-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Aug 11, 2023
> AIxCC brings together leading AI organizations that will work with DARPA to make their cutting-edge technology available for challenge competitors, including OpenAI, Anthropic, Google, and Microsoft.
> The Open Source Security Foundation (OpenSSF) will serve as challenge advisor to guide teams creating AI systems capable of addressing vital cybersecurity issues, such as the security of our critical infrastructure and software supply chains.
> In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
> EvilProxy is once again on the rise. The malware is one of the more popular phishing kits that is used to bypass multifactor authentication by stealing credentials. A new report by Proofpoint Inc. today illustrates its new rise in popularity and its focus on compromising Microsoft 365 accounts of C-level executives at major corporations.
> Two more vulnerabilities in CPUs have surfaced this week, one in Intel hardware and the other in AMD's offerings. The Intel bug, given the name Downfall, allows a user to gain access to, and steal, data from another user on the same machine. It was reported to Intel on 24 August 2022.The flaw is due to memory optimisation features in Intel processors that allow internal hardware registers to be viewed by software.Google senior research scientist Daniel Moghimi, who discovered the bug, wrote: "I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution."
> Multiple security issues were discovered in Thunderbird, including a bug in popup notifications delay calculation that could have enabled an attacker to trick a user into granting permissions (CVE-2023-4047), and an out-of-bounds read that could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations (CVE-2023-4048). These bugs are simple to exploit and threaten impacted systems' confidentiality, integrity, and availability. As a result, they have received a National Vulnerability Database severity rating of ''High''.
> Eleven severe vulnerabilities have been found in Chromium, including multiple Type Confusion bugs in V8, use-after-frees in Cast, Blink Task Scheduling and WebRTC, a heap buffer overflow in Visuals, out-of-bounds read and write in WebGL, out-of-bounds memory access in ANGLE, and insufficient data validation and inappropriate implementation in Extensions. These bugs have received a National Vulnerability Database severity rating of ''High'' due to their ease of exploitation and the significant threat they pose to impacted systems' confidentiality, integrity, and availability.
> The following kernels are now available. This is a security update toMitigate speculative RAS overflow on AMD (CPU_SRSO) kernel-6.4.9-pclos1-1-1pclos2023kernel-6.1.44-pclos1-1-1pclos2023kernel-5.4.252-pclos1-1-1pclos2023kernel-5.15.125-pclos1-1-1pclos2023kernel-5.10.189-pclos1-1-1pclos2023
-- Response ended
-- Page fetched on Sat Jun 1 07:31:02 2024