Aggregator

.NET 一款获取主机远程桌面端口的工具

.NET 一键删除系统日志命令行版本的工具

Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic partnership and integration with Adaptiva provides the foundation of the solution. Vulnerability remediation remains a critical challenge as identifying, testing and installing the countless patches released every day is cumbersome. A recent Tenable report found that only 11% of organizations say they are efficient at vulnerability remediation. The result is that organizations are exposed for … More →

The post Tenable Patch Management prevents problematic updates appeared first on Help Net Security.

大型语言模型（LLMs）应用程序在多个领域带来了显著优势，从文本摘要到实时翻译等。然而，这些技术的优势同时也伴随着潜在的安全风险。

Analyzing Tokenizer Part 2: Omen + Tokenizer

Analyzing Tokenizer Part 2: Omen + Tokenizer

A vulnerability, which was classified as critical, was found in python-ecdsa up to 0.18.0. Affected is an unknown function. The manipulation leads to covert timing channel. This vulnerability is traded as CVE-2024-23342. It is possible to launch the attack remotely. There is no exploit available.

A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK version 4.3.46. This vulnerability arises from the use of a hardcoded decryption key within the application. It allows malicious actors to access sensitive data and execute arbitrary commands with elevated privileges, potentially compromising the security of users’ devices and data. The […]

The post Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

[Guest Diary] Business Email Compromise, (Thu, Dec 5th)

A vulnerability, which was classified as problematic, was found in Bitdefender GravityZone 5.1.5.386. This affects an unknown part of the component Web Console. The manipulation of the argument id leads to path traversal. This vulnerability is uniquely identified as CVE-2014-5350. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

В чем секрет загадочной солнечной короны? Ждем ответа от спутников Proba-3.

中国黑客组织 Salt Typhoon 被指入侵了美国的电信基础设施，利用美国执法机构在电信基础设施中设置的后门去监听电话和阅读短信，但他们无法监听加密消息应用。由于目前无法将黑客从其网络中完全清除掉，美国官员建议使用加密消息应用。网络安全和基础设施安全局（Cybersecurity and Infrastructure Security Agency）官员 Jeff Greene 说，“我们的建议，也是我们内部告诉同事的，并不新鲜：加密是你的朋友，无论是短信还是加密语音通信。即使对手能拦截数据，如果数据经过加密，也会让监听变得不可能。”黑客通过电信基础设施主要针对三类信息：华盛顿特区周边的通话记录或元数据；对特定目标的实时电话监听；以及执法和情报机构使用 CALEA（Communications Assistance for Law Enforcement Act）系统（aka 后门）对通信的跟踪。

11月，火绒安全产品拦截恶意攻击总数：211,638,292次，其中病毒拦截1.1亿次、系统高危动作拦截4559.6万次、网络高危风险拦截5665.9万次。

Orange Cyberdefense found that hacktivist gang Noname has almost exclusively targeted European countries since March 2022, with no attacks impacting the US

威努特工控主机卫士：全面守护关基设施的“中枢神经”

LogicGate introduced the Governance, Risk, and Compliance (GRC) Program Value Realization Tool, available to customers through the Risk Cloud platform. This new tool provides visibility into the financial value of GRC by automatically tracking key program initiatives in real-time. These include resource efficiencies, tracking revenue enablement, and proactive risk reduction, allowing leaders to easily correlate risks with value and more effectively illustrate GRC’s impact on the organization’s bottom line – an industry need that has … More →

The post LogicGate helps organizations quantify the value of GRC programs appeared first on Help Net Security.

Man kann gar nicht genug Vorverkäufe haben!

The cyber threat landscape part 5: Staying safe with multi-layered defense