Fity Blog
-
XYZ-CSMS (by: oretnom23 ) v1.0 Copyright © 2024. All rights reserved SQLi – Bypass Authentication – CXSecurity.com
-
WebKraze – Blind Sql Injection Vulnerability – CXSecurity.com
-
RansomLord (NG) Anti-Ransomware Exploit Tool – CXSecurity.com
-
ConnectOnCall data breach impacted over 900,000 individuals
-
Cloudflare’s 2024 internet traffic report highlights a 17.2% global increase in traffic, with Google maintaining its position as the most visited service and the U.S. responsible for 34.6% of bot traffic. The Register reports: One surprise (or perhaps not) is that IPv6 traffic is actually down as a percentage of the packets that passed through…
-
Step 1: Request with prompt injection content The prompt received by the AI includes not only the user’s original query but also malicious instructions. The characteristics of this prompt injection content may include the following:
-
Written by Michaela Adams, Roman Daszczyszak, Steve Luke.
-
If you recently threw out your black plastic spatula, as several news articles urged us to do (“Your favorite spatula could kill you” was a real headline), you might want to see if you can dig it back out of the trash. They were based on a study whose most dramatic finding has turned out…
-
* bsc#1234413 Cross- * CVE-2024-50336 CVSS scores: * CVE-2024-50336 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
-
# Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:4324-1 Release Date: 2024-12-16T12:06:05Z Rating: important References: * bsc#1234326 Affected Products: * Desktop Applications Module 15-SP5 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS * SUSE Linux Enterprise Desktop 15…
-
* bsc#1234326 Affected Products: * Desktop Applications Module 15-SP5
-
For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-2+deb12u1.
-
========================================================================== Ubuntu Security Notice USN-7163-1 December 16, 2024 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 14.04 LTS Summary: The system could be made to crash if it received specially crafted network traffic. Software Description: – linux: Linux kernel Details: A security issue was discovered in the…
-
========================================================================== Ubuntu Security Notice USN-7161-1 December 16, 2024 Docker vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 24.10 – Ubuntu 24.04 LTS – Ubuntu 18.04 LTS Summary: Several security issues were fixed in Docker. Software Description: – docker.io-app: Linux container runtime – docker.io: Linux container runtime Details: Yair…
-
The much-anticipated final release of Kali Linux for 2024.4 is here, packed with many updates, new hacking tools, and powerful features, from a new default Python version to the discontinuation of i386 kernel support. Kali Linux 2024.4 is designed to keep pentesters and enthusiasts ahead of the curve. Kali Linux is packed with numerous Information Security…
-
The Global Encryption Coalition Steering Committee was proud to host the second edition of The Encryption Summit: Encrypt Today to Safeguard Tomorrow on October 21st, 2024. The summit brought together encryption experts from academia, civil society, and business to discuss key developments in the global encryption policy debate. In five sessions, the Summit covered digital rights…
-
Executive Summary Unit 42 researchers have discovered new security vulnerabilities in the Azure Data Factory Apache Airflow integration. Attackers can exploit these flaws by gaining unauthorized write permissions to a directed acyclic graph (DAG) file or using a compromised service principal.
-
The Stanford Blockchain Club has issued a scathing critique of the US Department of Justice’s (DOJ) prosecution of Tornado Cash developers Roman Storm and Roman Semenov, calling it an overreach of outdated federal money transmission laws.
-
The Social Security Administration is taking online applications for one of its main disability programs after years of trying to simplify and move the process online, an effort the agency’s former commissioner Martin O’Malley has previously described as SSA’s “white whale.”
-
A number of U.S. military commands failed to keep a complete and accurate inventory of mobile devices used to store and transmit classified information, according to a heavily redacted Defense Department oversight report.