Aggregator

CVE-2015-8070 | Adobe Flash Player up to 11.2.202.548/18.0.0.261/19.0.0.245 use after free (APSB15-32 / EDB-39042)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in Adobe Flash Player up to 11.2.202.548/18.0.0.261/19.0.0.245. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2015-8070. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

重磅 | 嘶吼2024网络安全“金帽子”年度评选活动结果公示

嘶吼
2 months 1 week ago

2024年,在全球数字化浪潮的推动下,我国的数字经济迎来了迅猛发展。与此同时,网络安全领域也取得了显著成就,各类企业和机构在技术创新、产品研发与服务升级方面不断突破,推动网络安全产业的高质量发展。为表彰这些卓越贡献,并激发全行业的创新活力,嘶吼举办了2024年网络安全“金帽子”年度评选活动。

目前,大众及专家投票环节已告于段落,投票时间为10月24日——11月7日。在此期间,我们收到了上百家安全厂商的踊跃报名,共收录249项评选奖项,有效投票70000+张。感谢所有参与、支持与关注我们的朋友!

本届评选活动包含七大评选奖项:

1、年度优秀安全产品

2、年度优秀行业解决方案

3、年度大模型创新技术

4、年度行业影响力

5、年度优秀团队品牌

6、年度创新成果典型案例

7、年度杰出安全服务商

其中,年度优秀行业解决方案分为政务、金融、能源,三个行业方向进行评选,每个行业评出3个获奖名额。在其余六个奖项中,每个奖项评出5个获奖名额。经过大众与专家的层层评选,最终评选出各类奖项的佼佼者。以下是本次评选结果的公示。

2024网络安全金帽子年度评选结果公示

年度优秀安全产品前五名单:电信安全“云猎”无人机侦测反制系统、科能腾达下一代防火墙、微步威胁防御系统OneSIG、威努特数据备份与恢复系统、博智孪生仿真靶场。

年度优秀行业解决方案(政务)前三名单:云盾智慧慧御网站安全云防护解决方案、四叶草安全多层级漏洞防御与治理解决方案、经纬信安自适应数据安全主动防御体系建设方案。

年度优秀行业解决方案(金融)前三名单:360“两高一弱”专项治理解决方案、亚信安全金融行业终端一体化安全运营解决方案、炼石金融数据和个人信息脱敏方案。

年度优秀行业解决方案(能源)前三名单:天地和兴某电力集团调度数据网安全防护项目、网藤科技基于电力生产业务场景深度行为分析技术的解决方案、盛邦安全面向能源行业业务风险防控的API安全治理方案。

年度大模型创新技术前五名单:启明星辰泰合安全大模型应用、360数字安全集团360安全大模型、绿盟科技风云卫AI安全能力平台、安天澜砥威胁检测垂直大模型、知道创宇大模型内生安全解决方案。

年度行业影响力前五名单:北京网御星云信息技术有限公司、天融信科技集团股份有限公司、拓尔思天行网安信息技术有限责任公司、北京安普诺信息技术有限公司、北京智游网安科技有限公司。

年度优秀团队品牌前五名单:深信服千里目安全技术中心、美团安全应急响应中心、蚂蚁天象安全实验室、顺丰安全应急响应中心、蛇矛实验室。

年度创新成果典型案例前五名单:启明星辰云众可信“关键基础设施安全靶场解决方案”、华云安电力企业实战对抗场景下的攻击面安全运营体系实践、保旺达数据资产全链路智能风险分析与测绘溯源、圣博润北京市轨道交通3号线一期工程信号系统信息安全防护、快快网络助力某物流公司业务迁移及保障云上安全。

年度杰出安全服务商前五名单:北京云科安信科技有限公司、中控技术股份有限公司、北京海泰方圆科技股份有限公司、北京卫达信息技术有限公司、深圳市安络科技有限公司。

至此,2024网络安全金帽子年度评选结果已全部公布完毕,恭喜获奖企业!后续工作人员将联系获奖方对接奖杯发放流程,请获奖方耐心等待。评选活动具体得分详见活动官网:https://www.4hou.com/golden-hat-2024

山卡拉

CVE-2008-6958 | Crossday Discuz! 7.0 wap/index.php creditsformula code injection (EDB-7119 / XFDB-46644)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical has been found in Crossday Discuz! 7.0. This affects an unknown part of the file wap/index.php. The manipulation of the argument creditsformula leads to code injection. This vulnerability is uniquely identified as CVE-2008-6958. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-6950 | Webhost-panel Bankoi WebHosting Control Panel 1.20 login.asp sql injection (EDB-7120 / XFDB-46637)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical was found in Webhost-panel Bankoi WebHosting Control Panel 1.20. Affected by this vulnerability is an unknown functionality of the file login.asp of the component Control Panel. The manipulation leads to sql injection. This vulnerability is known as CVE-2008-6950. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Strategies for CISOs navigating hybrid and multi-cloud security

Help Net Security
2 months 1 week ago

In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance of consistent security policies, and the need for automated compliance solutions. What are the most pressing cloud security challenges that CISOs should prioritize, especially as multi-cloud and hybrid environments grow more complex? With the increasing adoption of … More →

The post Strategies for CISOs navigating hybrid and multi-cloud security appeared first on Help Net Security.

Mirko Zorz

Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password

Security Boulevard
2 months 1 week ago

In episode 354, we discuss the emergence of the term ‘Advanced Persistent Teenagers’ (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without […]

The post Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password appeared first on Shared Security Podcast.

The post Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password appeared first on Security Boulevard.

Tom Eston

CVE-2013-1942 | ownCloud up to 5.0.3 ActionScript cross site scripting (EDB-38460 / ID 121178)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as problematic, was found in ownCloud. Affected is an unknown function of the component ActionScript. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2013-1942. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

古巴再次因飓风和地震大规模断电

Solidot
2 months 1 week ago
古巴电网再次因飓风以及紧跟而来的地震大规模瘫痪。上周三,古巴再次遭遇飓风袭击,电网瘫痪了 24 小时。视频显示,电线杆倒在路上,电力基础设施一团糟。周四政府动员了数百名电力技术人员去恢复电力。到周四下午,两座电厂部分恢复发电,东部和中部部分地区恢复供电。在有 200 万人口的首都哈瓦那,到周五下午不到五分之一的地区恢复供电。周日东部沿海地区发生了 5.9 级和 6.8 级地震,电力基础设施再次受重创。

CVE-2015-8069 | Adobe Flash Player up to 11.2.202.548/18.0.0.261/19.0.0.245 use after free (APSB15-32 / EDB-39042)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical was found in Adobe Flash Player up to 11.2.202.548/18.0.0.261/19.0.0.245. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2015-8069. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2008-6942 | ScriptsFeed Realtor Classifieds System File Upload input validation (EDB-7110 / XFDB-46609)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in ScriptsFeed Realtor Classifieds System. This issue affects some unknown processing of the component File Upload. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2008-6942. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-6943 | ScriptsFeed Recipes Listing Portal File Upload input validation (EDB-7112 / XFDB-46607)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, was found in ScriptsFeed Recipes Listing Portal. Affected is an unknown function of the component File Upload. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2008-6943. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-6944 | ScriptsFeed Auto Classifieds File Upload input validation (EDB-7111 / XFDB-46608)

Vuldb Updates
2 months 1 week ago
A vulnerability has been found in ScriptsFeed Auto Classifieds and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation leads to improper input validation. This vulnerability is known as CVE-2008-6944. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-6938 | Holger Zimmermann Pi3Web 1.0.1/2.0/2.0.1/2.0.2 Beta 1/2.0.3 Pl1 input validation (EDB-7109 / XFDB-46600)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Holger Zimmermann Pi3Web 1.0.1/2.0/2.0.1/2.0.2 Beta 1/2.0.3 Pl1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper input validation. This vulnerability is known as CVE-2008-6938. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad