Aggregator

近日，宾夕法尼亚大学的工程研究团队揭示了AI驱动机器人中存在的关键漏洞，这些漏洞可以被恶意操控，导致机器人执行危险任务，包括引爆炸弹。研究团队在这项研究中开发了一种名为RoboPAIR的算法，成功实现

Ransomware’s history is littered with threat actors that rise and fall but every now and then a new name appears that grabs people’s attention for the wrong reasons. RansomHub, a ransomware-as-a-service (RaaS) platform which seems to have successfully recruited affiliates from the downed BlackCat and Lockbit groups during 2024, is the latest example of this […]

The post Ransomware borrows industry tools to target corporate EDR  appeared first on Ransomware.org.

A vulnerability, which was classified as critical, was found in Acronis Cyber Files on Windows. This affects an unknown part. The manipulation leads to incorrect default permissions. This vulnerability is uniquely identified as CVE-2024-49389. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

亚马逊 CEO Andy Jassy 上个月在一份备忘录中通知员工，他们每周需要去办公室工作五天，改变了此前每周需要去办公室工作至少三天的政策。新政策将于 2025 年开始实施。对于想要继

A vulnerability was found in Best Free Giveaways 0.1. It has been declared as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7788. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Jetty 4.1.0 Rc4. Affected by this vulnerability is an unknown functionality of the component JSP Servlet. The manipulation with the input %0A leads to basic cross site scripting. This vulnerability is known as CVE-2002-1533. The attack can be launched remotely. Furthermore, there is an exploit available.

If you’re a firm that works with foreign governments, in addition to certifications like ISO 27001 that you will generally need to achieve, you will also have to have processes in place for handling foreign government information or FGI. It’s not enough that your internal network is classified and access controlled; you need specific handling […]

The post Managing Foreign Government Information (FGI) on a Network appeared first on Security Boulevard.

工具更新

工具更新

工具更新

工具更新

工具更新

Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. [...]

文章的核心观点在于强调特种作战部队机构建设（SOFIB）方法在国家和机构层面上对乌克兰特种作战部队能力的提升和可持续性建设的重要性。

A vulnerability was found in synapse iShuttle 1. It has been classified as critical. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7787. Access to the local network is required for this attack to succeed. There is no exploit available.