线下活动|逐一场落日余晖:少数派摄影探索日
线下活动|逐一场落日余晖:少数派摄影探索日
Aggregator
BianLian
4 months 3 weeks ago
cohenido
Akira
4 months 3 weeks ago
cohenido
Akira
4 months 3 weeks ago
cohenido
NSFOCUS DDoS Protection Service Neutralized a Terabit-Scale DDoS Attack
4 months 3 weeks ago
NSFOCUS DDoS Protection Service Neutralized a Terabit-Scale DDoS Attack
RansomHub
4 months 3 weeks ago
cohenido
RansomHub
4 months 3 weeks ago
cohenido
Ivanti Releases Security Updates for Multiple Products
4 months 3 weeks ago
Ivanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti Desktop and Server Management (DSM), Ivanti Connect Secure and Police Secure, Ivanti Sentry, and Ivanti Patch SDK.
CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates:
- Ivanti Cloud Service Application
- Ivanti Desktop and Server Management (DSM)
- Ivanti Connect Secure and Policy Secure
- Ivanti Sentry
- Ivanti Patch SDK (This also affects Ivanti Endpoint Manager (EPM), Ivanti Security Controls, Ivanti Neurons Agent, Ivanti Neurons for Patch Management, and Ivanti Patch for Configuration Manager.)
CISA
CISA Adds One Known Exploited Vulnerability to Catalog
4 months 3 weeks ago
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA
CISA Releases Seven Industrial Control Systems Advisories
4 months 3 weeks ago
CISA released seven Industrial Control Systems (ICS) advisories on December 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
- ICSA-24-345-01 MOBATIME Network Master Clock
- ICSA-24-345-02 Schneider Electric EcoStruxure Foxboro DCS Core Control Services
- ICSA-24-345-03 Schneider Electric FoxRTU Station
- ICSA-24-345-04 National Instruments LabVIEW
- ICSA-24-345-05 Horner Automation Cscape
- ICSA-24-345-06 Rockwell Automation Arena
- ICSA-24-338-01 Ruijie Reyee OS (Update A)
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA
Adobe Releases Security Updates for Multiple Products
4 months 3 weeks ago
Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Adobe Security Bulletin and apply necessary updates:
CISA
Microsoft Releases December 2024 Security Updates
4 months 3 weeks ago
Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following and apply necessary updates:
CISA
Court Ruling Provides Clarity on Appeals Against ICO Fines
4 months 3 weeks ago
The UK’s privacy regulator the Information Commissioner’s Office has welcomed a Court of Appeal ruling
Google Play 上的 SpyLoan Android 恶意软件安装次数达 800 万次
4 months 3 weeks ago
Google Play 上的 SpyLoan Android 恶意软件安装次数达 800 万次
育碧已发布游戏更新修复在Windows 11 24H2上导致蓝屏死机等多种错误
4 months 3 weeks ago
育碧已发布游戏更新修复在Windows 11 24H2上导致蓝屏死机等多种错误
渗透测试 | ViewState反序列化漏洞详解
4 months 3 weeks ago
在一次测试过程中遇到了这个ViewState的反序列化漏洞,本文学习一下viewstate的漏洞原理以及利用方式。
Grupos en Active Directory
4 months 3 weeks ago
Ya llevamos un buen número de artículos de Active Directory, y esto es solo el principio. Hoy vamos a dar...
Juan Antonio González Mena
Hacking fb acct
4 months 3 weeks ago
Hacking fb acct
The Future of Network Security: Automated Internal and External Pentesting
4 months 3 weeks ago
In today’s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay
The Hacker News
因告发 CEO 枪击嫌疑人麦当劳遭遇 1 星差评轰炸
4 months 3 weeks ago
因告发 CEO 枪击嫌疑人麦当劳遭遇 1 星差评轰炸