Aggregator

影子 IT 的兴起可以归因于多种因素，其驱动因素包括对效率的需求以及对僵化的 IT 流程的不满。

大模型容易遭到攻击，容易泄露敏感数据。加拿大安全公司 Pillar Security 发表了《State of Attacks on GenAI》报告，基于遥测数据和逾 2000 AI 应用的真实攻击示例，揭示了大模型攻击和越狱的新见解。研究人员发现，对大模型的攻击平均只需要 42 秒，越狱成功率 20%。逾 2000 AI 应用中最常见的是提供虚拟客户支持的聊天机器人，占到了总数的 57.6%。常见的越狱方法包括使用指令 ignore previous instructions 和 ADMIN override，或者只使用 base64 编码。研究人员报告，最短的攻击只需要 4 秒，最长的需要 14 分钟。

Раскрыт способ обхода защиты через обычные скрипты.

A vulnerability classified as problematic was found in Mozilla Firefox up to 131.0.2. Affected by this vulnerability is an unknown functionality of the component Selection Node Cache. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-9936. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

MITRE推出EMB3D威胁检测新模型，强化嵌入式设备安全性；热门PDF阅读器曝安全隐患，攻击者可通过恶意文件入侵系统 | 牛览 日期：2024年

Ridge Security released RidgeBot 5.0, a substantial upgrade to its automated penetration testing platform. This release introduces AI-driven Web API testing, expanded vulnerability management integrations, and an upgraded operating system. RidgeBot 5.0 is an automated penetration testing platform to support HTTP-based API testing, a critical feature in today’s security landscape. This capability allows RidgeBot to perform Web API penetration testing, detecting and validating vulnerabilities such as OWASP API security Top 10 risks, Broken Authentication, hidden … More →

The post Ridge Security delivers enhanced capabilities for web application security appeared first on Help Net Security.

Defensie schaft 8 nieuwe lesvliegtuigen en 2 vluchtsimulators met bijbehorende leermiddelen aan. Sinds 1988 beschikt de Elementaire Militaire Vlieger Opleiding (EMVO) over 13 Pilatus PC-7 lesvliegtuigen. Hiervan komt het einde van de technische levensduur in zicht. Het nieuwe toestel is de PC-7 MKX.  Dat meldt staatssecretaris Gijs Tuinman vandaag aan de Tweede Kamer.

OneSpan announced an innovation in phishing-resistant transaction security, VISION FX. This new solution combines OneSpan’s patented CRONTO transaction signing with FIDO2 protocols that strengthen protection against phishing and account takeover threats (ATO), setting a standard for banking security. Merging both technologies into a single authentication solution delivers secure and user-friendly option on the market for banking customers logging on to execute transactions. Changes in the banking sector associated with new digital initiatives have ushered in … More →

The post OneSpan strenghtens banking security with phishing-resistant authentication appeared first on Help Net Security.

A vulnerability classified as problematic has been found in Schweizerische Steuerkonferenz Library taxstatement.jar 2.2.2/2.2.4 on Windows. Affected is the function DocumentBuilder of the component PDF Handler. The manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2024-8602. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Defensie gaat 46 Leopard 2A8-gevechtstanks verwerven. Nederland sluit hiervoor aan bij een initiatief van de Duitse regering. De bedoeling is dat de eerste moderne gevechtstanks in 2027 instromen en de laatste 2030. De krijgsmacht heeft vanaf dat moment weer een volledig tankbataljon, met plek voor 500 militairen. Dat meldt staatssecretaris Gijs Tuinman vandaag in een brief aan de Tweede Kamer.

Почему миллионы пользователей платформы поверили в теории заговора?

Мошенники эволюционировали и перешли к атакам на сервисы бронирования жилья.

欢迎宝贵的意见和建议

Een sterke lucht- en raketverdediging is van levensbelang. Dat toont de oorlog in Oekraïne aan. Net als de recente ontwikkelingen in het Midden-Oosten. Nieuwe gecombineerde lucht- en raketverdediging beschermt vitale objecten, gebieden en eenheden tegen moderne luchtdreiging. Dat gebeurt met middelen op zowel de korte (Short Range Air Defense, Shorad) als middellange afstand (Medium Range Air Defense, MRAD). Defensie schaft lanceersystemen aan voor 6 nieuwe MRAD- en 4 nieuwe Shorad-eenheden. Dat is inclusief raketten en simulatiemiddelen.

At Seceon’s 2024 Innovation and Certification Days, we had the privilege of showcasing one of the strongest partnerships in the cybersecurity landscape today—our collaboration with Exertis, a leading distributor of enterprise IT solutions who recently launched their own MSP powered by Seceon. During the event, Seceon’s own Peter Christou sat down with Geoff Towns and

The post How Exertis and Seceon Are Redefining Cybersecurity for MSPs: A Partnership Built on Innovation appeared first on Seceon Inc.

The post How Exertis and Seceon Are Redefining Cybersecurity for MSPs: A Partnership Built on Innovation appeared first on Security Boulevard.

Rancher Government Solutions launched Harvester Government, the first fully compliant, out-of-the-box Hyperconverged Infrastructure (HCI) solution tailored specifically for US Government and Military operations. Designed to meet the strict security standards required for government use cases, Harvester Government offers a pre-hardened HCI infrastructure platform that seamlessly combines compliance, security, and flexibility. Harvester Government is derived from the upstream open-source product but reimagined and enhanced to meet the unique operational and security needs of the US Government. … More →

The post Rancher Government Solutions introduces Harvester Government appeared first on Help Net Security.

Learn how to automate Helm deployments with GitOps, using Argo CD for continuous delivery. Seamlessly handle secrets, pod auto-restart, and version propagation in Kubernetes with this production-ready integration.

The post Make Deployments Great Again: How to Use Helm with Continuous Deployment (CD) appeared first on Security Boulevard.

WolvCTF-2024 web方向Order up系列复现

自动化patch shellcode到EXE实现免杀