Aggregator

当前环境出现异常状态，请完成验证后继续访问。

Artemis is an open-source modular vulnerability scanner that checks different aspects of a website’s security and translates the results into easy-to-understand messages that can be shared with the organizations being scanned. “The most important feature of the tool is report generation. Besides scanning, it is capable to generate a concise e-mail with vulnerability information and as few false positives as possible. We automatically send these e-mails to scanned entities. We don’t know about any other … More →

The post Artemis: Open-source modular vulnerability scanner appeared first on Help Net Security.

Palo Alto Has Always Shied Away From Identity and Expensive M&A. What Changed?
Less than five months after Google agreed to spend $32 billion on red-hot cloud security startup Wiz, Palo Alto Networks is on the precipice of paying more than $20 billion for PAM goliath CyberArk, The Wall Street Journal reported Tuesday. Here's why the deal represents a major pivot for Palo Alto.

145 Organizations Compromised by China-Linked Ransomware Hackers and Others
Nearly 150 different organizations' on-premises SharePoint servers have been exploited by attackers targeting the zero-day vulnerabilities now tracked as ToolShell, researchers warn. Early attacks have been attributed to China-linked groups, in some cases leading to Warlock ransomware infections.

Brazil-Targeting Malware Exploits Windows UIA to Evade Detection
A banking Trojan long confined to Brazil has become the first known malware to exploit Microsoft's UI Automation framework to extract credentials, signaling a new tactic that may evade conventional detection. Akamai's findings point to a growing trend of attackers using legitimate system features.

At Least 410,000 Patients Reported Affected, But Likely Even More Victims
Months after news first broke that a hacking incident compromised legacy patient data hosted by Cerner electronic health record servers that were set to migrate to parent company Oracle's cloud environment, data breach reports related to the hack are still slowly trickling in to regulators. What's taking so long?

New UK Law Requiring Age-Verification Measures on Porn Sites Causes VPN Use to Soar
Free virtual private network services are soaring to the top of the app charts in the United Kingdom after a new law went into effect Friday requiring platforms that contain adult content - including sites like X and Reddit - to confirm users' ages through "robust" verification measures.

文章讨论了意大利初中教育的问题，包括知识灌输增加、创意表达减少、标准化测试与日常教学脱节、对有特殊需求学生的支持不足以及学生缺乏自我管理能力等，并指出这些问题源于教育政策和教师培训的不足。

Миллионы компьютеров оказались беззащитны перед восьмиступенчатой атакой через доверенную программу.

字节跳动回应Trae IDE问题：性能优化完成，遥测关闭误解需改进，Discord封禁为反广告机器人误操作已解封。

It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food sector is dealing with right now. Despite agriculture’s importance, cybersecurity in this field doesn’t get the attention it deserves. Farms, processing plants, and distribution systems are going digital, and that’s opening the door to cyber attacks. A big problem is that a lot of the … More →

The post The food supply chain has a cybersecurity problem appeared first on Help Net Security.

富士電機製Monitouch V-SFTとTellus Liteには、境界外書き込みの脆弱性が存在します。

Johnson Controlsが提供するSoftware House iStar Pro Door Controllerには、重要な機能に対する認証の欠如に関する脆弱性が存在します。

俄罗斯堪察加半岛7月29日发生8.8级强震，引发海啸警报。日本多地观测到40厘米高海浪。这是2011年以来最强地震，目前无人员死亡报告。

美国地质勘探局(USGS)报告，俄罗斯堪察加半岛 7 月 29 日 23:24 UTC 发生 M8.8 级地震。太平洋沿海地区发布海啸警报，据日本共同社报道，第一波海啸已经抵达日本海岸，北海道十胜港观测到了 40 厘米高的海啸。这次大地震是 2011 年日本东北地方太平洋近海地震（M9.1）以来的最强地震，为有记录以来第六强地震。目前暂无死亡报告。

A vulnerability classified as problematic was found in Cisco IOS and IOS XE 16.3.1. Affected by this vulnerability is an unknown functionality of the component Autonomic Networking Infrastructure. The manipulation leads to improper access controls. This vulnerability is known as CVE-2017-6663. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Cisco IOS 15.0/15.1/15.2/15.3/15.4 and classified as problematic. Affected by this issue is some unknown functionality of the component VPLS. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2017-12238. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Intel Ethernet Diagnostics Driver up to 1.3.0 on Windows. It has been rated as critical. This issue affects some unknown processing of the file IQVW32.sys/IQVW64.sys. The manipulation as part of IOCTL Call leads to improper input validation. The identification of this vulnerability is CVE-2015-2291. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Java SE 6u101/7u85/8u60. Affected by this issue is some unknown functionality of the component Deployment. The manipulation leads to denial of service. This vulnerability is handled as CVE-2015-4902. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Как Raven Stealer превратил Telegram в командный пункт для кражи данных.