Aggregator

CVE-2023-39362 | Cacti 1.2.24 SNMP lib/snmp.php os command injection (GHSA-g6ff-58cj-x3cp / EDB-51740)(link is external)

Vuldb Updates
8 months 1 week ago
A vulnerability was found in Cacti 1.2.24 and classified as critical. This issue affects some unknown processing in the library lib/snmp.php of the component SNMP Handler. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2023-39362. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

MoneyGram discloses data breach following September cyberattack(link is external)

Security Affairs
8 months 1 week ago
MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data. In September, American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to several […]
Pierluigi Paganini

The Value of AI-Powered Identity(link is external)

The Hackers News
8 months 1 week ago
Introduction Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately. In the world of cybersecurity, one of the most important areas of application of AI is augmenting and enhancing identity management
The Hacker News

Google 开始向 Android 手机推送防盗锁定功能(link is external)

Solidot
8 months 1 week ago
Google 开始向 Android 手机推送今年早些时候宣布的三项防盗锁定功能。三项工具—— Theft Detection Lock、Offline Device Lock 和 Remote Lock——旨在让用户在手机被盗之后快速锁定设备,防止储存在设备上的任何敏感数据被小偷访问。小米 14T Pro 手机上已经有了前两种工具,第三种工具也出现在 Pixel 手机上。Google 表示它使用 AI 去判断手机是否被人抢走并逃离,在此情况下手机屏幕将会被锁定。Remote Lock 允许用户只通过手机号码就能远程锁定设备。Offline Device Lock 则在小偷长时间断开手机网络连接时自动锁定屏幕。

American Water shuts down systems after cyberattack(link is external)

Help Net Security
8 months 1 week ago

American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affected by the attack, they proactively took their customer portal service (MyWater) offline, and their call center “has limited functionality” while portal is offline. What happened? New Jersey-based American Water is a public utility company with … More →

The post American Water shuts down systems after cyberattack appeared first on Help Net Security.

Zeljka Zorz

全球半导体销售额在八月同比增长 20.6%(link is external)

Solidot
8 months 1 week ago
根据半导体行业协会(SIA)的数据,八月全球半导体销售额达到 531 亿美元,同比增长 20.6%。其中美洲区达到 154 亿美元,同比增长 43.9%,创历史新高。AI、云计算和汽车等行业的需求推动了半导体销售额的不断增长。亚太地区达到 109.5 亿美元,同比增长 17.1%,其中中国 130 亿美元同比增长 19.2%,日本 40 亿美元同比增长 2%。欧洲销售额 47 亿美元,同比下降 9%,原因未给出。从全球范围看,8 月环比数字自 2023 年 10 月以来首次恢复正值,表明半导体行业正走向复苏。

5 Characteristics of Good Threat Intelligence Feeds

Anyrun
8 months 1 week ago

In the rapidly evolving landscape of cybersecurity, access to high-quality threat intelligence feeds is crucial for detecting and mitigating threats in real time. Not all feeds are created equal, however, and choosing the right one can make a significant difference in your organization’s defense strategy. Let’s explore five key characteristics of good threat intelligence feeds […]

The post 5 Characteristics <br>of Good Threat Intelligence Feeds appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

业界之声|权小文:卫星互联网安全需坚持“长期主义”(link is external)

嘶吼
8 months 1 week ago

9月10日,2024国家网络安全宣传周创新创业投资专场活动在广州举办。圆桌对话环节,盛邦安全董事长兼总经理权小文就卫星互联网产业发展分享自身看法。在他看来,卫星互联网并不是简单地对传统卫星网络进行升级改造,而是一种全新的产业变革,它将卫星通信与互联网技术相结合,形成一套天网地网融合的新型网络系统。

卫星互联网是指以卫星为接入手段的互联网宽带服务模式,好比将地面基站搬到太空中,每颗卫星就是一个基站。随着卫星互联网产业迅速发展,应用场景与商业模式接连落地的同时,安全挑战也随之而来。这就要求行业企业得“跟上节奏”,用有效的安全措施来保障通信的安全与隐私。

近年来,我国高度重视和支持卫星互联网产业发展,出台了一系列政策与措施。早在2020年4月,国家发改委就将卫星互联网纳入“新基建”信息基础设施范畴。工信部2021年印发《“十四五”信息通信行业发展规划》提出了加快布局卫星通信,初步形成覆盖全球、天地一体的信息网络,为陆海空天各类用户提供全球信息网络服务。

而就在上个月,中国版“星链”——千帆星座(G60星链计划)首批组网卫星成功发射,在权小文看来,这也说明了我国围绕卫星互联网已经有实际的动作和落地,而不再仅是局限于传统卫星网络。“无论从产业政策、技术储备、运营主体、商业模式探索哪个层面来看,我国卫星互联网产业已经迈入奇点。”

权小文表示,作为国内率先进军卫星互联网安全赛道的专业厂商,盛邦安全一直坚持“差异化思考”和“长期主义”,通过自研+并购的方式,已经形成了完整、丰富的卫星互联网安全产品组合。

“今年5月,我们正式进军卫星互联网安全赛道,围绕卫星互联网的体系结构、脆弱性等关键领域,形成了卫星互联网网络空间态势感知能力。”据权小文介绍,盛邦安全早在2021年就开展了卫星互联网安全技术的研发,现已通过漏洞识别评估发展出5G/6G卫星互联网漏洞分析技术等脆弱性检测技术,并在卫星互联网安全领域申请多项专利。

谈及行业发展,权小文表示,要秉持“长期主义”精神。以盛邦安全为例,早期做“精”,中期做“深”,现在做“融合”。他坦言,当技术发展到一定程度后,单一技术的迭代空间有限,融合则成为关键。卫星互联网不仅是技术的融合,也是一种应用场景的融合,会创造更多商业价值,特别是对于最终用户而言。“我们目前投资了多家网络安全公司,加速卫星互联网安全领域这一国家‘新基建’方向的的前瞻布局,开拓卫星互联网安全新质生产力全新蓝海。”

安全是信息化领域发展的永恒话题,卫星互联网当然也不例外。权小文认为,就卫星互联网产业发展,企业需要以跨学科融合的全局视角来解决网络安全行业的实战化挑战,这样才能确保自身技术处于行业前沿。在这一过程中,还需始终坚持“长期主义”,完善相关标准,持续创新技术,构建坚实安全防线,共同推动这一新兴产业健康与可持续发展。

原文链接

盛邦安全

Managed ad