Aggregator

近年来，全球数字经济的高速发展，2019年我国首次将数据增列为生产要素，成为第五大生产要素。党的二十大报告指出，数据作为新型生产要素，正以前所未有的广度、深度融入经济社会发展各领域全过程，成为促进经济增长、构筑国家竞争优势的重要力量。

中国信息安全测评中心是我国专门从事信息技术安全测试和风险评估的权威职能机构，现面向社会招录10名非编产品安全测评人员。

胡金鱼

CISA released nineteen Industrial Control Systems (ICS) advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-319-01 Siemens RUGGEDCOM CROSSBOW
• ICSA-24-319-02 Siemens SIPORT
• ICSA-24-319-03 Siemens OZW672 and OZW772 Web Server
• ICSA-24-319-04 Siemens SINEC NMS
• ICSA-24-319-05 Siemens Solid Edge
• ICSA-24-319-06 Siemens SCALANCE M-800 Family
• ICSA-24-319-07 Siemens Engineering Platforms
• ICSA-24-319-08 Siemens SINEC INS
• ICSA-24-319-09 Siemens Spectrum Power 7
• ICSA-24-319-10 Siemens TeleControl Server
• ICSA-24-319-11 Siemens SIMATIC CP
• ICSA-24-319-12 Siemens Mendix Runtime
• ICSA-24-319-13 Rockwell Automation Verve Asset Manager
• ICSA-24-319-14 Rockwell Automation FactoryTalk Updater
• ICSA-24-319-15 Rockwell Automation Arena Input Analyzer
• ICSA-24-319-16 Hitachi Energy MSM
• ICSA-24-319-17 2N Access Commander
• ICSA-24-291-01 Elvaco M-Bus Metering Gateway CMe3100 (Update A)
• ICSMA-24-319-01 Baxter Life2000 Ventilation System

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability
• CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

NIST researchers have trained AI to detect the telltale sound even in noisy environments.

企业资讯

Learn what is IP reputation and what kinds of causes can bring poor reputation. Check out the benefits and improvement ideas for better IP reputation for your business.

The post Understanding IP Reputation: Why It Matters for Your Business and How to Improve It appeared first on Security Boulevard.

Bitdefender победил опасный шифровальщик ShrinkLocker.

部分 app 应用使用运营商本机号码认证业务域名，借助运营商提供的基于网络的本机号码自动登录服务，通过后台访问特定 API 从运营商处获取当前流量归属的

November 14, 2024Thank

软件介绍 NFC Tools PRO功能强大且免费的NFC卡模拟器，可模拟各类门禁卡、电梯卡、部分公司（工厂）工卡或饭卡、部分学校饭卡、部分图书馆借书卡等各类IC卡，用手机替代卡片去刷门禁、刷电...

Хакер KryptonZambie устроил чёрную пятницу на форуме киберпреступников.

In this new report, learn how threat actors are leveraging cloud services to target web services with ransomware attackers.

The post The State of Cloud Ransomware in 2024 appeared first on SentinelOne.