Cybersecurity information flow

《开源大模型食用指南》基于Linux环境快速部署开源大模型，更适合中国宝宝的部署教程

✅SRepair: Powerful LLM-based Program Repairer with $0.029/Fixed Bug

Python ElasticSearch ORM based on Pydantic

Represent, send, store and search multimodal data

[WIP] Next generation information browser

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
[GitHub]PoC for CVE-2023-32749 affecting Pydio Cells

" Pydio Cells 默认允许用户创建所谓的外部用户，以便与他们共享文件。通过修改创建此类外部用户时发送的 HTTP 请求，可以为新用户分配任意角色。将所有角色分配给新创建的用户，将授予访问所有细胞和不受欢迎的工作区的权限。\n[GitHub]针对影响 Pydio Cells 的 CVE-2023-32749 的证明概念"

Oxwall 1.8.7 (11111) is vulnerable to Incorrect Access Control. Unauthenticated file upload allows an attacker to upload image files.
[GitHub]About CVE-2021-36593 and CVE-2021-36594

" Oxwall 1.8.7（11111）存在错误访问控制漏洞。未经身份验证的文件上传允许攻击者上传图像文件。[GitHub]关于CVE-2021-36593和CVE-2021-36594的说明"

GitHub Action that given an organization or repository, produces information about the contributors over the specified time period.

JavaFX mainline development

[CVPR 2023] SadTalker：Learning Realistic 3D Motion Coefficients for Stylized Audio-Driven Single Image Talking Face Animation

利用生成式AI实现自动化恶意软件逆向工程分析 https://mp.weixin.qq.com/s/QPFU2qhsK8p3_tj7BlFkbA
实战解读：Llama 3 安全性对抗分析 https://mp.weixin.qq.com/s/qLf5-HXG-WtS1LAQUD8pww
C2-Tracker: Live Feed of C2 servers, tools, and botnets https://github.com/montysecurity/C2-Tracker
2024鹅厂游戏安全技术竞赛决赛题解-PC客户端 https://mp.weixin.qq.com/s/TxPzHAPsnjdYDSzLfKwkjA
探索基于大模型的知识图谱补全 https://mp.weixin.qq.com/s/DQEfeFFNYyv0-StUAe218Q
大网两级SOC联动的要素 https://mp.weixin.qq.com/s?__biz=MzI3MTU2NTUyMQ==&mid=2247483655&idx=1&sn=13a8de3ceb0864217f148962f0dd040d&chksm=eb3e96b9dc491faf79f47914ae4ddd2b066f77504bb5d7c2e59ff4f473f01bc7df30b4b15963&token=108356932&lang=zh_CN#rd
Crowdstrike不仅仅是SaaS EDR https://mp.weixin.qq.com/s?__biz=MzI3MTU2NTUyMQ==&mid=2247483683&idx=1&sn=ebaed6dd9b51a08e1dfcf7b1893f976e&chksm=eb3e969ddc491f8b10c84e031151d0ff38f0f64cab748f6e453e051b8eea5aef972757f9cd45&token=108356932&lang=zh_CN#rd

| Niccolo Arboleda | Guest Author Niccolo Arboleda is a cybersecurity enthusiast and student at the University of Toronto. He is usually found in his home lab studying different cybersecurity […]
The post At Home Detection Engineering Lab for Beginners appeared first on Black Hills Information Security.

" |尼科洛·阿布拉尔代亚（Niccolo Arboleda）| 特邀作者\n尼科洛·阿布拉尔代亚（Niccolo Arboleda）是多伦多大学的一名网络安全爱好者和学生。他通常在他的家庭实验室里研究不同的网络安全 […]\n文章首发于黑山信息安全（Black Hills Information Security）。\n\n在家检测工程实验室入门指南"

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data. Dropbox Sign is a service that allows users to electronically sign […]

" 威胁参与者突破了Dropbox签名的生产环境，获得了客户电子邮件地址和哈希密码。云存储提供商DropBox透露，威胁参与者已经突破了DropBox签名电子签名服务的生产基础设施，获得了客户信息和认证数据。Dropbox签名是一项允许用户电子签名文件的服务 […]"

Red Hat Security Advisory 2024-2645-03 - An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

" 红帽安全公告2024-2645-03 - 适用于红帽企业Linux 9.2扩展更新支持的podman更新已可用。"

Red Hat Security Advisory 2024-2651-03 - An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2651-03 - 现已为Red Hat Enterprise Linux 8.8扩展更新支持提供nodejs：16模块的更新。解决的问题包括服务拒绝漏洞。"

htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.

" HTMLLawed 1.2.5及以下版本的证明概念远程命令执行漏洞。"

Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a d

Debian Linux Security Advisory 5676-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

" Debian Linux安全公告5676-1：在Chromium中发现了安全漏洞，可能导致任意代码执行、服务拒绝或信息泄露。"

By Francesco Bertolaccini You’ve reached computer programming nirvana. Your journey has led you down many paths, including believing that God wrote the universe in LISP, but now the truth is clear in your mind: every problem can be solved by writing one more compiler. It’s true. Even our soon-to-be artificially intelligent overlords are nothing but […]

" 弗朗切斯科·贝托拉卡尼尼译：\n\n您已达到计算机编程的涅槃境界。您的旅程使您走上了许多道路，包括相信上帝用LISP编写宇宙，但现在真相在您脑海中变得清晰：每个问题都可以通过编写另一个编译器来解决。这是真的。即使是我们即将成为的人工智能统治者，也只不过是……\n\n【译者注】：此处省略原文中的一部分内容，因为它们与主题无关。"

' . escape_html($name) . '

有新的漏洞组件被发现啦,组件ID:Nagios XI
An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.

有新的漏洞组件被发现啦,组件ID:Django
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.

有新的漏洞组件被发现啦,组件ID:IBM WebSphere
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648.

有新的漏洞组件被发现啦,组件ID:IBM WebSphere
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623.