Aggregator

千年古都迎盛会，网络安全启新篇！2025年4月25-27日，长安欢迎您！

近期， AnubisBackdoor 频繁出现。这是一个基于 Python 的后门程序，其幕后黑手是 Savage Ladybug 组织。

网安招聘信息发布……

The adoption of connected medical devices, collectively called the Internet of Medical Things (IoMT), has transformed patient care. However, this technological advancement has also introduced cybersecurity challenges to safeguard patient safety and uphold organizational security. Securing IoMT: Prioritizing risks IoMT devices, ranging from infusion pumps to imaging systems, are often interconnected and communicate over networks, making them potential entry points for cyber threats. The unique nature of medical devices, often running on legacy systems with … More →

The post CISOs, are your medical devices secure? Attackers are watching closely appeared first on Help Net Security.

Bipartisan 'Match IT Act' Aims to Reduce Risk of Medical Mistakes, Privacy Mishaps
Two Congressmen are taking another bipartisan stab at passing legislation aimed at improving patient identity matching to help reduce mistakes that put patient privacy and safety at risk. The lawmakers have introduced similar provisions in the past. Will the proposals gain traction this time?

The Edge Device Hacking Wave Hasn't Spared French Companies
France playing host to the Olympics resulted in a surge of cyberattacks requiring intervention of the state cybersecurity agency, it said in an annual report also flagging an uptick in attacks levied against network edge devices. The games went smoothly.

Series D Funding to Drive U.S. Growth and AI Advancements in Cybersecurity
Pentera has raised $60 million in Series D funding to expand its presence in the U.S. and accelerate AI-driven innovations in security validation. CEO Amitai Ratzon says the company is focused on advancing automated testing and strengthening its leadership in exposure validation.

Cyber Defense Agency Axes Funding for Key ISACs as Trump Shifts Federal Priorities
The Cybersecurity and Infrastructure Security Agency is eliminating $10 million in annual funding for two key cybersecurity hubs supporting states and local elections as agency officials tell Information Security Media Group the move is aimed at eliminating waste and realigning priorities.

Following increasing attacks on healthcare organizations, the United Arab Emirates has refined its regulatory strategy for improving cybersecurity in healthcare.

根据 Counterpoint 的数据，全球智能手表销量首次下滑：2024 年智能手表出货量下降了 7%，其中 Apple Watch 出货量下降了 19%。Counterpoint 认为原因是 Apple Watch 缺乏亮眼新功能，而传闻中的 Ultra 3 高端型号并没有上市。Apple Watch 去年四季度的市场份额为 22%，低于一年前的 25%。虽然智能手表市场的整体销量出现下滑，但中国品牌如小米、华为和 Imoo 的智能手表销量则出现大幅上涨，其中小米出货量增长了 135%。

革新 AI 终端的操作体验，不止靠模型能力。

A vulnerability classified as critical has been found in Microsoft Windows Vista SP2 up to Server 2012 R2. This affects an unknown part of the component True Type Font Handler. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2016-7182. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in GFast up to 3.2. This vulnerability affects unknown code of the file /system/loginLog/list. The manipulation of the argument SortName leads to sql injection. This vulnerability was named CVE-2024-55159. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in sainwp OneStore Sites Plugin up to 0.1.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file class-export.php. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-13905. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in IBM Aspera Shares up to 1.10.0 PL7. It has been classified as critical. This affects an unknown part. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2025-0162. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in WooCommerce URL Shortener Plugin up to 9.0.2 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-1363. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in gristlabs grist-core up to 1.3.1 and classified as problematic. Affected by this issue is some unknown functionality of the component HyperLink Cell Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-56359. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.