Aggregator

【内含福利】第七期「度安讲」技术沙龙议题征集！

Confucius组织在本次攻击行动中使用了ADS（Alternate Data Streams）特性来隐藏恶意文件，这种技术在之前该组织的攻击活动中未出现过。鉴于此，我们将重点披露该组织使用ADS加载恶意组件的整个流程

官方称不存在风险

QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]

·政策 《江西省“数据要素×”三年行动实施方案（2024-2026年）》 《自治区数据要素市场化配置改革实施意见（征求意见稿）》  ·报告 《中国网络安全产业分析报告（2024年）》 《车路云一体化系统建设与应用指南》

从可观测性与应用安全技术研讨会上了解基调听云最新技术实践。

A vulnerability was found in ZyXEL ZyNOS 3.40/Is.3/Is.5. It has been declared as problematic. This vulnerability affects unknown code of the file rpfwupload.html of the component Configuration File. The manipulation leads to denial of service. This vulnerability was named CVE-2004-1540. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A Threat Actor Allegedly Leaked Databases of KVacDoor

Почему технология не может конкурировать с человеческим творчеством.

奇安信集团发布首个《政务大模型安全治理框架》

The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites

Atlanta, GA, Oct. 30, 2024, CyberNewswire — The American Transaction Processors Coalition (ATPC) Cyber Council will convene “The Tie that Binds: A 21st Century Cybersecurity Dialogue,” on October 31, 2024, at the Bank of America Financial Center Tower’s Convention Hall … (more…)

The post News alert: Cybersecurity, AI priorities for 2025 highlighted at ATPC Cyber Forum in Atlanta first appeared on The Last Watchdog.

The post News alert: Cybersecurity, AI priorities for 2025 highlighted at ATPC Cyber Forum in Atlanta appeared first on Security Boulevard.

Уникальные модели раскрывают, как параллельные миры образуют стабильные структуры.

A Threat Actor is Allegedly Selling Admin Access of an Unidentified Shop in Australia

ASCIRES Has Been Claimed a Victim to Dragon Ransomware

随着大语言模型（LLM）的发展，研究显示其在网络威胁情报（CTI）提取中具备高效性和准确性。蒙特利尔大学等机构的研究用GPT-3.5-turbo模型从网络犯罪论坛提取关键信息，取得98%的准确率，为CTI自动化分析提供了新方向。

With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.

A vulnerability, which was classified as critical, has been found in DrayTek Vigor 3900 1.5.1.3. This issue affects the function doSSLTunnel of the file mainfunction.cgi. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-51258. The attack may be initiated remotely. There is no exploit available.