Month: September 2024
How AI Is Personalizing Customer Service Experiences Across Industries
Customer service departments across industries are facing increased call volumes, high customer service agent turnover, talent shortages and shifting customer expectations. Customers expect both self-help options and real-time, person-to-person support. These expectations for seamless, personalized experiences extend across digital communication channels, including live chat, text and social media. Despite the rise of digital channels, many …
How AI Is Personalizing Customer Service Experiences Across IndustriesRead More
ZDI-24-1195: Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-6260.
ZDI-24-1194: Linux Kernel Plan 9 File System Race Condition Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39463.
ZDI-24-1193: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7502.
Exploiting Exchange PowerShell After ProxyNotShell: Part 1 – MultiValuedProperty
As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of four blog posts is meant to supplement the talk and provide additional technical details. For those who did not attend OffensiveCon, you can also watch the full talk here: “Half Measures and Full Compromise: Exploiting Microsoft Exchange PowerShell Remoting”. …
Exploiting Exchange PowerShell After ProxyNotShell: Part 1 – MultiValuedPropertyRead More
Three Ways to Ride the Flywheel of Cybersecurity AI
The business transformations that generative AI brings come with risks that AI itself can help secure in a kind of flywheel of progress. Companies who were quick to embrace the open internet more than 20 years ago were among the first to reap its benefits and become proficient in modern network security. Enterprise AI is …
Three Ways to Ride the Flywheel of Cybersecurity AIRead More
19 New Games to Drop for GeForce NOW in September
Fall will be here soon, so leaf it to GeForce NOW to bring the games, with 19 joining the cloud in September. Get started with the seven games available to stream this week, and a day one PC Game Pass title, Age of Mythology: Retold, from the creators of the award-winning Age of Empires franchise …
Manufacturing Intelligence: Deltia AI Delivers Assembly Line Gains With NVIDIA Metropolis and Jetson
It all started at Berlin’s Merantix venture studio in 2022, when Silviu Homoceanu and Max Fischer agreed AI could play a big role in improving manufacturing. So the two started Deltia.ai, which runs NVIDIA Metropolis vision AI on NVIDIA Jetson AGX Orin modules to measure and help optimize assembly line processes. Hailing from AI backgrounds, …
Hammer Time: Machina Labs’ Edward Mehr on Autonomous Blacksmith Bots and More
Edward Mehr works where AI meets the anvil. The company he cofounded, Machina Labs, blends the latest advancements in robotics and AI to form metal into countless shapes for use in defense, aerospace, and more. The company’s applications accelerate design and innovation, enabling rapid iteration and production in days instead of the months required by …
Hammer Time: Machina Labs’ Edward Mehr on Autonomous Blacksmith Bots and MoreRead More
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks (Archive)
This version of the blog is preserved for archival purposes only. An updated version of this blog, including links to new PoC code, can be found here. What do you do when you’ve found an arbitrary file delete as NT AUTHORITYSYSTEM? Probably just sigh and call it a DoS. Well, no more. In this article, …
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks (Archive)Read More
NEWS
-
How AI Is Personalizing Customer Service Experiences Across Industries
September 7, 2024Customer service departments across industries are facing increased call volumes, high customer service agent turnover, talent shortages and shifting customer expectations. Customers expect both self-help options and real-time, person-to-person support. These expectations for seamless, personalized experiences extend across digital communication... -
ZDI-24-1195: Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
September 6, 2024This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a... -
ZDI-24-1193: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
September 6, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI...