Aggregator

CVE-2008-6768 | Shopsystem-forum K/S Shopsoftware File Upload admin/editor/images.php Remote Code Execution (EDB-7500 / XFDB-47424)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Shopsystem-forum K and S Shopsoftware. It has been rated as critical. This issue affects some unknown processing of the file admin/editor/images.php of the component File Upload. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2008-6768. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

2024年人工智能技术赋能网络安全应用测试:广东盈世在钓鱼邮件识别场景荣获第三名!

嘶吼
2 months 1 week ago

近期,2024年国家网络安全宣传周“网络安全技术高峰论坛主论坛暨粤港澳大湾区网络安全大会”在广州成功举办。会上,国家计算机网络应急技术处理协调中心公布了“2024年人工智能技术赋能网络安全应用测试结果”。结果显示,广东盈世计算机科技有限公司在钓鱼邮件识别场景中获得第三名,充分展示了其在钓鱼邮件识别领域的卓越实力

2024年人工智能技术赋能网络安全应用测试活动

由中央网信办网络安全协调局、中国科学院网信办、中国人民银行科技司指导,国家计算机网络应急技术处理协调中心联合中国网络空间安全协会、中国科学院信息工程研究所、国家信息技术安全研究中心、中国网络安全产业联盟、长安通信科技有限责任公司举办,旨在挖掘人工智能技术在网络安全领域的应用潜力,推动网络安全产业整体技术水平不断提升

该测试活动使用华为公司的AI服务器、计算架构作为基础软硬件环境,设置了网络安全告警日志降噪、原始流量网络安全威胁检测、钓鱼邮件识别、恶意软件检测、软件缺陷分析与漏洞检测、网络金融用户账号欺诈登录行为检测等6个场景。活动共吸引了47家企事业单位的82个团队报名参加。

广东盈世计算机科技有限公司的Coremail邮件安全人工智能实验室(Coremail Email Security AI Lab)在钓鱼邮件识别测试赛道中以第三名的优秀成绩脱颖而出。测试结果不仅超越了参赛的绝多数大模型,展示了其卓越的实力,更是验证了其在钓鱼邮件识别的领先优势。

Coremail邮件安全人工智能实验室依托于Coremail丰富的应用场景、海量大数据与一流科技人才,专注于将自然语言处理、计算机视觉、大型语言模型等AI智能技术应用于电子邮件安全防护领域的创新突破。目前已在反垃圾领域取得可喜成果,形成了反垃圾算法智能优化闭环:基于AI技术实现邮件样本智能收集、识别、入库、反馈、自学习训练、最终提升算法模型能力,不断优化中央引擎、保持反垃圾品质稳步提升。

Coremail邮件安全大数据中心是国内头部的企业级邮件安全大数据中心,致力于全球垃圾邮件、钓鱼邮件、病毒邮件、威胁事件、邮件系统安全的研究与推进。 依托千万级IP信誉数据库,以智能算法学习+人工严格审核双重机制,对最新邮件样本进行实时分析,高效识别危险邮件,高效提升企业邮件系统安全性。

Coremail邮件安全人工智能实验室更是在2024年3月份获得了清华智谱AI开源大模型商用授权,旨在提高产品对钓鱼邮件的检测能力。

AI大模型在邮件反钓鱼检测中的应用虽然仍处于探索阶段,但其展现出的潜力令人鼓舞。Coremail邮件安全人工智能实验室不断探索AI技术在邮件安全防护中的可能性,通过深入研究与实践,发现AI大模型在反钓鱼领域多个场景中均能发挥其优势。

Coremail邮件安全人工智能实验室发现,与文本大模型相比,多模态大模型能够处理更丰富的信息数据源,如文本、图像、音频等,不仅能进行文本理解,还能模拟视觉分析,处理图片和链接落地页等多媒体内容,为钓鱼检测提供更全面的支持。

Coremail邮件安全人工智能实验将持续探索AI大模型在邮件安全领域的应用,更新迭代新型恶意邮件的检测能力,保持反垃圾反钓鱼品质的稳步提升,确保客户的邮件安全,为我国的网络安全事业发展贡献力量。

Coremail邮件安全

Aon Cyber Risk Analyzer empowers organizations to evaluate cyber risk

Help Net Security
2 months 1 week ago

Aon launched its Cyber Risk Analyzer, a digital application that allows risk managers to make data-driven, technology-enabled decisions to mitigate cyber risk. The tool is the latest in a series of new offerings, which brings together Aon’s data, tools and analytics professionals to support clients through an evolving risk landscape across sectors. “As cyber threats continue to grow in frequency, sophistication and severity, organizations face an array of complex risks—from ransomware and business interruption to … More →

The post Aon Cyber Risk Analyzer empowers organizations to evaluate cyber risk appeared first on Help Net Security.

Industry News

AlmaLinux 9.5 released: Security updates, new packages, and more!

Help Net Security
2 months 1 week ago

AlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to Red Hat Enterprise Linux. AlmaLinux 9.5, codenamed Teal Serval, is now available. Security updates: The OpenSSL TLS toolkit is upgraded to version 3.2.2. OpenSSL now supports certificate compression extension (RFC 8879) and Brainpool curves have been added to the TLS 1.3 protocol (RFC 8734). The SELinux policy now provides a boolean that … More →

The post AlmaLinux 9.5 released: Security updates, new packages, and more! appeared first on Help Net Security.

Help Net Security

1.000 dagen oorlog: Nederland levert nieuwe luchtverdedigingssystemen aan Oekraïne

Defensie.nl - Nieuwsberichten
2 months 1 week ago
Oekraïne heeft nieuwe luchtverdedigingssystemen ontvangen van Nederland. Die moeten het land helpen zich te verdedigen tegen Russische luchtaanvallen. De levering heeft een waarde van €88 miljoen, bekostigd door Nederland. Daarnaast zet Nederland verdere stappen in de ontwikkeling van drones voor Oekraïne. Dit betreft aanvalsdrones, mede als reactie op de Noord-Koreaanse betrokkenheid.

CVE-2024-10268 | Sonaar MP3 Audio Player Plugin up to 5.8 on WordPress Shortcode sonaar_audioplayer cross site scripting

Vuldb Updates
2 months 1 week ago
A vulnerability classified as problematic was found in Sonaar MP3 Audio Player Plugin up to 5.8 on WordPress. This vulnerability affects the function sonaar_audioplayer of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-10268. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-11098 | SVG Block Plugin up to 1.1.24 on WordPress SVG File Upload cross site scripting

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as problematic, has been found in SVG Block Plugin up to 1.1.24 on WordPress. This issue affects some unknown processing of the component SVG File Upload Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11098. The attack may be initiated remotely. There is no exploit available.
vuldb.com

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

Security Affairs
2 months 1 week ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the above vulnerabilities: CVE-2024-1212 is a Progress Kemp LoadMaster […]
Pierluigi Paganini

CVE-2003-1121 | ScriptLogic up to 4.13 Services privileges management (VU#231705 / Nessus ID 11562)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as very critical, has been found in ScriptLogic up to 4.13. This issue affects some unknown processing of the component Services. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2003-1121. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2003-1120 | SSH Tectia Server 4.0.3/4.0.4 on Unix Password Change Plugin Private Key information disclosure (VU#814198 / XFDB-15585)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical was found in SSH Tectia Server 4.0.3/4.0.4 on Unix. This vulnerability affects unknown code of the component Password Change Plugin. The manipulation leads to information disclosure (Private Key). This vulnerability was named CVE-2003-1120. An attack has to be approached locally. There is no exploit available.
vuldb.com

CVE-2003-1118 | SETI@home Client 3.3/3.4/3.5/3.6/3.7 memory corruption (VU#146785 / Nessus ID 52517)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in SETI@home Client 3.3/3.4/3.5/3.6/3.7. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2003-1118. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2003-1115 | Nortel Succession Communication Server 2000 Session Initiation Protocol INVITE Message memory corruption (VU#528719 / XFDB-11379)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Nortel Succession Communication Server 2000. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Session Initiation Protocol. The manipulation as part of INVITE Message leads to memory corruption. This vulnerability is known as CVE-2003-1115. The attack can be launched remotely. There is no exploit available.
vuldb.com

Managed ad