Aggregator

树立能源行业安全运营标杆

IDC最新攻击面管理报告出炉，360多项能力获五星评价

JSP3/2.0.14

A vulnerability has been found in WordPress 2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file XMLRPC.PHP of the component XMLRPC Handler. The manipulation leads to sql injection. This vulnerability is known as CVE-2007-3140. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component.

总结推荐本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

Trend Micro - Infection Chain2024-09-08 TrendMicro Earth Baxia Uses Spear-Phishing and GeoServer Ex

A vulnerability has been found in Apple watchOS up to 3.1.2 and classified as critical. This vulnerability affects unknown code of the component FontParser. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4688. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in BGEnergy 1.153.0034 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6870. The attack needs to be approached within the local network. There is no exploit available.

戳我立即查看

黑客组织 NullBulge 入侵了迪士尼企业内部通信使用的工具 Slack，窃取并公开了数千 Slack 频道的数据，包括代码和未发布项目信息。NullBulge 泄露了愈 1 TB 数据，这一入侵发生在 7 月，迪士尼 8 月表示正对此展开调查。路透社现在报道，迪士尼计划停止将 Slack 作为整个公司的协作工具，部分团队已经切换到其他协作工具，预计今年晚些时候完成过渡。

A vulnerability, which was classified as critical, was found in barcode scanner 2.3.0. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-6869. Access to the local network is required for this attack to succeed. There is no exploit available.

支撑企业安全架构的技术方向，提升安全防护水平的方法体系。

So Ive been working on this project for the better part of 2 years on and off. I have this

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

More than 2.1 million stolen VPN passwords have been compromised by malware in the past year, highlighting a growing risk for unauthorized access to secure networks, according to a Specops Software report.

The post More Than Two Million Stolen VPN Passwords Discovered appeared first on Security Boulevard.

A vulnerability was found in PBLang 4.67.16.a. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument lang leads to path traversal. This vulnerability was named CVE-2007-3096. The attack can be initiated remotely. Furthermore, there is an exploit available.

Security issues stemming from the integration of information technology (IT) and operational technology (OT), could be addressed through artificial intelligence (AI), although the technology could also be leveraged by malicious actors, according to a Cisco study.

The post AI Could Help Resolve IT/OT Integration Security Challenges appeared first on Security Boulevard.

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. This vulnerability was named CVE-2024-9001. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.