CNVD漏洞周报2024年第39期
国家信息安全漏洞共享平台(以下简称CNVD)本周共收集、整理信息安全漏洞270个,其中高危漏洞121个、中危漏洞137个、低危漏洞12个。
Aggregator
PHP中存在多个漏洞,速修复
2 months 4 weeks ago
速修复
超过三分之一的员工与AI共享工作机密
2 months 4 weeks ago
如果你用自己所有的个人可识别信息喂养AI模型,那么任何可访问该模型的人都可让它吐出来。
7*24H智能守护 360国庆节安全保障通知
2 months 4 weeks ago
为祖国庆生,与安全同行
NASA 出售全新的月球漫游车
2 months 4 weeks ago
NASA 在今年 7 月以研发超支为由突然取消了基本完成的 Volatiles Investigating Polar Exploration Rover (VIPER)月球漫游车极地寻冰项目。VIPER 漫游车大小与菲亚特 500 相近,已经完工,正在进行最后的测试,计划明年搭乘 SpaceX Falcon Heavy 火箭发射升空。它使用的着陆器由 Astrobotic 建造,NASA 已经支付了费用。NASA 称,VIPER 项目迄今耗资 4.33 亿美元,远高于最初的 2.5 亿美元预算,超出了其承受能力。NASA 提议由商业公司接手 VIPER 项目。作为交换,它必须支付月球车的最终测试费用,找到登陆月球的方法(或使用不同的着陆器),执行原来的科学使命。新拥有者需要披露 VIPER 的科学发现,他们也可以借此机会去实现其在月球上的目标。目前有 11 家公司递交了提案。其中之一是休斯顿公司 Intuitive Machines,该公司今年 2 月成为第一家成功登月(但着陆器侧翻了)的私营公司。
安全热点周报:严重的 Ivanti vTM 身份认证绕过漏洞现已被攻击利用
2 months 4 weeks ago
California Gov. Newsom Vetoes Hotly-Debated AI Safety Bill
2 months 4 weeks ago
Newsom Says Bill Not 'Flexible' Solution to Curb Catastrophic Risks
California Gov. Gavin Newsom on Sunday vetoed a hotly-debated AI safety bill that would have pushed developers to implement measures to prevent "critical harms." The bill "falls short of providing a flexible, comprehensive solution to curbing the potential catastrophic risks," Newsom said.
California Gov. Gavin Newsom on Sunday vetoed a hotly-debated AI safety bill that would have pushed developers to implement measures to prevent "critical harms." The bill "falls short of providing a flexible, comprehensive solution to curbing the potential catastrophic risks," Newsom said.
派早报:OpenAI 计划 ChatGPT 涨价,即将完成新融资
2 months 4 weeks ago
你可能错过的新鲜事OpenAI 计划 ChatGPT 涨价,即将完成新融资据《纽约时报》报道,OpenAI 计划在年底前将 ChatGPT 的每月价格提高至 22 美元,并在未来五年内提升至 44
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
2 months 4 weeks ago
Key TakeawaysIn November 2023, we identified a BlackCat ransomware intrusion started by Nitrogen
Video Tutorial: Installing NetworkMiner Professional
2 months 4 weeks ago
This video tutorial covers how to install NetworkMiner Professional. Use the official 7-zip tool to extract the password protected 7zip archive. Recommended locations for NetworkMiner: DesktopMy DocumentsC:\Users\{user}\AppData\Local\Programs\USB flash drive See our NetworkMiner Professional tutoria[...]
Erik Hjelmvik
Простые игроки в League of Legends стали жертвами хакерской охоты
2 months 4 weeks ago
Поддельные страницы массово заманивают геймеров в цифровую ловушку.
Video Tutorial: Installing NetworkMiner Professional
2 months 4 weeks ago
This video tutorial covers how to install NetworkMiner Professional. Use the official 7-zip tool to extract the password protected 7zip archive. Recommended locations for NetworkMiner: DesktopMy DocumentsC:\Users\{user}\AppData\Local\Programs\USB flash drive See our NetworkMiner Professional tutoria[...]
Erik Hjelmvik
Операция «Uberlingen»: КНДР атаковала немецкого производителя ракет Iris-T
2 months 4 weeks ago
Группировка Kimsuky охотится за военными технологиями Германии.
连续七年! Fortinet 再入Gartner企业级有线与无线局域网基础设施“客户之选”榜单!
2 months 4 weeks ago
连续七年! Fortinet 再入Gartner企业级有线与无线局域网基础设施“客户之选”榜单! 日期:2024年09月30日 阅:
Взлом в облаках: хакеры манипулируют GPS-системами самолетов
2 months 4 weeks ago
Атаки на системы навигации создают настоящий воздушный лабиринт для пилотов.
CVE-2024-41999 | Techno Support Company Smart-tab Android app debug code
2 months 4 weeks ago
A vulnerability, which was classified as critical, was found in Techno Support Company Smart-tab Android app. This affects an unknown part. The manipulation leads to active debug code.
This vulnerability is uniquely identified as CVE-2024-41999. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com
UK and US Warn of Growing Iranian Spear Phishing Threat
2 months 4 weeks ago
Security agencies from the UK and US are urging individuals with Middle East links to beware of Iranian spear phishing attacks
CVE-2024-8458 | PLANET Technology GS-4210-24P2S Hardware 3.0 cross-site request forgery
2 months 4 weeks ago
A vulnerability, which was classified as problematic, has been found in PLANET Technology GS-4210-24PL4C Hardware 2.0 and GS-4210-24P2S Hardware 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery.
This vulnerability is handled as CVE-2024-8458. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
关于soc建设,系统完整性受到破坏时的防御机制,以及AV+EDR异构实践的探讨|总第263周
2 months 4 weeks ago
本期周报简介:1、系统完整性受到破坏有什么好的防御机制?2、EDR产品安装包也有几百兆,加上AV可能影响电脑性能,AV+EDR异构会是业界最佳实践吗?3、行业内现存是否有信息技术领域访问控制、权限管理的顶层设计的制度?4、soc建设...
CVE-2024-42496 | Techno Support Company Smart-tab Android App credentials storage
2 months 4 weeks ago
A vulnerability classified as problematic was found in Techno Support Company Smart-tab Android App. Affected by this vulnerability is an unknown functionality. The manipulation leads to unprotected storage of credentials.
This vulnerability is known as CVE-2024-42496. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com