Aggregator

A vulnerability was found in Diffie-Hellman Key Agreement Protocol. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Order Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-41996. The attack may be launched remotely. There is no exploit available. This vulnerability has a historic impact due to its background and reception.

在2024年4月1日00:00至2024年9月9日23:59期间，提交1个平台审核通过的漏洞即可获得1个补天众测中秋礼盒。

赛门铁克研究人员报告了一种使用罕见技术的后门 Backdoor.Msupedge。它通过 DNS 流量与 C&C（指令控制）服务器通信。它的 DNS 隧道工具是基于公开代码的 dnscat2 工具。Msupedge 还通过 C&C 服务器（ctl.msedeapi[.]net)）域名解析到 IP 地址作为指令。解析后的 IP 地址的第三个八位组是一个开关语句，后门的行为将根据该八位组减去 7 的值而进行改变。攻击者可能是通过最近修复的 PHP 高危漏洞 CVE-2024-4577 入侵系统的，漏洞的危险评分 9.8/10，影响 Windows 系统上安装的所有版本的 PHP，成功利用漏洞允许远程执行代码。

The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure

A vulnerability classified as critical has been found in Gameloft Brothers In Arms 2 Free+ 1.2.0. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-5626. Access to the local network is required for this attack. There is no exploit available.

Most organizations already understand the importance of running a controlled DDoS attack to evaluate the resiliency of their application and to practice event response. However, there are still some misconceptions about the process, tools, and goals of DDoS testing.  You can DIY – all you need is a DDoS attack tool There are many options […]

The post Four Misconceptions about DDoS Testing appeared first on Security Boulevard.

Veriti, a leading force in exposure assessment and remediation is thrille dto announce its mention in the latest 2024 Gartner Emerging Tech: Top Use Cases in Preemptive Cyber Defense. As stated by Gartner in this report, “Preemptive cyber defense technologies are on track to disrupt the overall cybersecurity market. Product leaders must start adopting a preemptive cyber […]

The post Veriti mentioned in the 2024 Gartner® Emerging Tech: Top Use Cases in Preemptive Cyber Defense   appeared first on VERITI.

The post Veriti mentioned in the 2024 Gartner® Emerging Tech: Top Use Cases in Preemptive Cyber Defense   appeared first on Security Boulevard.

8月24日—25日，知道创宇主办的第十三届KCon大会在北京成功举行。

开源情报(OSINT)定位为首选情报来源，AI和ML技术正革新信息收集与分析。了解AI如何助力实时监控、多语言分析、预测未来事件，推动开源情报领域的进步。

A vulnerability was found in gamegou Perfect Kick 1.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-5625. The attack needs to be initiated within the local network. There is no exploit available.

Неужели наше появление все-таки не случайность?

A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted. Media reported that the Port of Seattle, which also operates the Seattle-Tacoma International Airport, has suffered a cyber attack that impacted the websites, email and phone services. According to The Seattle Times, the cyber […]

A vulnerability was found in WebKitGTK+. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to race condition. This vulnerability is known as CVE-2012-3748. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Snort 2.6.1.1/2.6.1.2/2.7 Beta1. Affected by this vulnerability is an unknown functionality of the component frag3 Preprocessor. The manipulation leads to denial of service. This vulnerability is known as CVE-2007-1398. The attack can be launched remotely. Furthermore, there is an exploit available.

台湾刑事警察局搜查了台中一处将空房变成 24 小时盗录有线电视讯号的机房，查获了 72 个机顶盒，72 台编码器，服务器两台，PC 两台、Switch 六台，逮捕了两名嫌疑人。该机房属于晴天 TV 应用的下游分部，上游位于大陆。逮捕的两名嫌疑人其中一人负责承租场地架设机房，另一人则负责网络营销。晴天 TV 允许用户一年花费 950 新台币，即可不受限制的观看各个频道的流媒体节目。警方查获的纪录显示，过去两年至少有 3 千笔交易，获利逾 250 万，此次破获的机房可能只是盗版产业链的冰山一角。

·政策 《全国重点城市IPv6流量提升专项行动工作方案》 《北京市推动“人工智能+”行动计划（2024-2025年）》 《中共中央办公厅 国务院办公厅关于完善市场准入制度的意见》 《数字化绿色化协同转型发展实施指南》 ·标准 《旅游大数据安全与隐私保护要求（征求意见稿）》

8月23日，XCon2024安全焦点信息安全技术峰会成功举办。

A vulnerability was found in Trend Micro Maximum Security, Internet Security and Antivirus+Securiuty 11.0 and classified as critical. Affected by this issue is some unknown functionality of the component Self-Protection. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2017-5565. Attacking locally is a requirement. There is no exploit available.

The Chinese cyber espionage group was observed jailbreaking a Cisco switch appliance using a zero-day exploit