Aggregator

《国防工业战略实施计划》(NDIS-IP)，详细列出了国防部如何加强国防工业基础（由负责建造军事硬件和武器系统的各种规模的私营企业组成的集合）的优先事项，详细说明了国防部将如何实现《国家国防工业战略》中列出的四个战略重点。

The Cybersecurity and Infrastructure Security Agency (CISA) introduced its inaugural international strategic plan, a roadmap for strengthening global partnerships against cyber threats.

The post CISA Strategic Plan Targets Global Cooperation on Cybersecurity appeared first on Security Boulevard.

Windows 10 即将于 2025 年 10 月 14 日终止支持，之后微软不再提供安全更新。根据 Statcounter 的统计，截至 2024 年 10 月，Windows 10 仍然是市场占有率最高的 Windows 版本，Windows 10 占 60.97%，之后是 Win11 35.55%，Win7 2.62%，Win8.1 0.31%，WinXP 0.28%，Win8 0.19%。Windows 10 的份额在逐月下降，但到明年 10 月它的用户群仍然会十分庞大，大部分不太可能会升级到 Windows 11（该版本提升了硬件需求）。对于这些用户，微软将向他们提供一次性的为期一年的扩展安全更新，费用为 30 美元。

总结推荐了本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

Следы искусственного интеллекта помогают вычислить фальшивые ресурсы.

Ads are everywhere. They generate revenue for site owners and can present related content to the we

Google 通常是在每年的第三或第四季度发布 Android 的一个大版本，但计划于明年释出的 Android 16 将提前到二季度。Android 14 是在 2023 年 10 月释出，Android 15 是在 2024 年 9 月发布的，这意味着 Android 16 只间隔最多 9 个月。Google 表示要将其最新的机器学习和 AI 功能更快的提供给开发者和用户。Google Android 高管 Seang Chau 称 AI 世界的发展速度非常快。

结合当下流行的混合办公场景，与大家探讨企业零信任安全架构建设。

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. This vulnerability is known as CVE-2024-10654. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in sinatra. Affected is an unknown function of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to reliance on untrusted inputs in a security decision. This vulnerability is traded as CVE-2024-21510. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Omron SYSMAC-SE2. This issue affects some unknown processing of the component Sysmac Studio. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2024-49501. The attack needs to be approached locally. There is no exploit available.

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. Financial sector apps accumulate more security debt With the average cost of a data breach in the financial industry estimated to be $6.08 million, the research comes at a critical time for one of the most highly targeted … More →

The post 50% of financial orgs have high-severity security flaws in their apps appeared first on Help Net Security.

Submit #434801 / VDB-282667

A vulnerability classified as very critical was found in Ricoh MFP. This vulnerability affects unknown code of the component Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-47939. The attack can be initiated remotely. There is no exploit available.

Whenever I hear about a contribution to an open-source project, I always think it's a big deal. Earl

微软再次推迟受争议的 Windows Recall 功能。Recall 会每隔数秒进行一次屏幕截图，数据储存在本地用于实现可搜索数字记忆。但屏幕截图会将用户的敏感信息都保留下来，因此引发了隐私安全方面的广泛争议。微软此前计划在 10 月让 Windows 测试者测试 Recall，但现在软件巨人表示需要更多时间准备该功能，更多时间去完善体验。Windows 高级产品经理 Brandon LeBlanc 表示 Recall 将于 12 月在 Copilot Plus PC 上向 Windows Insiders 提供预览。

In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how open-source transparency can build trust. Lastly, McNeil shares insights on managing devices in remote locations and what’s next for MDM technology. What are some of the biggest threats of unmanaged mobile devices, and how does … More →

The post How open-source MDM solutions simplify cross-platform device management appeared first on Help Net Security.

Maestro: Abusing Intune for Lateral Movement Over C2If I have a command and control (C2) agent