Aggregator

Ollama in the Wild: Risks & Stats​

不安全
9 months 1 week ago
文章指出Ollama工具在AI模型部署中的广泛应用及其带来的安全风险。超过27万实例暴露于互联网,存在远程代码执行和拒绝服务等漏洞。许多实例缺乏认证保护,需加强安全措施以应对潜在威胁。

DoNot APT is expanding scope targeting European foreign ministries

Security Affairs
9 months 1 week ago
DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team (also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, foreign […]
Pierluigi Paganini

Cybersecurity Job right after High School/Community College?

不安全
9 months 1 week ago
一名高中生正在社区学院学习网络安全副学士学位,并计划毕业后从事IT/网络安全工作。他在暑假期间为高中提供IT支持,并希望利用副学士学位和工作经验尽快找到工作并积累经验。由于生活在小城镇难以获得实习机会,他考虑考取CompTIA认证但担心时间不足。他对计算机科学充满热情,并愿意为此付出努力。

派早报:三星发布新款 Z 系列手机等

不安全
9 months 1 week ago
三星发布三款折叠屏手机Galaxy Z Fold7、Z Flip7及Z Flip7 FE;IBM推出Power11处理器及服务器;拜雅推出AVENTHO 100耳机;雅西卡FX-D S300相机开启众筹;Apple宣布新任首席运营官Sabih Khan接替Jeff Williams;iOS 18测试版显示多款新芯片代号;Apple计划升级Vision Pro头显芯片并优化佩戴舒适度。

Laravel: APP_KEY leakage analysis

不安全
9 months 1 week ago
Laravel框架中存在基于APP_KEY的加密漏洞,可能导致远程代码执行。研究者发现了三个公开项目的漏洞,并开发工具检测和利用这些漏洞。分析显示大量公开应用仍在使用默认或重复的APP_KEY,增加了被攻击风险。

Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5

不安全
9 months 1 week ago
文章揭示了Thermomix TM5中的多个安全漏洞,包括固件降级和任意代码执行。通过分析硬件架构、NAND闪存加密机制及固件更新流程,研究人员发现可通过篡改加密参数实现版本控制绕过,并利用不完善的启动验证机制获得持久访问权限。这些漏洞影响了设备的安全性,在2.14版本前存在,并已被修复。

AI Rubio Hoax Further Exposes White House Security Gaps

DataBreachToday.com
9 months 1 week ago
Impersonation Hoax Leverages Top Officials' Known Use of Commercial Messaging App
Security analysts tell Information Security Media Group more impersonation scams fueled by artificial intelligence - like the recent one involving Secretary of State Marco Rubio - may increasingly target top U.S. officials if the government continues failing to enforce strict security protocols.

Fooling the Sandbox: A Chrome-atic Escape

不安全
9 months 1 week ago
文章描述了作者通过分析CVE-2024-30088漏洞(Windows内核中的双重获取竞态条件),利用该漏洞实现从中等完整性级别到SYSTEM的权限提升,并进一步将其与Chrome渲染沙箱结合,通过绕过完整性级别检查和Job对象限制,最终实现从不受信任级别到SYSTEM的权限提升的过程。

Managed ad