Aggregator

本文6281字   阅读约需 16分钟近日，云安全联盟（CSA）发布的《2024年顶级云计算威胁报告》（简称《报告》）显示，云安全问题严重性并未得到缓解，包括错误配置、IAM问题、不安全的接口和API

COMThanasia With this tool, you will be able to detect: Incorrect access control to a COM object (LaunchPermission , AccessPermission) – LPE through abusable COM methods, DCOM Authentication relaying. That’s PermissionHunter. Incorrect registry rights to...

The post COMThanasia: analyzing common vulnerabilities in COM appeared first on Penetration Testing Tools.

grapheneX In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more...

The post grapheneX: Automated System Hardening Framework appeared first on Penetration Testing Tools.

Termineter Termineter is a Python framework that provides a platform for the security testing of smart meters. It implements the C1218 and C1219 protocols for communication over an optical interface. Currently supported are Meters...

The post Termineter: Smart Meter Security Testing Framework appeared first on Penetration Testing Tools.

A vulnerability was found in Zoho ManageEngine EventLog Analyzer 9.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Eventlog. The manipulation leads to improper access controls. This vulnerability is known as CVE-2014-6043. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Apple iOS up to 11.4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2018-4355. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士OpenAI 最近发布一份报告称，从今年开始，该公司已阻断超过20起网络攻击和隐秘的影响行动，包括伊朗国家黑客组织攻击活动。报告中提到了三个黑客组织

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士CISA 提醒称，威胁行动者正在滥用未加密的可持久性 F5 BIG-IP cookie 来识别和攻击位于目标网络上的内部设备。通过映射内部设备，威胁

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-823410632024年9月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063（来源：国家数据局）分享网络安全知识 强化网络安全意识欢迎关注《中国信息安全》杂志官方抖音号《中国信息安全》杂志倾力推荐

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 中信银行安全保卫部总经理 张元明；中信银行安全保卫部 陈思义；中信银行大数据中心 孙嘉禾随着数字化转型的不断深入

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 中国电子技术标准化研究院党委书记、副院长 杨建军近日，国家发展改革委、国家数据局、中央网信办、工业和信息化部、财

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 安天战略情报中心2024 年 7 月 19 日，美国网络安全公司“众击”（CrowdStrike）更新了终端安全

A vulnerability classified as critical was found in Moderndecoration Interior Design 1. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-7618. Access to the local network is required for this attack. There is no exploit available.

2024补天白帽大会倒计时5天！主论坛嘉宾议题概览【主论坛上午】议题：基于上下文感知的高效大语言模型红队测试方法议题：隐秘的点击：破解广告欺诈迷局议题：破解汽车隐藏服务：策略与工具【主论坛下午】议题：

A vulnerability classified as critical has been found in Oracle Communications Cloud Native Core Automated Test Suite 23.1.1. Affected is an unknown function of the component Automated Test Suite Framework. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-30861. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Flask up to 1.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-30861. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Google Chrome. This affects an unknown part of the component Printing. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2020-16003. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component PDFium. The manipulation leads to use after free. This vulnerability is known as CVE-2020-16002. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.