Aggregator

A vulnerability classified as critical was found in Apple macOS up to 10.12.1. This vulnerability affects unknown code of the component Grapher. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-7622. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Новая версия macOS всколыхнула ИБ-сообщество.

根据《自然》发表的一篇论文，一个黑洞喷射出的一对巨大喷流。这对喷流总长约 2300 万光年，是迄今已知的最长黑洞喷流。 超大质量黑洞会发射强大的辐射和粒子喷流。当它们持续数百万年，通过向宇宙中发射电子、原子核和磁场可以影响星系际介质中的物质流动。过去观察的黑洞喷流大小不会超过 5 百万秒差距（1百万秒差距约为 326 万光年）。 加州理工研究人员分析了来自国际低频阵列（LOFAR）望远镜的射电图像，以研究百万秒差距尺度的黑洞能量流。他们在分析后识别出了巨大的喷流，并命名为“波尔费里翁”。对望远镜数据的初步检查表明，这对喷流的总长度至少达到 6.43 百万秒差距。研究人员用数学公式进行了修正，得出“波尔费里翁”的总长度在 6.8—7.3 百万秒差距。 “波尔费里翁”的存在证明超大质量黑洞喷流能在极遥远的宇宙距离上形成，而不毁于流体不稳定性。但研究人员指出，要理解“波尔费里翁”保持稳定的力学原理还需要更多研究。

A vulnerability classified as critical has been found in Apple macOS up to 10.12.1. This affects an unknown part of the component Foundation. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-7618. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A new report by Check Point Software highlights a significant increase in cloud security incidents, largely due to a lack of cybersecurity expertise and employee training

树立能源行业安全运营标杆

IDC最新攻击面管理报告出炉，360多项能力获五星评价

JSP3/2.0.14

A vulnerability has been found in WordPress 2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file XMLRPC.PHP of the component XMLRPC Handler. The manipulation leads to sql injection. This vulnerability is known as CVE-2007-3140. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component.

总结推荐本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

Trend Micro - Infection Chain2024-09-08 TrendMicro Earth Baxia Uses Spear-Phishing and GeoServer Ex

A vulnerability has been found in Apple watchOS up to 3.1.2 and classified as critical. This vulnerability affects unknown code of the component FontParser. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4688. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in BGEnergy 1.153.0034 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6870. The attack needs to be approached within the local network. There is no exploit available.

戳我立即查看

黑客组织 NullBulge 入侵了迪士尼企业内部通信使用的工具 Slack，窃取并公开了数千 Slack 频道的数据，包括代码和未发布项目信息。NullBulge 泄露了愈 1 TB 数据，这一入侵发生在 7 月，迪士尼 8 月表示正对此展开调查。路透社现在报道，迪士尼计划停止将 Slack 作为整个公司的协作工具，部分团队已经切换到其他协作工具，预计今年晚些时候完成过渡。

A vulnerability, which was classified as critical, was found in barcode scanner 2.3.0. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-6869. Access to the local network is required for this attack to succeed. There is no exploit available.

支撑企业安全架构的技术方向，提升安全防护水平的方法体系。

So Ive been working on this project for the better part of 2 years on and off. I have this