2024第四届FIC初赛Writeu - 渗透测试中心
检材链接:https://pan.baidu.com/s/1fwHb_5svMyK3Gr4-QeNc0Q?pwd=43a3挂载密码:2024Fic@杭州Powered~by~HL!手机部分1. 嫌疑人李某的手机型号是?A. Xiaomi MI 2sB. Xiaomi MI 4C. Xiaomi MI
Aggregator
Indian Threat Actors Target South And East Asian Entities
3 months 4 weeks ago
Recent reports have revealed that Indian threat actors are using multiple cloud service providers for malicious purposes. The hacker activities are mainly centered around facilitating credential harvesting, malware delivery, and command-and-control (C2). In this article, we’ll cover who the Indian threat actor is targeting and what the attack chain looks like. Let’s begin! Indian Threat […]
The post Indian Threat Actors Target South And East Asian Entities appeared first on TuxCare.
The post Indian Threat Actors Target South And East Asian Entities appeared first on Security Boulevard.
Wajahat Raja
C'est La Vie: French Atos Acquisition Bid Expires
3 months 4 weeks ago
Parties Vow to Continue Negotiations
Time ran out for a non-binding takeover bid from the French government for the cybersecurity business of beleaguered Parisian IT consultancy Atos. Among the world's largest managed security service providers, the financially struggling firm is strategically important to the French government.
Time ran out for a non-binding takeover bid from the French government for the cybersecurity business of beleaguered Parisian IT consultancy Atos. Among the world's largest managed security service providers, the financially struggling firm is strategically important to the French government.
DHS Warns Election Security Risks May Persist Into 2025
3 months 4 weeks ago
DHS Says Adversaries May Stoke Voter Fraud Fears Long After Election Day
The latest Homeland Security threat assessment lists this year’s election cycle as a top concern for 2025 and a potential trigger for domestic terrorism. The agency says foreign adversaries and violent extremists may take advantage of the outcome to further sow discord in the United States.
The latest Homeland Security threat assessment lists this year’s election cycle as a top concern for 2025 and a potential trigger for domestic terrorism. The agency says foreign adversaries and violent extremists may take advantage of the outcome to further sow discord in the United States.
IronNet Settles Securities Fraud Class Action Suit for $6.6M
3 months 4 weeks ago
Settlement Addresses Claims of False Revenue Forecasts, Investor Misrepresentation
IronNet and several former executives agreed to a $6.6 million settlement, ending a class action lawsuit accusing the company of misleading investors with inflated revenue projections. The settlement aims to provide relief for investors misled by allegedly inaccurate revenue projections.
IronNet and several former executives agreed to a $6.6 million settlement, ending a class action lawsuit accusing the company of misleading investors with inflated revenue projections. The settlement aims to provide relief for investors misled by allegedly inaccurate revenue projections.
Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
3 months 4 weeks ago
Mark Sokolovsky Admits to Felony Conspiracy Charge in US Federal Court
A Ukrainian national pleaded guilty Monday in U.S. federal court to one count of conspiracy to commit computer intrusion in connection with his role in the Raccoon malware-as-a-service info stealer criminal operation. Dutch authorities extradited him in February after arresting him in March 2022.
A Ukrainian national pleaded guilty Monday in U.S. federal court to one count of conspiracy to commit computer intrusion in connection with his role in the Raccoon malware-as-a-service info stealer criminal operation. Dutch authorities extradited him in February after arresting him in March 2022.
Работорговля и дипфейки: Telegram стал центром киберпреступлений в Азии
3 months 4 weeks ago
Десятки миллиардов долларов, дипфейки и стилеры стали ключевыми звеньями криминальной цепи мошенников.
Google Blocked Malicious Sideloading Apps for Indian Users
3 months 4 weeks ago
Google has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India. Cybercrime continues to be a significant concern in India, with consumers losing substantial amounts of money to fraudulent activities. According to […]
The post Google Blocked Malicious Sideloading Apps for Indian Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
大咖征稿|武汉大学:如何做好高校电子邮件账号安全防护
3 months 4 weeks ago
上个世纪七十年代,电子邮件占据了互联网的前身ARPANET上流量的75%,是最主要的应用。随着互联网的发展,电 […]
Coremail
为什么珠穆朗玛峰会升高?
3 months 4 weeks ago
中外地质学家认为,珠穆朗玛峰之所以如此高,部分原因是两条古老的河流流经喜马拉雅山脉,在大约 8.9 万年前汇合在一起。由此产生的侵蚀带走了如此多岩石和土壤,以至于珠穆朗玛峰隆升了 50 米之多。论文共同通讯作者、英国伦敦大学学院地质学家 Matt Fox 解释说:“随着质量的消减,地球的外壳会缓慢上升。这增加了珠穆朗玛峰的海拔高度。”珠穆朗玛峰海拔 8849 米,位于喜马拉雅山脉,距离 8611 米高的第二高峰乔戈里峰不远。该山脉还包含世界第三高峰干城章嘉峰(8586米)。印度与亚洲其他地区的持续碰撞推动了喜马拉雅山脉的升高。 研究认为,珠穆朗玛峰极高的部分原因在于附近的阿润河。地质学家认为阿润河曾经有过不同的河道,侵蚀了山脉,直到与一条向北的河流汇合。Fox 说,这种事件被称为河流捕获或河流袭夺。他们的模型表明,阿润河袭夺事件发生在 8.9 万年前。从那时起,阿润河迅速侵蚀了河道,带走了大量沉积物。从这个质量中“释放”出来,地壳可以缓慢地隆升。研究团队估计,这种“均衡反弹”使珠穆朗玛峰的海拔增加了 15 到 50 米。
CVE-2024-47316 | Salon Booking System Plugin up to 10.9 on WordPress authorization
3 months 4 weeks ago
A vulnerability classified as problematic has been found in Salon Booking System Plugin up to 10.9 on WordPress. Affected is an unknown function. The manipulation leads to authorization bypass.
This vulnerability is traded as CVE-2024-47316. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-47635 | TinyPNG Plugin up to 3.4.3 on WordPress cross-site request forgery
3 months 4 weeks ago
A vulnerability, which was classified as problematic, has been found in TinyPNG Plugin up to 3.4.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery.
This vulnerability is handled as CVE-2024-47635. The attack may be launched remotely. There is no exploit available.
vuldb.com
2024年网络安全“金帽子”年度评选活动正式启动!
3 months 4 weeks ago
在全球数字化浪潮中,我国数字经济迅速崛起。当前,制造业、金融、医疗、教育等领域的数字化转型迫切需要强有力的网络安全保障,以确保各项业务的安全运行和数据的可靠性。恰逢其时,大模型技术的应用与发展,正好在数字化转型和网络安全受到重视的时刻出现,给网络安全领域带来了新的机遇和挑战。大模型不仅在数据分析、威胁检测和预防方面展现出强大能力,还推动了智能化网络安全解决方案的普及与应用。
在这极具挑战的一年中,我国在网络安全领域取得了显著进展,各类企业和机构在技术创新、产品研发和服务升级方面不断突破,推动网络安全产业的高质量发展。为表彰这些卓越贡献,并进一步激发全行业的创新活力,嘶吼将举办2024年网络安全“金帽子”评选活动。
2024 网络安全“金帽子”年度评选公布:
本次评选活动旨在表彰在网络安全领域表现突出的企业及团队,激励更多的创新与实践。评选涵盖多个奖项类别,包括年度优秀安全产品、年度优秀行业解决方案、年度大模型创新技术、年度行业影响力、年度优秀团队品牌、年度创新成果典型案例、年度杰出安全服务商。
1、年度优秀安全产品
各企业仅可申报1个安全产品,并提供产品介绍、技术优势、应用场景、荣誉资质等相关资料。由组委会审核后方可进行大众投票,最终,由大众投票分数与专家评分分数之和最高的前5名获得“金帽子”年度优秀安全产品奖。
2、年度优秀行业解决方案
各企业最多可申报2个行业解决方案,并提供安全解决方案介绍,技术框架及优势、应用场景、荣誉与资质等,由组委会审核后方可进行大众投票。年度优秀安全解决方案奖包含政务、金融、能源,3个行业方向均可参报,最终,每个行业解决方案的大众投票分数与专家评分分数之和最高的前3名获得“金帽子”年度优秀行业解决方案奖。
3、年度大模型创新技术
各企业仅可申报1个大模型创新技术,并提供创新介绍、技术优势、应用场景及效果、荣誉资质等相关资料。由组委会审核后方可进行大众投票,最终,由大众投票分数与专家评分分数之和最高的前5名获得“金帽子”年度大模型创新技术奖。
4、年度行业影响力
评选企业需提供企业介绍、参加及举办的活动、资方认可度、企业资质等。由组委会审核后方可进行大众投票,最终,由大众投票分数与专家评分分数之和最高的前5名获得“金帽子”年度行业影响力奖。
5、年度优秀团队品牌
参报范围包括:安全实验室、应急响应中心、行业会议组委会。参选团队需提供团队介绍、团队成员资质、研究方向与成果、荣获奖励情况等。由组委会审核后方可进行大众投票,最终,由大众投票分数与专家评分分数之和最高的前5名获得“金帽子”年度优秀团队品牌奖。
6、年度创新成果典型案例
各企业仅可申报1个创新成果典型案例,并提供企业介绍、案例名称及介绍、需求痛点、案例创新点介绍等。由组委会审核后方可进行大众投票,最终,由大众投票分数与专家评分分数之和最高的前5名获得“金帽子”年度创新成果典型案例奖。
7、年度杰出安全服务商
参选企业需提供企业介绍、客户行业类型、参与重大安全项目、荣誉及资质等。由组委会审核后方可进行大众投票,最终,由大众投票分数与专家评分分数之和最高的前5名获得“金帽子”年度杰出安全服务商奖。
评选规则
评选规则设置为大众投票占比40%,专家投票占比60%,同时系统对恶意刷票行为制定了预防机制,评选过程公开、客观、公正。
活动征集
2024网络安全“金帽子”年度评选,参选征集信息如下:
征集时间:10月8日-10月22日
征集方式:根据年度奖项类目,参选企业可通过自荐、推荐、邀请等方式参与评选,在报名系统上按要求填写企业信息,进行参评。
征集入口:https://www.4hou.com/award-registration
PS:注册登录嘶吼账户后,可填写报名资料,各奖项申报名额有限,欲报从速。
如有其他问题咨询,请直接联系组委会,联系方式:
山卡拉
Mideast, Turkey Cyber Threats Spike, Prompting Defense Changes
3 months 4 weeks ago
The vast majority of organizations in the region saw more attacks in the past year, but most don't feel prepared for future incidents.
Robert Lemos, Contributing Writer
Werken bij Defensie? Kom naar de Pop-up Store op Utrecht Centraal
3 months 4 weeks ago
Belangstelling voor een baan bij Defensie? En komende periode toevallig ook nog eens op Utrecht Centraal? Defensie staat er vanaf vandaag tot en met zondag 20 oktober met een Pop-up Store. Kom eens informeren naar de mogelijkheden als militair of als burger.
勇夺桂冠 | 国利网安荣获宁波水利水务行业网络安全攻防演练一等奖
3 months 4 weeks ago
在近日举行的宁波水利水务行业网络安全攻防演练中,国利网安安全研究中心团队,经过5天时间的激烈角逐,凭借深厚的技 […]
国利网安
Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday
3 months 4 weeks ago
Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters.
The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack." However, it said "no significant damage" was caused and that everything was working normally
The Hacker News
CVE-2024-21532 | ggit Child Process API exec os command injection (SNYK-JS-GGIT-5731320)
3 months 4 weeks ago
A vulnerability, which was classified as critical, was found in ggit. Affected is the function exec of the component Child Process API. The manipulation leads to os command injection.
This vulnerability is traded as CVE-2024-21532. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-21533 | ggit URL Scheme clone argument injection (SNYK-JS-GGIT-5731319)
3 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in ggit. This issue affects the function clone of the component URL Scheme Handler. The manipulation leads to argument injection.
The identification of this vulnerability is CVE-2024-21533. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-9207 | BuddyPress Docs Plugin up to 2.2.3 on WordPress cross site scripting
3 months 4 weeks ago
A vulnerability classified as problematic was found in BuddyPress Docs Plugin up to 2.2.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-9207. The attack can be initiated remotely. There is no exploit available.
vuldb.com