Aggregator

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

用户在未首先验证该软件是否合法，然后使用 VirusTotal 等多引擎防病毒工具进行扫描的情况下，切勿安装用户通过社交媒体推荐的软件。

在当今信息化社会，政务领域的数字化转型已成为提升行政效率和服务质量的关键。随着大数据、人工智能等技术的广泛应用，越来越多的政府部门依托先进的技术手段，提升了决策的科学性、工作的透明度和公众的满意度。然而，随之而来的数据泄露、网络攻击等安全威胁也愈发突出。政府机构的安全性不仅关乎公民个人信息的保护，更直接影响到国家的安全和社会稳定。 为了应对这些挑战，政府部门在信息化建设过程中不断加大对网络安全的投入，强化数据加密、身份认证、访问控制等多重防护措施，同时加强对网络攻击的预警与应急响应能力建设。此次，我们将展示一些政务行业中的典型案例，探索如何通过创新举措，推动政府信息化建设，同时提升网络安全性，保障公共服务的安全性和连续性。 PS：典型案例展示排名不分先后，按企业简称首字母排序。

Data Protection, Firewall Stocks Surge as Vulnerability Management Stocks Struggle
Fortunes diverged for publicly-traded cybersecurity companies in 2024, as the technology category they played in and market share they held largely determined their fate. Investors last year looked favorably upon companies in the data protection space, with Commvault and Rubrik recording big gains.

Do Hyeong Kwon Extradited to US For Allegedly Defrauding Investors Out of Billions
Authorities say Do Hyeong Kwon, former CEO of Terraform Labs, appeared in a Manhattan federal courtroom Thursday after facing extradition from Montenegro over allegations he defrauded investors out of billions of dollars while misrepresenting his company’s cryptocurrency and other products.

俄罗斯总统普京下令政府以及联邦储蓄银行(Sberbank)加强与中国在 AI 上的合作。俄罗斯联邦储蓄银行是该国最大银行，领导了其 AI 研发工作。因俄罗斯入侵乌克兰，西方对俄罗斯的制裁导致了主要芯片公司停止向俄罗斯出口芯片，遏制了其 AI 野心。联邦储蓄银行 CEO German Gref 在 2023 年承认，用于 AI 的 GPU 芯片是最难取代的硬件。通过与非西方国家合作，俄罗斯正寻求挑战美国在 AI 上的主导地位。根据 Tortoise Media 的全球 AI 指数，俄罗斯在 83 个国家中排名第 31 位，不仅远远落后于美国和中国，也远远落后于印度和巴西。

error code: 521

上周，在混沌通信大会（CCC）上出现的一个新发现动摇了 Windows 可信赖的 BitLocker 加密技术的基础。安全研究员托马斯-兰伯茨（Thomas Lambertz）在其题为 “Windows BitLocker：没有螺丝刀也能拧紧 ”的演讲中暴露了一个明显的漏洞，该漏洞允许攻击者绕过 BitLocker 加密并访问敏感数据，即使是在据称已针对该漏洞打了补丁的系统上也是如此。 这个被称为 “bitpixie”（CVE-2023-21563）的漏洞最初于 2022 年 11 月被微软解决。然而，Lambertz 演示了攻击者如何利用过时的 Windows 引导加载器通过安全启动来提取加密密钥。这种攻击只需要对设备进行瞬间物理访问和网络连接，无需使用螺丝刀或硬件黑客。 其根本原因在于 UEFI 中的证书存储空间有限，而 UEFI 是启动过程中的一个关键组件。新的安全启动证书预计在 2026 年前无法获得。作为临时措施，Lambertz 建议用户为 BitLocker 设置自定义 PIN 或通过 BIOS 禁用网络访问。不过，即使是基本的联网 USB 设备也有可能为攻击提供便利。 虽然普通用户可能不是主要攻击目标，但对企业、政府和其他高安全环境的影响却很大。只需短暂的物理访问就能完全解密设备，这引起了人们对数据保护的严重关注。 对于那些希望进一步探讨这一话题的人，CCC 媒体中心网站上有兰伯特 56 分钟演讲的完整录音。它深入探讨了错综复杂的技术问题，并解释了为什么解决这一漏洞会带来如此艰巨的挑战。   转自安全KER，原文链接：https://www.anquanke.com/post/id/303246 封面来源于网络，如有侵权请联系删除

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'CrisprXiang With FDU and Hao Huang with FDU' was reported to the affected vendor on: 2025-01-03, 60 days ago. The vendor is given until 2025-05-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nikolai Skliarenko of Trend Micro Security Research' was reported to the affected vendor on: 2025-01-03, 11 days ago. The vendor is given until 2025-05-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

 A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among cybersecurity experts and software users. The flaw, which could allow malicious attackers to access sensitive user data, underscores the importance of timely updates and vigilant software management. Vulnerability Details Security researchers disclosed the details of the vulnerability late last week. […]

The post iTerm2 Emulator Vulnerability Let Attackers Access Sensitive User Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Technology / Data PrivacyApple has agreed to pay $95 million to settle a proposed class action law

Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the

The chief information security officer (CISO) role has undergone a remarkable transformation, evolving from a purely technical position to a role that bridges business strategy, operational efficiency, and cybersecurity.

The post The modern CISO is a cornerstone of organizational success appeared first on Help Net Security.

A vulnerability was found in Microsoft Windows Server 2012 up to Server 2019. It has been rated as critical. This issue affects some unknown processing of the component Cluster Shared Volume. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2022-29150. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows Server 2012 up to Server 2019. Affected is an unknown function of the component Cluster Shared Volume. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2022-29151. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Visual Studio, .NET and .NET Core. It has been classified as critical. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-29145. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.