44308 漏洞允许攻击者通过恶意制作的 Web 内容实现远程代码执行。另一个漏洞 CVE-2024-44309 允许跨站点脚本 (CSS) 攻击。
该公司表示,它解决了 macOS Sequoia 15.1.1 中的安全漏洞。由于其他 Apple 操作系统中也存在相同的组件,因此在 iOS 17.7.2 和 iPadOS 17.7.2、iOS 18.1.1 和 iPadOS 18.1.1 以及 VisionOS 2.1.1 中也修复了该问题。
虽然苹果表示这两个漏洞是由谷歌威胁分析小组发现的,但该公司尚未提供有关如何利用这些漏洞的更多详细信息。
加上这两个漏洞,苹果公司在 2024 年迄今已修复了 6 个零日漏洞,第一个于 1 月,两个于 3 月,第四个于 5 月。这个数字明显好于去年,当时苹果修复了总共 20 个被利用的零日漏洞,其中包括:
·11 月份的两个零日漏洞(CVE-2023-42916 和 CVE-2023-42917)
·10 月份的两个零日漏洞(CVE-2023-42824 和 CVE-2023-5217)
·10 月份的五个零日漏洞(CVE-2023-41061、CVE) -2023-41064、CVE-2023-41991、CVE-2023-41992 和 CVE-2023-41993)
·9 月份的两个零日漏洞(CVE-2023-37450 和 CVE-2023-38606)
·7 月份的三个零日漏洞( CVE-2023-32434、CVE-2023-32435 和 CVE-2023-32439)
·6 月份出现另外三个零日漏洞(CVE-2023-32409、CVE-2023-2023-28204 和 CVE-2023-32373)
·5 月份出现两个零日漏洞4 月份的 -days(CVE-2023-28206 和 CVE-2023-28205)
·以及 2 月份的另一个 WebKit 零日漏洞(CVE-2023-23529)
胡金鱼
DEF CON 32 – Unlocking The Gates: Hacking A Secure Industrial Remote Access Solution
18 hours 42 minutes ago
Thursday, November 21, 2024
CVE-2000-0275 | CRYPTOCard CRYPTOAdmin 4.1 on PalmOS PIN improper authentication (EDB-19838 / BID-1097)
18 hours 50 minutes ago
A vulnerability classified as problematic has been found in CRYPTOCard CRYPTOAdmin 4.1 on PalmOS. This affects an unknown part of the component PIN Handler. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2000-0275. The attack needs to be approached locally. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-44239 | Apple macOS information disclosure (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability was found in Apple macOS. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure.
This vulnerability is handled as CVE-2024-44239. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44236 | Apple macOS up to 13.6/14.6 File out-of-bounds (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability, which was classified as problematic, was found in Apple macOS up to 13.6/14.6. Affected is an unknown function of the component File Handler. The manipulation leads to out-of-bounds read.
This vulnerability is traded as CVE-2024-44236. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44237 | Apple macOS up to 13.6/14.6 File out-of-bounds (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability, which was classified as problematic, was found in Apple macOS up to 13.6/14.6. This affects an unknown part of the component File Handler. The manipulation leads to out-of-bounds read.
This vulnerability is uniquely identified as CVE-2024-44237. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44234 | Apple tvOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability has been found in Apple tvOS and classified as critical. This vulnerability affects unknown code of the component Video File Handler. The manipulation leads to memory corruption.
This vulnerability was named CVE-2024-44234. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44234 | Apple watchOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability was found in Apple watchOS and classified as critical. This issue affects some unknown processing of the component Video File Handler. The manipulation leads to memory corruption.
The identification of this vulnerability is CVE-2024-44234. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44233 | Apple iOS/iPadOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. This vulnerability affects unknown code of the component Video File Handler. The manipulation leads to memory corruption.
This vulnerability was named CVE-2024-44233. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44233 | Apple tvOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability was found in Apple tvOS. It has been rated as critical. This issue affects some unknown processing of the component Video File Handler. The manipulation leads to memory corruption.
The identification of this vulnerability is CVE-2024-44233. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44233 | Apple watchOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability classified as critical has been found in Apple watchOS. Affected is an unknown function of the component Video File Handler. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2024-44233. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44234 | Apple macOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability classified as critical was found in Apple macOS. Affected by this vulnerability is an unknown functionality of the component Video File Handler. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2024-44234. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44234 | Apple visionOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability, which was classified as critical, has been found in Apple visionOS. Affected by this issue is some unknown functionality of the component Video File Handler. The manipulation leads to memory corruption.
This vulnerability is handled as CVE-2024-44234. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44234 | Apple iOS/iPadOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability, which was classified as critical, was found in Apple iOS and iPadOS. This affects an unknown part of the component Video File Handler. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2024-44234. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44233 | Apple macOS Video File memory corruption (Nessus ID 211697)
19 hours 10 minutes ago
A vulnerability was found in Apple macOS and classified as critical. Affected by this issue is some unknown functionality of the component Video File Handler. The manipulation leads to memory corruption.
This vulnerability is handled as CVE-2024-44233. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com