Aggregator
CVE-2024-11456 | mdedev Run Contests, Raffles, and Giveaways with ContestsWP Plugin add_query_arg cross site scripting
4 months 2 weeks ago
A vulnerability was found in mdedev Run Contests, Raffles, and Giveaways with ContestsWP Plugin up to 2.0.3 on WordPress. It has been rated as problematic. Affected by this issue is the function add_query_arg. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-11456. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-11371 | slimndap Theater Plugin up to 0.18.6.2 on WordPress add_query_arg cross site scripting
4 months 2 weeks ago
A vulnerability was found in slimndap Theater Plugin up to 0.18.6.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function add_query_arg. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-11371. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-10675 | cservit affiliate-toolkit Plugin up to 3.6.7 on WordPress cross site scripting
4 months 2 weeks ago
A vulnerability was found in cservit affiliate-toolkit Plugin up to 3.6.7 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2024-10675. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-10400 | themeum Tutor LMS Plugin up to 2.7.6 on WordPress rating_filter sql injection
4 months 2 weeks ago
A vulnerability was found in themeum Tutor LMS Plugin up to 2.7.6 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation of the argument rating_filter leads to sql injection.
The identification of this vulnerability is CVE-2024-10400. The attack may be initiated remotely. There is no exploit available.
vuldb.com
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
4 months 2 weeks ago
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars.
All of the accused parties have been
The Hacker News
Vanta announces new products to enhance GRC and trust programs
4 months 2 weeks ago
Vanta announced a number of new and upcoming products enabling customers to build, demonstrate and enhance their GRC and trust programs. The new offerings include Vanta for Marketplaces to strengthen trust across a company’s entire ecosystem; adaptive scoping; AI-powered chat for Trust Centers; developer-first workflows for faster remediation; and expanded reporting capabilities. The announcements coincide with a number of highlights for the company in 2024: Now continuously monitoring over 92 million resources across customers—from laptops … More →
The post Vanta announces new products to enhance GRC and trust programs appeared first on Help Net Security.
Industry News
35 000 ботов ежедневно: как ngioweb стал главным киберпреступным конвейером
4 months 2 weeks ago
Всё больше незащищённых устройств открывают новые двери для атакующих.
成果分享 | Neural Dehydration:水印类型无关的通用黑盒模型水印移除攻击
4 months 2 weeks ago
分享我实验室白泽智能团队被CCS2024 录用的最新研究 Neural Dehydration,该工作提出了一种与水印类型无关的通用移除攻击,成功破解了当下10款主流的黑盒模型水印,在保持目标模型可用性的同时,对数据的依赖性也极低。
Safepay
4 months 2 weeks ago
cohenido
Safepay
4 months 2 weeks ago
cohenido
Safepay
4 months 2 weeks ago
cohenido
Safepay
4 months 2 weeks ago
cohenido
Safepay
4 months 2 weeks ago
cohenido
麻省理工发布2024年最危险的漏洞TOP 25
4 months 2 weeks ago
MITRE收集、分析了2023年6月至2024年6月之间披露3.1万个漏洞,并发布了2024年最危险的软件漏洞TOP 25名单。
从何同学视频看开源协议的重要性
4 months 2 weeks ago
这段时间,B站的知名UP主“老师好我叫何同学”因为一则《我用36万行备忘录做了个动画…》的视频备受争议,将这名UP主再次推上了舆论的风口浪尖。
Deep Instinct delivers malware and ransomware prevention for cloud data stored in S3 buckets
4 months 2 weeks ago
Deep Instinct launched Deep Instinct DSX for Cloud Amazon S3. As organizations increasingly rely on the cloud to power their digital transformation, businesses are generating and storing record amounts of data in the cloud. Cybercriminals know this and are leveraging generative AI to create sophisticated malware that evades existing security tools and takes advantage of the “assume breach” mindset. DSX for Cloud enables businesses to protect sensitive data across cloud storage environments by preventing and … More →
The post Deep Instinct delivers malware and ransomware prevention for cloud data stored in S3 buckets appeared first on Help Net Security.
Industry News
Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service
4 months 2 weeks ago
The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the simulation training platform Cyber Ranges to unveil TRYZUB, a cyber resilience training and capability development service. TRYZUB primarily protects military, government entities, and critical infrastructure sectors such as energy, healthcare, finance, telecommunications, and education. Its training is designed for military units, law enforcement, government agencies, and operators of essential infrastructure … More →
The post Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service appeared first on Help Net Security.
Help Net Security
中国银联执行副总裁涂晓军:深耕行业、促进融合 共谱数字金融新乐章
4 months 2 weeks ago
2024年11月21日,以“‘廿’念不忘,‘新’之所向”为主题的“第二十届数字金融联合宣传年智享2024特别活动”在京举行,活动由中金金融认证中心有限公司(CFCA)、数字金融联合宣传年、中国电子银行网主办。活动全面回顾中国数字金融二十年来发展历程,前瞻金融“五篇大文章”新机遇。同时,《2024中国数字银行调查报告》与“2024数字金融金榜奖”也备受行业关注。
中国银联执行副总裁、中金金融认证中心有限公司(CFCA)党委书记、董事长 涂晓军
中国银联执行副总裁、中金金融认证中心有限公司(CFCA)党委书记、董事长涂晓军出席活动并代表主办方致欢迎辞,以下为涂晓军致辞内容。
尊敬的各位来宾,尊敬的各位领导,媒体朋友们:
大家上午好!欢迎各位莅临“‘廿’念不忘 ‘新’之所向——第二十届数字金融联合宣传年智享2024特别活动”现场。
首先,我谨代表中国银联、CFCA和数字金融联合宣传年组委会,对各位领导、专家的拨冗出席,对各成员银行的热情参与表示衷心的感谢,也特别感谢亲临现场的媒体朋友们对此次活动的关注,同时也要感谢大家长期以来对中国银联、CFCA和“宣传年”的大力支持。
今年是全面贯彻落实党的二十大精神的关键之年,在中央金融工作会议的指引下,金融业正全力做好“五篇大文章”,加速推动改革和创新,提升金融服务对经济社会转型的适配性,以金融力量推动中国经济社会高质量发展。党的二十届三中全会更是进一步强调,要加快“建设金融强国”和“发展新质生产力”,为我国金融行业发展指明了方向。
当前,以科技创新为主导的数字经济正在全球迅速发展,以人工智能为代表的新兴科技也在加速与传统产业深度融合。在数字时代的变革中,银行业作为我国数字化发展的先锋,引领了前所未有的转型变革,实现了一次又一次跨越式发展,奏响了一曲又一曲“中国数字金融乐章”,而“宣传年”正是这一历程的见证者。
宣传年始终秉持“深耕行业,促进融合”的理念,紧随金融行业发展脉搏,积极促进各方智慧交融与资源共享,携手各界共同探索金融科技的无限潜能,为构建可持续发展的数字金融生态注入了强劲动力。
二十年来,在行业主管部门的指导下,成员银行的支持和积极参与下,知名高等院校、研究机构的学术支持下,宣传年承载着银行的重托不断创新,在业界的口碑和影响力不断攀升,成为行业广泛认可的重要公益平台。宣传年的成员银行数量也从最初的10余家,发展成为如今105家的大家庭。在这个专业务实且充满活力的舞台上,CFCA与各成员银行携手共进、同心同行,在开放交流与合作创新中实现了一次又一次的突破。
值此重要时刻我们与成员行一同精心策划了2024年度特别活动,希望同大家一起,回顾这二十年来银行业数字化发展的辉煌历程,致谢那些多年来为宣传年平台建设及数字金融发展献计献策,作出卓越贡献的各位同仁。同时,我们也邀请到了数字金融资深从业者、意见领袖到场分享他们的创新实践成果与前沿观点,共话行业发展新趋势。此外,活动还将发布《2024中国数字银行调查报告》、揭晓2024数字金融金榜奖榜单。相信通过今天的活动,大家将进一步加深对金融行业、对数字金融、对彼此之间的共识,共促银行业数字化高质量发展,共谱数字金融未来新篇章。
“浩渺行无极,扬帆但信风”,站在下一个二十年的新起点上,宣传年将矢志不渝,继续在主管部门的指引下,携手产业各方共创健康可持续的公益平台,助推中国银行业在金融科技的浪潮中把握趋势、攻坚克难、行稳致远。
最后,再次感谢各位嘉宾多年来对宣传年活动的大力支持,期待每一位来宾都收获满满。让我们并肩共进,共同开启新征程。
祝愿本次年度活动圆满成功,谢谢大家!
企业资讯
Ядерные базы на радаре: Big Data компрометирует военную безопасность США
4 months 2 weeks ago
Расследование выявило, как таргетированная реклама раскрывает военные секреты.