Aggregator
CVE-2024-45455 | JoomUnited WP Meta SEO Plugin up to 4.5.13 on WordPress cross site scripting
CVE-2024-45456 | JoomUnited WP Meta SEO Plugin up to 4.5.13 on WordPress cross site scripting
CVE-2024-45696 | D-Link DIR-X4860 A1/COVR-X1870 Telnet Service backdoor
CVE-2024-45457 | Spiffy Plugins Spiffy Calendar Plugin up to 4.9.13 on WordPress cross site scripting
CVE-2024-45458 | Spiffy Plugins Spiffy Calendar Plugin up to 4.9.13 on WordPress cross site scripting
售价高达 100 万的 AI 产品,有钱人排队求买,为什么?
CVE-2022-22675 | Apple macOS up to 12.3.0 AppleAVD out-of-bounds write (HT213220)
CVE-2022-22675 | Apple watchOS up to 8.5.1 AppleAVD out-of-bounds write (HT213253)
CVE-2022-22675 | Apple tvOS up to 15.4.1 AppleAVD out-of-bounds write (HT213254)
How to detect and stop bot activity
Bad bot traffic continues to rise year-over-year, accounting for nearly a third of all internet traffic in 2023. Bad bots access sensitive data, perpetrate fraud, steal proprietary information, and degrade site performance. New technologies are enabling fraudsters to strike faster and inflict more damage. Bots’ indiscriminate and large-scale attacks pose a risk to businesses of all sizes in all industries. But there are techniques your business can adopt to address this malicious activity. By leveraging … More →
The post How to detect and stop bot activity appeared first on Help Net Security.
CVE-2006-5934 | Iexpress Estate Agent Manager up to 1.3 sql injection (EDB-2773 / XFDB-30216)
Exploding pagers and the new face of asset-centric warfare
Attacks on critical infrastructure The explosion of the Soviet gas pipeline in 1982 was one of the first well-known instances of critical infrastructure being targeted through a software modification that contained a hidden malfunction. In this instance, the Soviets were stealing Western technology and the CIA slipped the flawed software to them without their knowledge. While the explosion itself didn’t cause any fatalities, it did cause some damage to the Soviet economy as per Washinton Post. With the intensification of hybrid warfare, we have seen multiple attacks on ICS-based critical infrastructure in Europe and the Middle East. These attacks were designed not just to destabilize the systems but also to cause a major kinetic impact. No systems or assets are out of bounds today. State-backed actors from countries like North Korea are not just after technology and revenue but also act as conduits for other countries to infiltrate the critical infrastructure of their adversary nations. Read more: Buyers guide to OT/ICS cybersecurity solutions A case study In a recent instance, Sectrio’s Asset Research Team uncovered an anomaly in hardware supplied to a critical infrastructure operator. In this instance, same OEM supplied was supposed to supply the same hardware to two divisions of the same business. However, the hardware supplied to one entity, when examined, showed a deviation that was found to enable a backdoor communication with an obscure server using a now obsolete protocol that was sparingly used in the 90s. The OEM in this case claimed that the anomaly was a generational remnant from an old version. How it made its way to only one piece of hardware and not the other is a question that was not answered to our satisfaction. The hardware belonged to the same batch and even had sequential serial numbers adding to the mystery. This could be a genuine error but it is an error that could potentially be exploited by a bad actor. Supply chain challenges As the Lebanon episode clearly showed, OEMs now have to ensure the integrity of their hardware well beyond their shop floors. ICS/OT operators should also watch out for anomalous behaviors and risky interactions that could jeopardize operations and plant safety levels. One way of offsetting these challenges is to ensure the systems undergo Security Acceptance Tests (SAT) along with Factory Acceptance Tests (FAT). This will ensure the integrity of the assets and call out any security issues before they are added to the infrastructure. A ‘maker-checker’ approach is the way to go. Recommended cybersecurity measures to risk-proof ICS assets While IEC 62443 and NIST CSF-based risk assessment and gap analysis is a good place to start, the outcomes of such an assessment can and should be used across the enterprise to improve security posture. Here are some of the other steps that can be taken to secure ICS and OT assets and infrastructure: Talk to us to learn how your crown jewels and assets can be protected through a custom-built ICS/OT cybersecurity plan. Contact us now! Book a consultation with our OT/ICS cybersecurity experts now. Contact Us Thinking of an ICS security training program for your employees? Talk to us for a custom package.
The post Exploding pagers and the new face of asset-centric warfare appeared first on Security Boulevard.
Striking the balance between cybersecurity and operational efficiency
In this Help, Net Security interview, Michael Oberlaender, ex-CISO, and book author, discusses how to strike the right balance between security and operational efficiency. Oberlaender advises companies starting their cybersecurity journey and stresses the importance of aligning with various frameworks. He also introduces his latest book, which provides insights into the CISO role and effective cybersecurity leadership. How do you balance the need for security with operational efficiency and flexibility in an organization’s cybersecurity strategy? … More →
The post Striking the balance between cybersecurity and operational efficiency appeared first on Help Net Security.
CVE-2007-3077 | EQdkp 1.3.2 listmembers.php rank sql injection (EDB-4030 / XFDB-34699)
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
CVE-2007-3082 | sendcard 3.4.1 sendcard.php sc_language path traversal (EDB-4029 / XFDB-34697)
CVE-2007-3052 | PNphpBB 1.2i index.php c sql injection (EDB-4026 / Nessus ID 25421)
超过 1000 个 ServiceNow 实例被发现泄露企业知识库数据
超过 1,000 个配置错误的 ServiceNow 企业实例被发现将包含敏感公司信息的知识库 (KB) 文章暴露给外部用户和潜在威胁者。暴露的信息包括个人身份信息 、内部系统详细信息、用户凭据、实时生产系统的访问令牌以及取决于知识库主题的其他重要信息。
尽管 ServiceNow 在 2023 年的更新明确旨在改进访问控制列表 (ACL),但这仍然是一个重大问题。
公开的知识库文章
ServiceNow 是一个基于云的软件平台,企业使用它来管理跨不同部门和流程的数字工作流。它是一个完整的解决方案,包含 IT 服务和 IT 运营管理、人力资源任务、客户服务管理、安全工具集成和知识库。
知识库功能充当文章存储库,用户可以在其中共享操作指南、常见问题解答和其他内部程序,供有权查看这些内容的用户使用。但是,由于许多此类文章并非公开发布,因此它们可能包含有关组织的敏感信息。
在 2023 年发布有关 ServiceNow 数据泄露的报告后,该公司推出了一项安全更新,引入了新的 ACL,以防止未经身份验证访问客户数据。然而,AppOmni 表示,大多数 ServiceNow 知识库使用的是用户标准权限系统而不是 ACL,这使得更新的用处不大。
此外,一些面向公众的、暴露客户信息的小部件没有收到 2023 ACL 更新,并继续允许未经身份验证的访问。因此,Costello 表示,面向公众的 ServiceNow 小部件上配置错误的访问控制仍可用于查询知识库中的数据,而无需任何身份验证。
AppOmni 在发布的新报告中表示:“受影响的企业认为这些实例本质上是敏感的,例如 PII、内部系统详细信息以及实时生产系统的有效凭证/令牌。”使用 Burp Suite 等工具,恶意分子可以向易受攻击的端点发送大量 HTTP 请求,以暴力破解知识库文章编号。
研究人员解释说,知识库文章 ID 以 KBXXXXXXX 格式递增,因此威胁者可以通过从 KB0000001 开始递增 KB 编号来暴力破解 ServiceNow 实例,直到找到一个无意中暴露的实例。
AppOmni 开发了一个概念验证攻击,以说明外部如何在没有身份验证的情况下访问 ServiceNow 实例、捕获用于 HTTP 请求的令牌、查询公共小部件以检索 KB 文章,以及暴力破解所有托管文章的 ID。
示例请求(左)和令牌拦截(右)
阻止未经授权的访问
AppOmni 建议 SecureNow 管理员通过设置适当的“用户标准”(可以读取/不能读取)来保护 KB 文章,阻止所有未经授权的用户。
“任何用户”或“访客用户”等标准会导致配置无法保护文章免受任意外部访问。如果没有明确需要公开访问知识库,管理员应将其关闭,以防止文章在互联网上被访问。
研究人员还强调了特定的安全属性,即使在配置错误的情况下,也可以保护数据免遭未经授权的访问。这些是:
·glide.knowman.block_access_with_no_user_criteria(True):确保如果未为 KB 文章设置用户标准,则自动拒绝经过身份验证和未经身份验证的用户访问。
·glide.knowman.apply_article_read_criteria(True):要求用户对单个文章具有明确的“可以阅读”访问权限,即使他们对整个 KB 具有“可以贡献”访问权限。
·glide.knowman.show_unpublished(False):阻止用户查看草稿或未发布的文章,其中可能包含敏感的未审核信息。
·glide.knowman.section.view_roles.draft(管理员):定义可以查看草稿状态的知识库文章的角色列表。
·glide.knowman.section.view_roles.review(管理员):定义可以查看审核状态的知识库文章的角色列表。
·glide.knowman.section.view_roles.stagesAndRoles(管理员):定义可以查看自定义状态的知识库文章的角色列表。
最后,建议激活 ServiceNow 预先构建的开箱即用 (OOB) 规则,该规则会自动将来宾用户添加到新创建的知识库的“无法读取”列表中,要求管理员在需要时专门授予他们访问权限。
关于发布《网络安全标准实践指南——敏感个人信息识别指南》的通知
网安秘字〔2024〕115号
各有关单位:
为指导各相关组织开展敏感个人信息识别等工作,秘书处组织编制了《网络安全标准实践指南——敏感个人信息识别指南》。
本《实践指南》给出了敏感个人信息识别规则以及常见敏感个人信息类别和示例,可用于指导各组织识别敏感个人信息,也可为敏感个人信息处理和保护工作提供参考。
附件:《网络安全标准实践指南——敏感个人信息识别指南》全国网络安全标准化技术委员会秘书处
2024年9月14日
文章源自于:全国网安标委