Aggregator

美空军官员分析美军网络作战规划问题并提出对策建议

编者按美国空军进攻性网络军官约翰·科布近日撰文，分析美国网络任务部队网络战略与战术脱节的三大核心问题，并提出对策建议。首个问题在于网络作战总部分散而狭隘的指挥控制结构导致规划不一致和脱节。文章称，美国

Indiana Attorney General Fines Westend Dental $350K in 2020 Ransomware Hack
An Indiana dental practice agreed to pay the state $350,000 and implement a long list of data security improvements following an alleged 2020 ransomware breach "cover up" that came to light when state regulators investigated a patient complaint about unfulfilled requests for dental X-rays.

Access Management Leaders Remain Unchanged as Customer Identity Cases Proliferate
Advances in customer identity around better user experience, strong authentication, and centralized identity processes have driven rapid growth in the access management market. The space by grew 17.6% to $5.85 billion in 2023 as organizations increasing look to replace homegrown CIAM solutions.

Cyber Defense Agency Aims to Bolster Protections Against Chinese Intrusion
The Cybersecurity and Infrastructure Security Agency is issuing final rules to safeguard U.S. sensitive data from potential Chinese intrusions, requiring Americans involved in restricted transactions with Chinese entities to adopt stringent cybersecurity measures.

DDoS Attacks Primarily Target Logistics, Government and Financial Entities
A spate of distributed denial-of-service attacks during the end-of-year holiday season disrupted operations at multiple Japanese organizations, including the country's largest airline, wireless carrier and prominent banks. The effect of the attacks has been temporary.

随着电子商务的蓬勃发展，网络钓鱼和数据窃取活动日益猖獗。黑客组织不断寻找新的方法来绕过传统的安全防御检测措施，以获取敏感信息，如信用卡数据、个人身份信息和其他财务信息。在最近的一系列攻击活动中，网络安

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

A vulnerability was found in GNU screen 4.0.3. It has been classified as critical. This affects an unknown part. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2007-3048. Attacking locally is a requirement. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability has been found in BT Voyager 2091 Wireless Adsl Router up to 2.21.05.08m_a2pb018c1.d16d and classified as problematic. This vulnerability affects unknown code of the file btvoyager_getconfig.sh. The manipulation leads to improper access controls. This vulnerability was named CVE-2006-3561. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Sante DICOM Viewer Pro. This affects an unknown part of the component JP2 File Parser. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-34297. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Sante DICOM Viewer Pro and classified as critical. This vulnerability affects unknown code of the component DCM File Parser. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2023-34296. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sante DICOM Viewer Pro and classified as critical. This issue affects some unknown processing of the component DCM File Parser. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2023-34295. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sante DICOM Viewer Pro. It has been classified as problematic. Affected is an unknown function of the component DCM File Parser. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-34294. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in EaseUS Todo Backup 20220111.390. Affected is an unknown function of the component Installation. The manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2023-32221. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Sante DICOM Viewer Pro. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to use after free. The identification of this vulnerability is CVE-2023-35734. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as critical was found in Steinbeis Allegra 7.5.0.24. This vulnerability affects the function downloadExportedChart. The manipulation leads to path traversal. This vulnerability was named CVE-2023-51639. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Steinbeis Allegra 7.5.0.24. This issue affects some unknown processing. The manipulation leads to hard-coded credentials. The identification of this vulnerability is CVE-2023-51638. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Steinbeis Allegra 7.5.0 Build 29 and classified as critical. Affected by this issue is the function extarctZippedFile. The manipulation leads to path traversal. This vulnerability is handled as CVE-2023-51640. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.