Aggregator

Уязвимость LogoFAIL стала вектором атаки на компьютеры Lenovo.

Sweet Security introduces unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time. Sweet’s platform integrates the capabilities of Application Detection and Response (ADR), Cloud Detection and Response (CDR), and Cloud Workload Protection Platform (CWPP) into one comprehensive solution. This approach delivers detection and response capabilities, unifying insights from every layer of the cloud stack. “The Sweet team has worked tirelessly to build a platform … More →

The post Sweet Security helps organizations protect their cloud environments appeared first on Help Net Security.

美军新一代网络威胁检测平台CANDOR即将投入实战；乌干达央行遭遇严重黑客攻击，628亿先令网络蒸发！| 牛览

UnitedHealth勒索软件攻击事件应吸取的六个备份教训

"We celebrate perfectionism & love building opinionated products with craft" says Chronicle Founder

Executive Summary Introduction Earlier this year, Talos published an update on the ongoing evolution of Akira ransomware-as-a-service (RaaS) that has become one of the more prominent players in the current ransomware landscape. According to this update, for a while in early 2024, Akira affiliates experimented with promoting a new cross-platform variant of the ransomware called […]

The post Inside Akira Ransomware’s Rust Experiment appeared first on Check Point Research.

Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year bonuses. Recipients are instructed to dowload the attached document – an archive file (ZIP) or an MS Office file (e.g., DOCX) – and open it, but the file is corrupted. The recipients are then prompted … More →

The post Phishers send corrupted documents to bypass email security appeared first on Help Net Security.

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation platform. Alleged by a tweet from DailyDarkWeb, the breach is said to have compromised sensitive user data, including names, email addresses, phone numbers, and reservation details. This incident has raised significant alarm over the security and privacy measures in place to […]

The post Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, has been found in Bootstrap up to 3.4.0/4.3.0. Affected by this issue is some unknown functionality of the component Tooltip Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2019-8331. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GNU binutils 2.28. Affected by this issue is the function find_nearest_line of the component addr2line. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2017-7225. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GNU binutils 2.28. This affects the function pe_ILF_object_p of the component BFD Library. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-7226. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in GNU binutils up to 2.27. This affects the function bfd_elf_final_link of the file bfd/elflink.c of the component BFD Library. The manipulation as part of File Descriptor leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2017-7299. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in GNU binutils 2.28. Affected by this vulnerability is the function find_nearest_line of the component objdump. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2017-7224. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows 8/8.1/RT/RT 8.1/Server 2012 and classified as problematic. Affected by this issue is some unknown functionality of the component Error Reporting. The manipulation leads to improper access controls (Memory). This vulnerability is handled as CVE-2015-0001. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability
• CVE-2024-11680 ProjectSend Improper Authentication Vulnerability
• CVE-2024-11667 Zyxel Multiple Firewalls Path Traversal Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this guidance include:

•  Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)
•  Canadian Centre for Cyber Security (CCCS)
• New Zealand’s National Cyber Security Centre (NCSC-NZ)

This guidance was crafted in response to a People’s Republic of China (PRC)-affiliated threat actor’s compromise of "networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign." The compromise of private communications impacted a limited number of individuals who are primarily involved in government or political activity.

CISA and partners encourage network defenders and engineers of communications infrastructure, and other critical infrastructure organizations with on-premises enterprise equipment, to review and apply the provided best practices, including patching vulnerable devices and services, to reduce opportunities for intrusion. For more information on PRC state-sponsored threat actor activity, see CISA’s People's Republic of China Cyber Threat. For more information on secure by design principles, see CISA’s Secure by Design webpage. Customers should refer to CISA’s Secure by Demand guidance for additional product security considerations.

CISA released eight Industrial Control Systems (ICS) advisories on December 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-338-01 Ruijie Reyee OS
• ICSA-24-338-02 Siemens RUGGEDCOM APE1808
• ICSA-24-338-03 Open Automation Software
• ICSA-24-338-04 ICONICS and Mitsubishi Electric GENESIS64 Products
• ICSA-24-338-05 Fuji Electric Monitouch V-SFT
• ICSA-24-338-06 Fuji Electric Tellus Lite V-Simulator
• ICSA-22-307-01 ETIC Telecom Remote Access Server (RAS) (Update B)
• ICSA-24-184-03 ICONICS and Mitsubishi Electric Products (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

2024 年，把 AI 硬件卖到全球第一是一种什么体验？

敢想，敢干！创新大会 2025 嘉宾全阵容官宣！