Aggregator

Java中的XMLDecoder是java.beans包提供的一个用于将XML数据反序列化为Java对象的工具类，它常被用于将符合Java Beans规范的类与XML格式数据进行转换，但其设计特性也导致了严重的安全漏洞

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:

In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made...

The post Arguing Against CALEA appeared first on Security Boulevard.

Ни один элемент не вызывал подозрений, но в связке они обошли все уровни защиты.

关键词安全漏洞已发现 Dell Technologies PowerProtect Data Domain 系

关键词恶意软件一个复杂的恶意软件活动通过冒充税务机构的精心设计的网络钓鱼电子邮件，传播 Grandoreiro

关键词网络攻击在针对欧洲政府和军事机构的复杂间谍活动中，被认为与俄罗斯国家行为者有关的黑客一直在利用 Wind

关键词DeepSeek今天中午，DeepSeek服务再度宕机，登上微博热榜，用户纷纷抱怨加载失败和响应缓慢。

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many

At ANY.RUN, we love hearing about clients’ experiences. Quality feedback helps us improve and gives new and existing users a clearer understanding of our tools in actual security scenarios.  That’s why when we spoke with Augustin Alexandrovici, who leads Cyber Intelligence Operations at Expertware, we knew we had to share our conversation.   Check out the […]

The post How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis appeared first on ANY.RUN's Cybersecurity Blog.

Ontinue announced ION for Enhanced Phishing Protection. This new add-on service extends phishing detection and response capabilities for ION MXDR customers, significantly reducing cyber risk by handling emails reported as suspicious by end users. ION for Enhanced Phishing Protection empowers organizations to mitigate phishing threats efficiently while maximizing the ROI of their existing Microsoft Security investments. Phishing remains one of the most persistent and costly cybersecurity threats organizations face today. Despite investments in advanced security … More →

The post Ontinue empowers organizations to mitigate phishing threats appeared first on Help Net Security.

近日，中央网信办公布了依法打击体育“饭圈”问题的成效。通报显示，网信部门会同体育主管部门持续加大对网上体育饭圈问题治理力度，依法严惩拉踩引战和攻击谩骂等行为，清理违法违规信息160余万条，处置账号7.6万个，其中关闭账号3767个。

“开盒挂人”这个网络新词，你听说过吗？它是一种新式网络暴力违法犯罪行为。不法分子通过非法手段挖掘、搜集个人隐私信息，包括个人照片、家庭住址、手机号码等敏感信息，然后将这些内容在网络上公开发布。

目前，企业数据跨境流动依然面临诸多亟待破解的难题。推动企业数据跨境流动实现高效合规发展，应从多方面精准发力。

北京市近日发布《北京市数据跨境流动便利化综合配套改革实施方案》。《实施方案》从政策等六大方面，提出了极具针对性、实用性、前瞻性的工作措施，系统推动数据跨境流动安全管理与产业发展工作，对我国促进和规范数据跨境流动具有示范作用。

全国数据标准化技术委员会的WG2数据治理工作组以提升政府、企事业单位等多主体的数据治理水平，进而加速全社会的数据资源有效利用为目标，逐步建立我国的数据治理标准体系，为数据政策措施落地与数据产业发展服务。

近日，国家数据局组织开展2025年可信数据空间创新发展试点工作。

中国信息安全测评中心为引进和培养富有创新能力的网络安全领域高素质人才，构建适应新时代网络安全工作要求的高端科技人才队伍，根据业务发展需要，现公开招聘博士后研究人员，诚挚欢迎有识之士报名应聘，有关事项如下……