Aggregator

本文探讨了为什么入职流程和新员工对网络犯罪分子来说具有吸引力，确定入职期间风险最高的领域，并了解减轻这些风险的最佳做法。

Разработчики ПО могут получить особый статус.

卷入 FTX 加密货币交易所金融欺诈案的公司高管 Caroline Ellison 被判两年徒刑，她是公司联合创始人 Sam Bankman-Fried(SBF) 的前女友。SBF 此前被判了 25 年徒刑。作为认罪协议的一部分，Ellison 承认了电信欺诈和洗钱在内的指控，并作证指控了 SBF。她还被没收了 110 亿美元。Ellison 面临的最高刑期是 110 年，她在法庭上向受害者道歉，称其大脑甚至无法理解她所造成伤害的规模。FTX 成立于 2019 年，两年后就发展成为全球第三大加密货币交易所，估值为 320 亿美元。2022 年财务困境的流言引发了挤兑，随后暴露了 SBF 的欺诈罪行，他转移了客户的存款用于购买房产、投资和政治捐款。Ellison 是 SBF 最亲密的合伙人，她的作证是 SBF 迅速定罪的重要原因。

CISA adds critical Ivanti bug to its Known Exploited Vulnerabilities catalog

A vulnerability classified as problematic was found in BE126 WiFI Repeater 1.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument getpage as part of Parameter leads to information disclosure. This vulnerability is known as CVE-2017-8770. The attack can be launched remotely. Furthermore, there is an exploit available.

ManageEngine announced a significant upgrade to its flagship IT analytics solution, Analytics Plus. Version 6.0 introduces Spotlight, a contextual recommendations engine powered by AI, designed to identify key inefficiencies in IT operations and suggest corrective strategies. The 2023 State of Analytics Engineering report found that time to business insight is the biggest challenge for nearly 50% of surveyed directors. Spotlight dramatically reduces the time IT managers and CIOs spend analyzing various IT metrics and coming … More →

The post ManageEngine Analytics Plus 6.0 identifies key inefficiencies in IT operations appeared first on Help Net Security.

Millions of Customers Will Also Be Offered Monitoring of Genetic Data on Dark Web
Genetics testing firm 23andMe will offer cash payments to millions of individuals whose sensitive data was compromised in a 2023 credential stuffing incident. Under the proposed $30 million lawsuit settlement, affected customers will also be offered dark web monitoring of their genetic data.

Herjavec of 'Shark Tank' Steps Down After 21 Years in Charge, Remains Board Member
"Shark Tank" TV star and company founder Robert Herjavec is stepping down as CEO of Cyderes, making way for Simeio CEO Chris Schueler to assume the role Oct. 1. Schueler has a strong background in identity management, and Herjavec will remain involved as an investor and board member.

No Disruption to Service; Manual Operations Implemented
FBI and U.S. Department of Homeland Security officials are in Arkansas City, Kansas, to investigate a cyberattack at the city's water treatment facility. "There has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations," said the city manager.

Spy Agency Says Taiwanese Defense Ministry Is Trying to Disrupt Chinese Politics
China's Ministry of State Security has accused a Taiwanese government agency of waging cyberattacks on the mainland's digital assets across multiple organizations and running disinformation campaigns on social media to disrupt the political system and sow social discord.

Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics

Кибератаки ботнета нацелены на маршрутизаторы и IoT-устройства известных производителей.

A vulnerability, which was classified as critical, has been found in Foconet 1. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7005. The attack can only be done within the local network. There is no exploit available.

OneTrust announced new capabilities to help organizations enhance resilience across the financial sector and operationalize compliance with the EU’s Digital Operational Resilience Act (DORA). Building upon its comprehensive OneTrust Third-Party Management solution, OneTrust will now offer first-to-market capabilities such as automated DORA “register of information” report creation and out-of-the-box depth of screening and compliance data. “An organization’s supply chain can be one of its biggest assets for efficiency and innovation, as well as its most … More →

The post OneTrust helps organizations operationalize DORA compliance appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in Apache Answer up to 1.3.5. This issue affects some unknown processing of the component Gravatar. The manipulation leads to inadequate encryption strength. The identification of this vulnerability is CVE-2024-40761. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Livemesh Addons for Elementor Plugin up to 8.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-47303. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in CODESYS Control for BeagleBone SL, Control for emPC-A iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL, Control RTE SL, Control RTE, Control Win, Embedded Target Visu Toolkit, HMI, Remote Target Visu Toolkit, Runtime Toolkit and Virtual Control SL. This affects an unknown part of the component Web Server. The manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2024-8175. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in kstover Ninja Forms Plugin up to 3.8.15 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Referer leads to cross site scripting. This vulnerability is handled as CVE-2024-3866. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in revolutbusiness Revolut Gateway for WooCommerce Plugin up to 4.17.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /wc/v3/revolut of the component REST API Endpoint. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-8678. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in wclovers WCFM Plugin up to 6.7.12 on WordPress. It has been classified as problematic. Affected is the function WCFM_Customers_Manage_Controller::processing. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2024-8290. It is possible to launch the attack remotely. There is no exploit available.