Aggregator

В Госдуме одобрена поправка к закону «О рекламе».

Северная Корея всеми способами пытается выудить военные секреты США.

The number of outages caused by certificate pinning is increasing. We’ll explore why certificate pinning hasn’t kept up with modern standards and recommend alternatives to improve security while reducing management overhead

The number of outages caused by certificate pinning is increasing. We’ll explore why certificate pinning hasn’t kept up with modern standards and recommend alternatives to improve security while reducing management overhead

In this Akamai FLAME Trailblazer blog, Elizabeth Padley tells us that as an international employment lawyer in tech, she has learned to expect the unexpected.

Salt Labs also said XSS combined with OAuth can lead to severe breaches

云函数锐减，域前置大幅增加

Defensie is vandaag in de gemeente Noardeast-Fryslân begonnen met het bergen van 2 vliegtuigwrakken uit de Tweede Wereldoorlog. Het gaat om een Vickers Wellington HE346 van de Royal Air Force en een Messerschmitt Bf 109 van het Duitse Jagdgeschwader. In de wrakstukken van beide toestellen liggen vermoedelijk de stoffelijke resten van 6 bemanningsleden. De berging neemt zo’n 8 weken in beslag.

Distributed denial-of-service (DDoS) attacks are a common tactic among hackers. They disrupt the availability of networks, applications, websites, and more to interrupt the functions of enterprises, service providers, and governments. DDoS attacks are also used as a diversion by bringing down one area of a network or...

Исследование показало 200-кратный разрыв между реальными рисками и традиционным сканированием.

Indicators of compromise (IOCs) are essential for proactive cybersecurity. They help you identify and respond to threats effectively. However, getting high-quality IOCs can be difficult, as the best source for this data is the malware’s code, analyzing which often requires hours of intensive work.  ANY.RUN sandbox users know that config-extracted indicators can be easily found […]

The post Collect and Use IOCs from Malware Configs <br> in TI Lookup  appeared first on ANY.RUN's Cybersecurity Blog.

A new Implementation Roadmap provides recommendations and actions for putting the U.S. standards strategy into effect.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability
• CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability
• CVE-2023-45249 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Positive Technologies усиливает SIEM-систему против современных атак.

0X00 前言互联网的时代正在高速发展。在互联网的发展中，数据存储技术的各种应用方式也在经历不断地变换

A critical local privilege escalation vulnerability has been discovered in RaspAP, an open-source project designed to transform Raspberry Pi devices into wireless access points or routers. Identified as CVE-2024-41637, this flaw has been rated with a severity score of 9.9 (Critical) on the CVSS scale. The vulnerability affected RaspAP versions before 3.1.5 and was disclosed […]

The post RaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi Devices appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

TDengine用户大会隆重召开，威努特携多款产品与解决方案精彩亮相。

Почему специалисты утверждают, что эту атаку нельзя назвать «взломом»?