Aggregator
在审讯过程中快速分裂一个人的 12 种方法
4 months 3 weeks ago
在1997年,一部揭露历史的文件浮出水面,这份名为库巴克反情报审讯手册的文档,原是中央情报局(CIA)在过去3
二道贩子藏情报文件的攻略
4 months 3 weeks ago
二道贩子藏情报文件的攻略
4 months 3 weeks ago
二道贩子藏情报文件的攻略
4 months 3 weeks ago
二道贩子藏情报文件的攻略
4 months 3 weeks ago
二道贩子藏情报文件的攻略
4 months 3 weeks ago
二道贩子藏情报文件的攻略
4 months 3 weeks ago
CVE-1999-0182 | Samba 1.9.17 Password memory corruption (H-110 / EDB-20308)
4 months 3 weeks ago
A vulnerability classified as very critical was found in Samba 1.9.17. Affected by this vulnerability is an unknown functionality of the component Password Handler. The manipulation leads to memory corruption.
This vulnerability is known as CVE-1999-0182. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
XXL-JOB默认accessToken身份绕过RCE漏洞
4 months 3 weeks ago
XXL-JOB 是一款开源的分布式任务调度平台,用于实现大规模任务的调度和执行。
CVE-2020-11023 | Oracle REST Data Services 11.2.0.4/12.1.0.2/12.2.0.1/18c/19c jQuery cross site scripting (EDB-49767 / Nessus ID 208606)
4 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Oracle REST Data Services 11.2.0.4/12.1.0.2/12.2.0.1/18c/19c. Affected is an unknown function of the component jQuery. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2020-11023. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
盛邦安全董事长权晓文:构建全面完善的安全防护体系迫在眉睫
4 months 3 weeks ago
11月19日至22日,以“拥抱以人为本、智能向善的数字未来——携手构建网络空间命运共同体”为主题的2024年世界互联网大会乌镇峰会在浙江乌镇举行。在11月22日举办的世界互联网大会乌镇峰会智能交通论坛上,远江盛邦(北京)网络安全科技股份有限公司(下称“盛邦安全”)董事长权晓文表示,安全在智能交通发展进程中占据着重中之重的地位,面对智能交通相关产业发展过程中涌现出的一系列安全挑战,构建一个全面、完善的安全防护体系迫在眉睫。
盛邦安全董事长权晓文在乌镇峰会期间接受媒体采访 摄影 陈超然
权晓文认为,数字化是解决安全问题的核心关键所在。当前,交通领域的安全挑战呈现出指数级增长的态势,网络安全企业应当积极发挥作用,辅助人工智能更好地解决安全问题,确保其在可控的环境下稳健发展。今年是网络强国战略目标提出10周年,也是中国全功能接入国际互联网30周年。回顾中国互联网的发展历程,权晓文指出,在这几十年间,中国互联网行业取得了长足的进步,已从早期的跟随者逐步发展成为引领者,尤其在互联网应用领域展现出强大的创新能力和引领作用。随着数字化进程的不断深入,人们的生活方式发生了翻天覆地的变化,同时各行业对数字安全的依赖程度也日益加深,数字安全已成为各行业稳定发展的重要基石。权晓文在接受媒体采访时表示,盛邦安全一直积极探索解决网络安全领域难题,通过数字化呈现网络生态,建设网络空间地图,助力构建网络空间命运共同体。他表示,在卫星互联网安全方面,盛邦安全是国内少数以此为发展方向的企业,已形成卫星通讯安全解决方案,包括地面测控网和无人机安全、卫星网安全防御体系等。今年,世界互联网大会乌镇峰会进入“新十年”。权晓文表示,在这11年的发展历程中,乌镇峰会规模和影响力不断扩大,国际参与度日益提高,见证了中国互联网行业的快速崛起与蓬勃发展,也见证了网络安全产业从最初提供单一功能产品逐步向提供更贴合行业需求、更具综合性的解决方案的转变。如今,网络安全行业正进入变革期,面临着诸多调整与创新挑战,希望明年的乌镇峰会能够继续发挥其积极影响力,持续推动整个行业不断向前发展,为构建更加安全、稳定、繁荣的网络空间奠定坚实基础。
文章来源自:国际在线
盛邦安全
盛邦安全荣获2023年度北京市科学技术进步奖,以创新技术护航工业互联网安全
4 months 3 weeks ago
近日,2023年度北京市科学技术奖揭晓。盛邦安全与国家工业信息安全发展研究中心等单位联合申报的“面向工业互联网云边协同场景的攻击面智能感知技术及应用”项目荣获北京市科学技术进步奖二等奖,再次彰显了盛邦安全在关键核心技术攻关中的卓越能力和创新实力。
为深入贯彻落实习近平新时代中国特色社会主义思想,全面贯彻党的二十大精神,坚定实施创新驱动发展战略,切实把创新作为引领发展的第一动力,加快建设北京国际科技创新中心,北京市政府对为科学技术进步、国际科技创新中心建设、首都经济社会发展做出突出贡献的科技人员和组织给予奖励。此次共有19位科学家和196项成果获奖,覆盖了多个前沿领域,彰显了北京在关键技术突破与创新方面的优势,为首都的高质量发展注入了源源不断的科技动能。
盛邦安全此次联合申报的获奖项目,针对工业互联网安全防御面临的诸多挑战,重点突破了“工业互联网资产暴露面有效无损探测”“新型未知漏洞挖掘分析与识别检测”“云边协同场景中攻击预测溯源”等难题,提出了一套面向工业互联网云边协同场景的攻击面智能感知技术,为工业互联网安全防护提供了全新解决方案。
近年来,北京科技企业在创新要素整合和资源集聚方面持续发力,不断推动科技与产业深度融合。此次获奖再次展现了盛邦安全在技术研发和成果转化方面的卓越能力。未来,公司将继续以科技创新为核心驱动力,深耕前沿技术领域,为推动首都高质量发展和全球科技创新贡献更多力量。
盛邦安全
Prompt 越狱手册
4 months 3 weeks ago
作者:洺熙
本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org
以下皆为作者洺熙个人观点或洺熙认同的看法,本文一切也只用于技术交流,切勿用于不法目的,一切纷争与作者本人无关
由于书写本文的时候是从0到1开始写的,所以根据受益人群的不同,可以自行选择对应目录进行观看,同步开源至:https://github.com/Acm...
【反洗钱】2024年金融行业收单机构洗钱风险排行榜发布
4 months 3 weeks ago
威胁猎人基于对互联网黑色产业链上中下游的持续监测,整理出“2024年金融行业收单机构风险排行TOP50”,帮助收单机构从外部视角观察自身风险水位。
CVE-2018-13405 | Linux Kernel up to 4.17.4 fs/inode.c inode_init_owner access control (RHSA-2018:2948 / EDB-45033)
4 months 3 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 4.17.4. This affects the function inode_init_owner of the file fs/inode.c. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2018-13405. Attacking locally is a requirement. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2021-36711 | OctoBot up to 0.4.3 WebInterface unrestricted upload (Issue 1966 / EDB-50979)
4 months 3 weeks ago
A vulnerability was found in OctoBot up to 0.4.3. It has been declared as critical. This vulnerability affects unknown code of the component WebInterface. The manipulation leads to unrestricted upload.
This vulnerability was named CVE-2021-36711. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-11669 | GitLab Community Edition/Enterprise Edition up to 17.4.4/17.5.2/17.6.0 API Endpoint authorization (Issue 501528 / Nessus ID 211856)
4 months 3 weeks ago
A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.4.4/17.5.2/17.6.0 and classified as problematic. This vulnerability affects unknown code of the component API Endpoint. The manipulation leads to incorrect authorization.
This vulnerability was named CVE-2024-11669. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-11828 | GitLab Community Edition/Enterprise Edition up to 17.4.4/17.5.2/17.6.0 API Call algorithmic complexity (Issue 443559 / Nessus ID 211855)
4 months 3 weeks ago
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.4.4/17.5.2/17.6.0 and classified as problematic. This issue affects some unknown processing of the component API Call Handler. The manipulation leads to inefficient algorithmic complexity.
The identification of this vulnerability is CVE-2024-11828. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8114 | GitLab Community Edition/Enterprise Edition up to 17.4.4/17.5.2/17.6.0 Personal Access Token authorization (Issue 480494 / Nessus ID 211857)
4 months 3 weeks ago
A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 17.4.4/17.5.2/17.6.0. This vulnerability affects unknown code of the component Personal Access Token Handler. The manipulation leads to missing authorization.
This vulnerability was named CVE-2024-8114. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com