全球175国和地区面临风险:14.5万个工控系统暴露于互联网中
多达14.5万个工业控制系统暴露于公开的互联网络上,涉及175 个国家和地区,仅美国就占总暴露量的三分之一以上。
Aggregator
CISA红队发现惊人的关键基础设施风险
4 months 2 weeks ago
美国网络安全防御机构敦促关键基础设施运营商吸取一次志愿者红队测试的经验,不要过度依赖基于主机的终端检测和响应解决方案,而忽视了网络层的保护。
CVE-2005-3265 | Skype up to 1.4.0.83 skype/callto URI memory corruption (VU#668193 / Nessus ID 21451)
4 months 2 weeks ago
A vulnerability classified as critical has been found in Skype. Affected is an unknown function of the component skype/callto URI Handler. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2005-3265. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2005-3267 | Skype up to 1.4.0.83 Client Communication numeric error (VU#905177 / Nessus ID 21451)
4 months 2 weeks ago
A vulnerability classified as critical was found in Skype. Affected by this vulnerability is an unknown functionality of the component Client Communication Handler. The manipulation leads to numeric error.
This vulnerability is known as CVE-2005-3267. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2005-3265 | Skype up to 1.4.0.83 VCARD Import memory corruption (VU#668193 / Nessus ID 21451)
4 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Skype. Affected by this issue is some unknown functionality of the component VCARD Import. The manipulation leads to memory corruption.
This vulnerability is handled as CVE-2005-3265. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2005-3330 | Snoopy 1.2 _httpsrequest input validation (XFDB-22874 / SBV-24242)
4 months 2 weeks ago
A vulnerability was found in Snoopy 1.2. It has been declared as critical. This vulnerability affects the function _httpsrequest. The manipulation leads to improper input validation.
This vulnerability was named CVE-2005-3330. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2005-3060 | IBM AIX 5.2/5.3 bos.rte.shell getconf Call memory corruption (VU#602300 / XFDB-22442)
4 months 2 weeks ago
A vulnerability has been found in IBM AIX 5.2/5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file bos.rte.shell. The manipulation as part of getconf Call leads to memory corruption.
This vulnerability is known as CVE-2005-3060. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2005-3116 | Veritas NetBackup up to 5.1 vmd stack-based overflow (VU#574662 / EDB-1421)
4 months 2 weeks ago
A vulnerability was found in Veritas NetBackup up to 5.1. It has been classified as critical. Affected is an unknown function in the library vmd. The manipulation leads to stack-based buffer overflow.
This vulnerability is traded as CVE-2005-3116. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
360与嘉兴市政府达成三项重大战略合作 共绘数字城市发展新蓝图
4 months 2 weeks ago
在2024年世界互联网大会乌镇峰会期间,360数字安全集团与嘉兴市政府、嘉兴市公安局、嘉兴市南湖区政府正式签署战略合作协议,将围绕城市数字安全体系建设、人工智能产业发展、新型涉网犯罪打击治理等方向展开深入合作,以城市安全服务新模式为警务部门、监管部门等提供技术及服务支撑,共同绘制“数字嘉兴”发展的新蓝图。
签约仪式现场,嘉兴市政府领导、嘉兴市公安局领导、嘉兴市南湖区区长陈群伟与360数字安全集团总裁胡振泉共同见证了这一重要时刻。
作为国家信息经济试点城市、乌镇互联网创新发展试验区及全国新型智慧城市的重要成员,嘉兴市积极拥抱数字长三角建设的浪潮。嘉兴市政府领导表示,当前,嘉兴正在全力推进数字经济发展、数字治理实践以及数字生态创新等多方面的数字文明建设。360作为国内领先的数字安全企业,在安全和人工智能领域积累了深厚的技术优势与实践成果,为双方合作奠定了坚实基础。期望360能够充分发挥企业优势,加强务实合作,共同书写合作共赢新篇章。
360数字安全集团总裁胡振泉对市委、市政府对企业在嘉兴项目的重视和支持表示感谢,并介绍了360战略布局和业务发展情况。他强调,企业发展愿景与嘉兴发展战略高度契合,360将以此次签署战略合作框架协议为契机,持续加大在嘉兴的投资和业务布局,充分利用360在数字安全及人工智能领域的深厚技术积淀与创新优势,进一步推动嘉兴市在数字经济领域的飞速发展。
据悉,360将从三大方面为嘉兴市数字经济发展提供助力:
在城市数字安全体系建设方面,360将在嘉兴落地“城市安全大脑”数字安全基础设施,通过立体化、智能化、可视化、协同化的城市安全监测预警服务,加强嘉兴市网络安全抗风险能力,赋能行业数字化转型;
在人工智能产业发展方面,360将为嘉兴市量身定制专属的城市GPT大脑以及垂直化的大模型应用,如政务大模型等;
在涉网犯罪打击治理方面,360将依托自身在大数据建模、涉网犯罪情报挖掘等方面的优势,与嘉兴市加强在警务大数据、智慧警务等方面的合作,打击防范新型犯罪,守护公众财产安全。
随后,嘉兴市南湖区人民政府区长陈群伟和360集团副总裁黄剑共同为“360城市安全及大模型创新实验室”揭牌,标志着双方在城市数字安全与大模型创新方面的合作迈出了实质性的一步。
未来,360将与嘉兴市政府携手共进,推动“数字嘉兴”建设迈入新台阶,为“创新浙江”乃至全国的数字经济发展树立城市新标杆,贡献更多智慧与力量!
企业资讯
FortiClient VPN Flaw Enables Undetected Brute-Force Attacks
4 months 2 weeks ago
A design flaw in the logging mechanism of Fortinet’s VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection. This vulnerability, disclosed by cybersecurity researchers at Pentera, highlights a critical gap in Fortinet’s ability to log successful authentication attempts during brute-force attacks, leaving enterprises vulnerable to potential breaches. The issue lies in […]
The post FortiClient VPN Flaw Enables Undetected Brute-Force Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Gurubaran
CVE-2024-44222 | Apple macOS up to 13.6/14.6 information disclosure (Nessus ID 211697)
4 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Apple macOS up to 13.6/14.6. This issue affects some unknown processing. The manipulation leads to information disclosure.
The identification of this vulnerability is CVE-2024-44222. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44216 | Apple macOS up to 13.6/14.6 access control (Nessus ID 211697)
4 months 2 weeks ago
A vulnerability has been found in Apple macOS up to 13.6/14.6 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls.
This vulnerability was named CVE-2024-44216. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2009-0119 | Microsoft Windows XP chm memory corruption (EDB-7720 / BID-33204)
4 months 2 weeks ago
A vulnerability was found in Microsoft Windows XP. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the file chm. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2009-0119. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2009-0133 | Microsoft HTML Help Workshop up to 4.74 memory corruption (EDB-7727 / XFDB-47868)
4 months 2 weeks ago
A vulnerability, which was classified as very critical, was found in Microsoft HTML Help Workshop up to 4.74. Affected is an unknown function of the component HTML Help. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2009-0133. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2009-0174 | VUPlayer 2.49 HREF memory corruption (EDB-7709 / XFDB-47851)
4 months 2 weeks ago
A vulnerability was found in VUPlayer 2.49. It has been classified as very critical. This affects an unknown part. The manipulation of the argument HREF leads to memory corruption.
This vulnerability is uniquely identified as CVE-2009-0174. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2009-0175 | Heathcosoft MP3 TrackMaker 1.5 memory corruption (EDB-7708 / XFDB-47852)
4 months 2 weeks ago
A vulnerability was found in Heathcosoft MP3 TrackMaker 1.5. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to memory corruption.
This vulnerability was named CVE-2009-0175. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2009-0828 | Freedville QuoteBook access control (EDB-7699 / BID-33166)
4 months 2 weeks ago
A vulnerability classified as critical was found in Freedville QuoteBook. This vulnerability affects unknown code. The manipulation leads to improper access controls.
This vulnerability was named CVE-2009-0828. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2009-0832 | Ausimods E-Cart 1.3 items.php CA sql injection (EDB-7698 / BID-33155)
4 months 2 weeks ago
A vulnerability was found in Ausimods E-Cart 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file items.php. The manipulation of the argument CA leads to sql injection.
This vulnerability is handled as CVE-2009-0832. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
【附下载】2024年终 数据安全 分类分级标准规范 汇编
4 months 2 weeks ago
本 期 摘 要
建立数据安全防护体系的第一步,就是梳理数据资产并分类分级。数据分类分级是数据安全治理和数据管理的主要措施,是数据安全合规使用的基础。只有做好分类分级工作,对不同分类不同级别的数据采取不同的安全防护措施,才能做好数据全流程动态保护。
本文要点:
40+分类分级方法及案例
19+地方标准
7+团体标准
12+行业标准
8+国家标准
近年,国家层面相继出台多项数据分类分级标准规范,证券期货、交通运输、渔业、邮政、通信、卫生健康、海洋、民航等行业主管部门制定出了相关配套标准指引;为落实数据分类分级管理,重庆市、北京市、黑龙江省、山西省、安徽省、浙江省、江苏省等多地进一步发布了有关公共、政务、工业数据分类分级试行指南或规范,以提供指导性参考;卷烟制造、能源、媒体、水务、高校、卫生等领域的社会团体协调相关市场主体共同制定出满足市场和创新需要的团体标准。
重庆信通设计院(咨询引领的一体化安全运营者)——首批上海数据交易所“数据安全服务商”,整理了近年8+项国家标准、12+项行业标准、19+项地方标准以及7+团体标准等数据分类分级相关常用文件,以供大家交流分享,共同推动数据安全事业不断前进。
(特别说明:本文搜集资料来源于网络,仅供参考。最终内容请以官方最新版本为准)
分类分级 目录汇编
方法及案例示例
GB/T 43697-2024
数据安全技术 数据分类分级规则
DB21/T3867-2023
工业数据分类分级管理指南
(辽宁省)
DB23/T 3510—2023
政务预公开数据分类分级评估指南
(黑龙江省)
DB32/T 4608.1—2023
公共数据管理规范 第1部分:数据分类分级(江苏省)
金融业数据 分类分级与保护应用研究
来源:重庆信通设计院天空实验室
网络伍豪
CVE-2006-1417 | Caloris Planitia Technologies Web Quiz pro 1.0 prequiz.asp msg cross site scripting (EDB-27480 / XFDB-25431)
4 months 2 weeks ago
A vulnerability was found in Caloris Planitia Technologies Web Quiz pro 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prequiz.asp. The manipulation of the argument msg leads to cross site scripting.
This vulnerability is known as CVE-2006-1417. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com