Aggregator

The National Construction Safety Team has reached an important milestone in its investigation into the 2021 partial collapse of Champlain Towers South.

In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published

Основной канал поставок — маркетплейсы с минимальным контролем.

Пятеро хакеров-невидимок стали фигурантами дела скандальной группировки.

Ubuntu Linux 默认使用的 needrestart 工具发现了 5 个本地提权漏洞，该漏洞是在 2014 年 4 月释出的 needrestart v0.8 中引入的，刚刚释出的 v3.8 修复了漏洞。漏洞允许本地访问的攻击者将权限提升到 root。五个漏洞分别编号为 CVE-2024-48990、CVE-2024-48991、CVE-2024-48992、CVE-2024-10224 和 CVE-2024-11003。Needrestart 被用于识别包更新后需要重新启动的服务，确保服务运行最新版本的共享库。

As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question. In this article, we’ll cover some common use cases and misconceptions of how people misuse

Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience

Контроль за информацией в сети усиливается.

入选2024年度中国互联网企业创新发展典型案例&人工智能创新应用典型案例

360与嘉兴市政府达成三项战略合作，助力“数字嘉兴”迈向新高度！

Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and automated scanning activity has been spotted Approximately two weeks ago, Palo Alto Networks warned that attackers have been spotted leveraging a zero-day flaw to achieve remote code execution on vulnerable devices, and advised admins to … More →

The post 2,000 Palo Alto Networks devices compromised in latest attacks appeared first on Help Net Security.

全球动态1. Apache Hertz Beat漏洞让攻击者渗透敏感数据此漏洞被归类为低严重性，它可能被威胁行为者利用，以获得未经授权的敏感数据访问。【外刊- 阅读原文】2. 谷歌宣布一项开创性新功能“屏蔽电子邮件”谷歌推出一项名为“屏蔽电子邮件”的新功能，旨在彻底改变电子邮件隐私和打击垃圾邮件。【外刊- 阅读原文】3. 国家标准《健康医疗数据安全指南》数据安全措施实践《指南》给出了具体的安全措施

ИИ в соцсетях открыл две стороны медали – искусственный контент и миллионный заработок из воздуха.

Apache ZooKeeper Admin Server IPAuthenticationProvider 认证绕过漏洞分析 （CVE-2024-51504）

2024 DSBCTF_单身杯 crypto

2024-强网杯-pickle_jail分析

2024 ISCTF-Crypto-WP

深入解析Windows内核I/O系统：内核模式与用户模式的通信实现

spring +fastjson 的 rce