Aggregator
从忽视安全到设计安全,美国大型软件厂商大幅改进产品安全
9 months ago
解决最常见的安全漏洞,实现产品安全大幅改进。
价值超30亿元的数字货币被盗,这家交易所宣布关闭
9 months ago
超过4500枚比特币被盗
CVE-2022-24637 | Open Web Analytics up to 1.7.3 Cache Hash information disclosure (EDB-51026)
9 months ago
A vulnerability was found in Open Web Analytics up to 1.7.3 and classified as problematic. This issue affects some unknown processing of the component Cache Hash Handler. The manipulation leads to information disclosure.
The identification of this vulnerability is CVE-2022-24637. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Veza Access Requests reduces the risk of identity-based threats
9 months ago
Veza announced Veza Access Requests product, enabling organizations to reduce the risk of identity-based threats with automated access policy intelligence for application access. Veza Access Requests ensures that users requesting access are automatically provisioned according to the principle of least privilege from day one. For the first-time ever, access requests are now built on the power of permissions – the purest form of access – to help organizations truly embrace identity transformation towards the principle … More →
The post Veza Access Requests reduces the risk of identity-based threats appeared first on Help Net Security.
Industry News
Why Technology Interoperability is the Key to a Safer Internet of Things (IoT)
9 months ago
With IoT connectivity expanding, organizations across the industry must grapple with the complexities of securing this vast network of internet-connected “things.”
The post Why Technology Interoperability is the Key to a Safer Internet of Things (IoT) appeared first on Security Boulevard.
Brian Scriber
Светлана Газизова, Positive Technologies: Безопасность кода стала обязательным критерием его качества
9 months ago
Что происходит с AppSec в России? Рассказывает директор по построению процессов DevSecOps Positive Technologies Светлана Газизова.
.NET 一款获取主机远程桌面端口的工具
9 months ago
.NET 一款获取主机远程桌面端口的工具
.NET 一款适用于内网渗透痕迹清理的工具
9 months ago
.NET 一款适用于内网渗透痕迹清理的工具
国内最专业的 [ .NET 代码审计 ] 体系化学习社区
9 months ago
国内最专业的 [ .NET 代码审计 ] 体系化学习社区
CVE-2024-45717 | SolarWinds Platform up to 2024.4 Search/Node Information Section cross site scripting
9 months ago
A vulnerability classified as problematic has been found in SolarWinds Platform up to 2024.4. This affects an unknown part of the component Search/Node Information Section. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-45717. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
使用docker-compose搭建frp内网穿透教程
9 months ago
FRP是一款基于golang、开源的跨平台内网穿透工具,支持http、https、tcp、udp等协议,同时也支持tls、白名单等安全配置,具有较高的安全性。FRP的原理是利用反向代理技术将公网...
黑海洋
CVE-2024-11398 | Synology Router Manager up to 1.3.1-9346-8 OTP path traversal (SA_24_03)
9 months ago
A vulnerability was found in Synology Router Manager. It has been rated as critical. Affected by this issue is some unknown functionality of the component OTP Handler. The manipulation leads to path traversal.
This vulnerability is handled as CVE-2024-11398. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-52944 | Synology Surveillance Station prior 9.2.0-9289/9.2.0-11289 authorization (SA_24_04)
9 months ago
A vulnerability was found in Synology Surveillance Station. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization.
This vulnerability is known as CVE-2023-52944. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-52943 | Synology Surveillance Station prior 9.2.0-9289/9.2.0-11289 Alerting authorization (SA_24_04)
9 months ago
A vulnerability was found in Synology Surveillance Station. It has been classified as problematic. Affected is an unknown function of the component Alerting. The manipulation leads to incorrect authorization.
This vulnerability is traded as CVE-2023-52943. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
3.62 万亿美元,苹果重回世界第一;腾讯「王者」衍生大作被曝已停摆;马斯克讨薪失败,天价薪酬被驳回|极客早知道
9 months ago
3.62 万亿美元,苹果重回世界第一;腾讯「王者」衍生大作被曝已停摆;马斯克讨薪失败,天价薪酬被驳回|极客早知道
CVE-2024-11293 | Genetech Solutions Pie Register Plugin up to 1.7.9 on WordPress improper authentication
9 months ago
A vulnerability was found in Genetech Solutions Pie Register Plugin up to 1.7.9 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to improper authentication.
The identification of this vulnerability is CVE-2024-11293. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2002-0817 | William Deich Super 3.12/3.16/3.17/3.18 on Linux line format string (EDB-21674 / Nessus ID 14976)
9 months ago
A vulnerability classified as critical was found in William Deich Super 3.12/3.16/3.17/3.18 on Linux. Affected by this vulnerability is an unknown functionality. The manipulation of the argument line leads to format string.
This vulnerability is known as CVE-2002-0817. Attacking locally is a requirement. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management
9 months ago
LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management
FTC bans data brokers from selling Americans’ sensitive location data
9 months ago
FTC bans data brokers from selling Americans’ sensitive location data