Aggregator
美国2025财年国防授权法案网络安全看点解析
2 months 3 weeks ago
提供约2200亿元网络安全相关预算
Fake Government Officials Use Remote Access Tools for Card Fraud
2 months 3 weeks ago
Group-IB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details
CVE-2024-45033 | Apache Airflow Fab Provider up to 1.5.1 session expiration
2 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Apache Airflow Fab Provider up to 1.5.1. Affected by this issue is some unknown functionality. The manipulation leads to session expiration.
This vulnerability is handled as CVE-2024-45033. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-11350 | scriptsbundle AdForest Plugin up to 5.1.6 on WordPress adforest_reset_password password recovery
2 months 3 weeks ago
A vulnerability classified as critical was found in scriptsbundle AdForest Plugin up to 5.1.6 on WordPress. Affected by this vulnerability is the function adforest_reset_password. The manipulation leads to weak password recovery.
This vulnerability is known as CVE-2024-11350. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Кибератака раскрыла планы Филиппин в Южно-Китайском море
2 months 3 weeks ago
Страна расследует взлом правительственных систем.
Facebook将放弃第三方事实核查功能 转而学习X/Twitter的社区笔记
2 months 3 weeks ago
#科技资讯 Meta 旗下的 Facebook、Instagram 和 Threads 都将学习 X/Twitter 的社区笔记功能,由社区成员标记帖子并投票,不再采用第三方事实核查机
CVE-2024-13173 | vivo Health up to 4.1.6.32 Restrictions missing authentication
2 months 3 weeks ago
A vulnerability classified as critical has been found in vivo Health up to 4.1.6.32. Affected is an unknown function of the component Restrictions Handler. The manipulation leads to missing authentication.
This vulnerability is traded as CVE-2024-13173. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
IntelOwl compie gli anni
2 months 3 weeks ago
Quando, all’inizio del 2020, abbiamo dato vita al progetto IntelOwl, eravamo consapevoli delle diffi
【vulhub】Fastjson1.2.24反序列化导致任意命令执行漏洞复现
2 months 3 weeks ago
fastjson 可以操作各种类型 java 对象,即使是一些预先存在但没有源码的对象,使用比较广泛。
苹果推出iOS 18.3 Beta 2版 修复计算器应用无法按等号进行连续操作的问题
2 months 3 weeks ago
#系统资讯 苹果推出 iOS 18.3 Beta 2 版修复计算器应用无法按等号进行连续操作的问题。这个问题是在 iOS 18 正式版中引入的,但并非 BUG 而是苹果有意为之,接到很
Rapporto annuale Polizia postale
2 months 3 weeks ago
mercoledì 8 gennaio 2025 Rapporto annuale Polizia postaleLa Polizia po
DataCon2024大数据安全分析竞赛颁奖典礼圆满落幕
2 months 3 weeks ago
2025年1月4日上午,DataCon2024大数据安全分析竞赛颁奖典礼在中国科学院计算技术研究所举行,为DataCon2024获奖战队及教师颁发了四大荣誉奖项。本次颁奖典礼现场汇聚了多位行业顶尖学者
DataCon2024大数据安全分析竞赛颁奖典礼圆满落幕
2 months 3 weeks ago
2025年1月4日上午,DataCon2024大数据安全分析竞赛颁奖典礼在中国科学院计算技术研究所举行。
闲鱼iOS版禁止搜索腾讯视频和游戏充值等虚拟商品 但仍可以通过淘宝跳转
2 months 3 weeks ago
#软件资讯 闲鱼 iOS 版禁止搜索腾讯视频和游戏充值等虚拟商品,疑似是苹果要求的,但仍然可以通过淘宝跳转。安卓版目前不受影响,iOS 方面应该是苹果要求虚拟产品都必须缴纳抽成的原因,
Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays
2 months 3 weeks ago
Cyberattacks are more costly than ever. This year, the average price tag of a data breach skyroc
Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays
2 months 3 weeks ago
Victim organizations need more effective tools and strategies to streamline incident response and mitigate financial fallout.
The post Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays appeared first on Security Boulevard.
Christian Geyer
警惕境外APT组织在GitHub投毒,攻击国内安全从业者、指定大企业
2 months 3 weeks ago
1摘要近期网络流传网络安全从业人员使用的某提权工具被植入后门,造成了工具使用者的身份和数据泄露。经微步研判,该事件为东南亚APT组织“海莲花”利用GitHub发布带有木马的Cobalt Strike漏
警惕境外APT组织在GitHub投毒,攻击国内安全从业者、指定大企业
2 months 3 weeks ago
“海莲花”投毒
ALPC 之殇 - 8月未知 Windows 在野提权 Nday 漏洞研究
2 months 3 weeks ago
综述该漏洞样本为前段时间奇安信威胁情报中心日常在野漏洞监控运营经发现,其最早被上传时只有6个查杀。经过分析确认该漏洞应该是在八月的微软补丁中被修复,是一个被修复的未知nday利用,运行的具体效果如下所