Aggregator

CISA Details Red Team Assessment Including TTPs & Network Defense

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 1 week ago

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment (RTA) conducted on a critical infrastructure organization in the United States. The assessment, carried out over three months, simulated real-world cyberattacks to evaluate the organization’s cybersecurity defenses, detection capabilities, and response readiness. This comprehensive analysis sheds light on the tactics, […]

The post CISA Details Red Team Assessment Including TTPs & Network Defense appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

亚马逊限制向阿拉伯国家寄送 LGBTIQ 等类别禁书

Solidot
2 months 1 week ago
加拿大多伦多大学公民实验室对电商巨头亚马逊(amazon.com)的调查发现,该平台上有 17,050 种商品被限制寄送到一个或多个地区。亚马逊限制最多的商品类别是书籍,而禁书类别主要是 LGBTIQ、神秘学、成人文学、基督教,以及健康和保健。受影响国家主要包括阿联酋、沙特阿拉伯等中东国家,以及文莱、巴布亚新几内亚、塞舌尔和赞比亚。研究人员发现,在至少一个地区亚马逊审查了其平台上逾 1.1% 的书籍。审查存在很多分类错误,比如乳腺癌相关的图书,使用“food porn”名字的食谱,尼采的《Gay Science》,曼妥思的 rainbow 糖果。亚马逊被指违反了与 LGBTIQ 等相关的承诺。

CVE-2023-43775 | Eaton SMP SG-4260 resource consumption (Duplicate CVE-2022-33860)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Eaton SMP SG-4260. It has been classified as problematic. This affects an unknown part. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2023-43775. The attack can only be done within the local network. There is no exploit available. It looks like this entry got a duplicate CVE-2022-33860 assigned.
vuldb.com

尽快提交!《嘶吼2024中国网络安全产业势能榜》调研征集即将结束

嘶吼
2 months 1 week ago

为表彰在网络安全领域做出卓越贡献、并持续推动技术创新的“中国网安优能企业“,嘶吼发起了《嘶吼2024中国网络安全产业势能榜》评选,目前该活动已进入最后申报阶段

评选介绍

本次评选的维度设计引申自经济学中“品牌市场力”的概念模型,该模型是指某企业所代表的品牌,其市场占有力、创利能力、持久发展力的综合表现。强势的品牌市场力,代表着企业及其服务(产品)质量稳定、技术过硬、价格合理、营销得当,既能充分满足市场与甲方的需求,又能够收获稳定的市场份额。

嘶吼安全产业研究院在此模型基础上,将评选维度设定为“市场势能、创利势能、发展势能”,其中:

【市场势能】重点考量参选企业对市场需求的把握与洞鉴能力,同时也是企业技术能力、创新能力、品牌辐射力与客户满意度的具象呈现。

【创利势能】重点考量企业商业闭环与模式自洽的能力,是其营收能力、成果转化能力与高效能投入产出比的展现。

【发展势能】是企业发展基本盘的综合评估,是企业自身价值与行业贡献价值的双向加成。

评选将依据厂商类型不同(“综合型”、“专精型”、“创新型”)结合企业报名情况及嘶吼安全产业研究院总体调研情况,评选出各类型的优能企业。

参与方式

关注公众号“嘶吼专业版”,回复“势能榜2024”即可下载《嘶吼2024中国网络安全产业势能榜调研表》完整版

厂商自主报名,根据自身企业性质从“综合型”、“专精型”、“创新型”三类中选择一类进行材料申报,嘶吼安全产业研究院分析团队从报名厂商中依据填写的真实数据进行公平评选。

“综合型”、“专精型”、“创新型”的界定如下

“综合型”的界定:企业定位立足于提供全方位综合解决方案/产品而非专一方向,公司业务可能涵盖数据安全、信创安全、基础设施安全、业务安全、物联网安全、工控安全、边界安全、移动安全、应用安全、云安全、安全服务等至少5个方向,每个主要具体方向年度实际营收不低于1000万元人民币,固定员工人数(不含外包)为300人以上

“专精型”的界定:企业定位立足于提供专精方向解决方案/产品,如专注数据安全、信创安全、基础设施安全、业务安全、物联网安全、工控安全、移动安全、边界安全、云安全、应用安全等1-2类,已形成较为稳定的客户和销售渠道,专精业务相关年度实际营收不低于1000万元人民币或近2年新增股权融资总额2000万元以上,固定员工人数(不含外包)为100人以上

“创新型”的界定:企业成立时间为2019年1月1日以后或主营业务转移网络安全方向时间不超过5年,融资轮次为B轮以下(不含B轮),成立之初是基于某种创新,如技术、服务、解决方案等,目前企业的主要精力为打磨产品,拓展销售渠道和客户,固定员工人数(不含外包)不足70人。

填写说明

1 务必客观、真实填写该问卷,嘶吼安全产业研究院分析师团队会综合历年数据进行数据校验,如偏差过大,将直接取消参与本次榜单评选资格

2 绿色底框为必填部分,后附有填写说明和具体填写示例,请按说明要求填写,方便后续嘶吼分析师团队整理数据,请注意,不要删减行列!(“请举例”部分不用担心格子小分析师看不到,请在规定表格里面填写)

3 问卷填写过程的一切问题,可直接和嘶吼调研团队进行沟通,问卷最后附咨询微信二维码

4 如无问题,请于11月30日前提交问卷,并与企业logo ai格式源文件一并发送至最新指定邮箱:[email protected]

5 最终获选企业名单及数量根据实际调研情况评出

山卡拉

CVE-2024-52949 | iptraf-ng Interface Length IFNAMSIZ buffer overflow

VulDB Recent Entries
2 months 1 week ago
A vulnerability was found in iptraf-ng. It has been classified as critical. Affected is an unknown function of the component Interface Length Handler. The manipulation of the argument IFNAMSIZ leads to buffer overflow. This vulnerability is traded as CVE-2024-52949. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-53278 | gqevu6bsiz WP Admin UI Customize Plugin up to 1.5.13 on WordPress cross site scripting

VulDB Recent Entries
2 months 1 week ago
A vulnerability was found in gqevu6bsiz WP Admin UI Customize Plugin up to 1.5.13 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-53278. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-10471 | Everest Forms Plugin up to 3.0.4.1 on WordPress Setting cross site scripting

VulDB Recent Entries
2 months 1 week ago
A vulnerability has been found in Everest Forms Plugin up to 3.0.4.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-10471. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 1 week ago

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text. This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such as passwords, posing a significant security risk in affected systems. Details of the Vulnerability The […]

The post IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Balaji

Google iOS App 在第三方网站注入链接

Solidot
2 months 1 week ago
Google 的 iOS 应用推出了一项受争议功能:在第三方网站页面注入链接,用户点击链接会返回 Google Search。网站所有者可选择退出,但可能需要 30 天退出才会生效。搜索巨人在世界各地面临反垄断诉讼,它的这一做法引发了争议。Google 声称该功能叫 Page Annotations,它会从网页中提取出令人感兴趣的主题,以链接形式高亮,点击链接会打开 Google 搜索该主题,而该链接网站原本没有放置。

CVE-2021-3712 | Oracle PeopleSoft Enterprise PeopleTools 8.57/8.58/8.59 Security out-of-bounds (Nessus ID 211827)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Oracle PeopleSoft Enterprise PeopleTools 8.57/8.58/8.59. It has been classified as critical. Affected is an unknown function of the component Security. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2021-3712. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-3712 | Oracle Secure Backup out-of-bounds (Nessus ID 211827)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in Oracle Secure Backup. Affected by this issue is some unknown functionality of the component Secure Backup. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2021-3712. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-3712 | Oracle MySQL Connectors up to 8.0.27 Connector/C++ out-of-bounds (Nessus ID 211827)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Oracle MySQL Connectors up to 8.0.27 and classified as critical. Affected by this issue is some unknown functionality of the component Connector/C++. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2021-3712. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-3712 | Oracle MySQL Connectors up to 8.0.27 Connector/ODBC out-of-bounds (Nessus ID 211827)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Oracle MySQL Connectors up to 8.0.27. It has been classified as critical. This affects an unknown part of the component Connector/ODBC. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2021-3712. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-3712 | Oracle MySQL Workbench up to 8.0.26 OpenSSL out-of-bounds (Nessus ID 211827)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Oracle MySQL Workbench up to 8.0.26 and classified as critical. Affected by this issue is some unknown functionality of the component OpenSSL. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2021-3712. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-3712 | Oracle MySQL Enterprise Monitor up to 8.0.25 OpenSSL out-of-bounds (Nessus ID 211827)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Oracle MySQL Enterprise Monitor up to 8.0.25. It has been declared as critical. This vulnerability affects unknown code of the component OpenSSL. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2021-3712. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad