Aggregator
《人工智能安全治理框架》1.0版发布
4 months 1 week ago
9月9日,在2024年国家网络安全宣传周主论坛上,全国网络安全标准化技术委员会(以下简称“网安标委”)发布《人工智能安全治理框架》1.0版。
贯彻落实《全球人工智能治理倡议》,网安标委研究制定了《人工智能安全治理框架》(以下简称《框架》)。
《框架》以鼓励人工智能创新发展为第一要务,以有效防范化解人工智能安全风险为出发点和落脚点,提出了包容审慎、确保安全,风险导向、敏捷治理,技管结合、协同应对,开放合作、共治共享等人工智能安全治理的原则。《框架》按照风险管理的理念,紧密结合人工智能技术特性,分析人工智能风险来源和表现形式,针对模型算法安全、数据安全和系统安全等内生安全风险和网络域、现实域、认知域、伦理域等应用安全风险,提出相应技术应对和综合防治措施,以及人工智能安全开发应用指引。
网安标委秘书处主要负责人表示,《框架》1.0版的发布,对推动社会各方积极参与、协同推进人工智能安全治理具有重要促进作用,为培育安全、可靠、公平、透明的人工智能技术研发和应用生态,促进人工智能的健康发展和规范应用,提供了基础性、框架性技术指南。同时,也有助于在全球范围推动人工智能安全治理国际合作,推动形成具有广泛共识的全球人工智能治理体系,确保人工智能技术造福于人类。
点击阅读原文即可查看《人工智能安全治理框架》
文章来源:网信中国
胡金鱼
How human-led threat hunting complements automation in detecting cyber threats
4 months 1 week ago
In this Help Net Security interview, Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting, discusses the evolving methodologies and strategies in threat hunting and explains how human-led approaches complement each other to form a robust defense. Cox also discusses the ongoing need for skilled threat hunters and the future challenges and opportunities in integrating human intelligence with advanced automation. What are the primary methodologies used in threat hunting? How do they complement each other? … More →
The post How human-led threat hunting complements automation in detecting cyber threats appeared first on Help Net Security.
Mirko Zorz
Hackers Target Taiwan UAV, Military Industries
4 months 1 week ago
Threat Actor Is Likely a Beijing Cyberespionage Operator
A Chinese-speaking hacking group is targeting drone manufacturers in Taiwan and other military-related industries on the island country located roughly 100 miles from mainland China. Trend Micro on Friday said it tracks the threat actor as "Tidrone."
A Chinese-speaking hacking group is targeting drone manufacturers in Taiwan and other military-related industries on the island country located roughly 100 miles from mainland China. Trend Micro on Friday said it tracks the threat actor as "Tidrone."
Darktrace CEO Swap: Gustafsson Steps Down; Popelka Steps Up
4 months 1 week ago
COO Jill Popelka Promoted to Chief Executive as Thoma Bravo Acquisition Nears Close
Darktrace has promoted COO Jill Popelka to CEO, replacing long-time leader Poppy Gustafsson. As the cybersecurity AI vendor prepares to finalize its sale to Thoma Bravo, Popelka will steer Darktrace into its next phase of growth. Gustafsson will join the board as a non-executive director.
Darktrace has promoted COO Jill Popelka to CEO, replacing long-time leader Poppy Gustafsson. As the cybersecurity AI vendor prepares to finalize its sale to Thoma Bravo, Popelka will steer Darktrace into its next phase of growth. Gustafsson will join the board as a non-executive director.
US Prepares to Gather AI Foundational Model Developer Info
4 months 1 week ago
Action Aims to Ensure That Domestic Defense Industry Keeps Up With AI Developments
The U.S. federal government is preparing to collect reports from foundational artificial intelligence model developers, including details about their cybersecurity defenses and red-teaming efforts. The Department of Commerce said it wants thoughts on how data should be safety collected and stored.
The U.S. federal government is preparing to collect reports from foundational artificial intelligence model developers, including details about their cybersecurity defenses and red-teaming efforts. The Department of Commerce said it wants thoughts on how data should be safety collected and stored.
Progress Software Fixes Critical LoadMaster Vulnerability
4 months 1 week ago
Urgent Fix Addresses Critical Flaw That Allows Remote Code Execution
Progress Software released an urgent patch Thursday to fix a critical vulnerability that hackers could exploit to launch remote attacks. The company is no stranger to urgent patching. It was at the center of a Memorial Day 2023 mass hacking incident.
Progress Software released an urgent patch Thursday to fix a critical vulnerability that hackers could exploit to launch remote attacks. The company is no stranger to urgent patching. It was at the center of a Memorial Day 2023 mass hacking incident.
Automotive CTF Japan 2024
4 months 1 week ago
Name: Automotive CTF Japan 2024 (an Automotive CTF Japan event.)
Date: Aug. 25, 2024, midnight — 09 Sept. 2024, 23:59 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://vicone.com/jp/automotive-ctf
Rating weight: 0
Event organizers: VicOne Japan
Date: Aug. 25, 2024, midnight — 09 Sept. 2024, 23:59 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://vicone.com/jp/automotive-ctf
Rating weight: 0
Event organizers: VicOne Japan
新的 RAMBO 攻击利用隔离计算机中的 RAM 窃取数据
4 months 1 week ago
一种被称为“RAMBO”(用于进攻的隔离内存总线辐射)的新型侧信道攻击会从设备的 RAM 产生电磁辐射,以从隔离的计算机发送数据。
隔离系统通常用于对安全性要求极高的任务关键型环境,例如政府、武器系统和核电站,这些系统与公共互联网和其他网络隔离,以防止恶意软件感染和数据盗窃。
尽管这些系统没有连接到更广泛的网络,但它们仍然可能受到通过物理介质如USB 驱动器,引入恶意软件感染或发起复杂供应链攻击。
该恶意软件可以秘密操作,以调制隔离系统的 RAM 组件,从而允许将机密从计算机传输到附近的接收者。属于此类攻击的最新方法来自以色列大学的研究人员,由 Mordechai Guri 领导,他是隐蔽攻击渠道方面经验丰富的专家,曾开发出使用网卡 LED、USB 驱动器 RF 信号、SATA 电缆和电源泄漏数据的方法。
RAMBO 攻击如何运作
为了实施 Rambo 攻击,攻击者会在隔离的计算机上植入恶意软件,以收集敏感数据并准备传输。它通过操纵内存访问模式(内存总线上的读/写操作)从设备的 RAM 产生受控的电磁辐射来传输数据。
这些发射本质上是恶意软件在 RAM 内快速切换电信号(开关键控“OOK”)的副产品,该过程不会受到安全产品的主动监控,也无法被标记或停止。
执行 OOK 调制的代码
发射的数据被编码为“1”和“0”,在无线电信号中表示为“开”和“关”。研究人员选择使用曼彻斯特编码来增强错误检测并确保信号同步,从而减少接收端出现错误解释的可能性。
攻击者可能会使用带有天线的相对便宜的软件定义无线电 (SDR) 来拦截调制的电磁辐射并将其转换回二进制信息。
单词“DATA”的EM信号
性能和限制
RAMBO 攻击的数据传输速率高达 1,000 比特每秒 (bps),相当于每秒 128 字节,或 0.125 KB/s。
按照这个速率,窃取 1 兆字节数据大约需要 2.2 小时,因此 RAMBO 更适合窃取少量数据,如文本、按键和小文件。
研究人员发现,在测试攻击时可以实时进行键盘记录。但是,窃取密码需要 0.1 到 1.28 秒,窃取 4096 位 RSA 密钥需要 4 到 42 秒,窃取小图像需要 25 到 250 秒,具体取决于传输速度。
数据传输速度
快速传输的最大范围限制为 300 厘米,误码率为 2-4%。中速传输可将距离增加到 450 厘米,同时误码率相同。最后,误码率几乎为零的慢速传输可以在长达 7 米的距离内可靠地工作。
研究人员还尝试了高达 10,000 bps 的传输,但发现任何超过 5,000 bps 的速度都会导致信噪比非常低,从而无法进行有效的数据传输。
阻止 RAMBO
Arxiv 上发表的技术论文提供了几项缓解建议来减轻 RAMBO 攻击和类似的基于电磁的隐蔽通道攻击,但它们都引入了各种花费开销。
建议实施严格的区域限制以增强物理防御、RAM 干扰以破坏源头的隐蔽通道、外部 EM 干扰以破坏无线电信号,以及法拉第外壳以阻止气隙系统向外发出 EM 辐射。
研究人员针对虚拟机内运行的敏感进程测试了 RAMBO,发现它仍然有效。然而,由于主机内存容易与主机操作系统和其他虚拟机发生各种交互,攻击可能会很快被阻止。
胡金鱼
CVE-2014-6018 | global beauty research 1.6 X.509 Certificate cryptographic issues (VU#582497)
4 months 1 week ago
A vulnerability has been found in global beauty research 1.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues.
This vulnerability is known as CVE-2014-6018. Access to the local network is required for this attack. There is no exploit available.
vuldb.com
CVE-2007-2486 | Motobit 1.3/1.5 download.asp File path traversal (EDB-3831 / XFDB-34005)
4 months 1 week ago
A vulnerability classified as problematic was found in Motobit 1.3/1.5. Affected by this vulnerability is an unknown functionality of the file download.asp. The manipulation of the argument File leads to path traversal.
This vulnerability is known as CVE-2007-2486. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2017-13689 | tcpdump up to 4.9.1 IKEv1 Parser print-isakmp.c ikev1_id_print memory corruption (Nessus ID 103257 / ID 370625)
4 months 1 week ago
A vulnerability was found in tcpdump up to 4.9.1 and classified as critical. This issue affects the function ikev1_id_print of the file print-isakmp.c of the component IKEv1 Parser. The manipulation leads to memory corruption.
The identification of this vulnerability is CVE-2017-13689. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
《人工智能安全治理框架》1.0版发布
4 months 1 week ago
全国网络安全标准化技术委员会发布《人工智能安全治理框架》1.0版。
新的 RAMBO 攻击利用隔离计算机中的 RAM 窃取数据
4 months 1 week ago
建议实施严格的区域限制以增强物理防御、RAM 干扰以破坏源头的隐蔽通道、外部 EM 干扰以破坏无线电信号等。
33 open-source cybersecurity solutions you didn’t know you needed
4 months 1 week ago
Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals. In this article, you will find a list of 33 open-source cybersecurity tools for Linux, Windows, and macOS that you should consider to enhance protection and stay ahead of potential threats. Authentik: Open-source identity provider Authentik is an open-source identity provider … More →
The post 33 open-source cybersecurity solutions you didn’t know you needed appeared first on Help Net Security.
Help Net Security
CVE-2007-2495 | Microsoft Excel Viewer 3.x OCX ActiveX Control stack-based overflow (EDB-3830 / XFDB-34011)
4 months 1 week ago
A vulnerability was found in Microsoft Excel Viewer 3.x. It has been classified as critical. Affected is an unknown function of the component OCX ActiveX Control. The manipulation leads to stack-based buffer overflow.
This vulnerability is traded as CVE-2007-2495. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to disable the affected component.
vuldb.com
InForSec祝各位老师节日快乐!
4 months 1 week ago
在2024年教师节来临之际,InForSec祝各位老师节日快乐!
知识之光,照亮一生!致敬每一位师者(评论有奖)
4 months 1 week ago
祝老师们教师节快乐!
CVE-2017-13688 | Apple macOS up to 10.13.1 tcpdump memory corruption (HT208221 / Nessus ID 100472)
4 months 1 week ago
A vulnerability was found in Apple macOS up to 10.13.1. It has been classified as very critical. Affected is an unknown function of the component tcpdump. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2017-13688. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8567 | itsourcecode Payroll Management System 1.0 ajax.php id sql injection
4 months 1 week ago
A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_deductions. The manipulation of the argument id leads to sql injection.
The identification of this vulnerability is CVE-2024-8567. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com