Aggregator

白皮书涵盖了网络安全服务的基本组成要素，通过利用网络安全、数据安全、信息安全服务的标准作为支撑，构造了一个覆盖全生命周期的理论框架。

CCS 2024成都网络安全大会于9月11日至12日在成都高新创合中心盛大召开，关键领域头部企业和行业大咖云集于此，共同探讨网络安全的未来之路。

白皮书由中国信息安全测评中心指导，华为技术有限公司联合中国移动通信集团有限公司等行业单位专家共同编撰。

Discover how to define use cases, scale SecOps automation, and align technologies to enhance your security operations and stay ahead of modern threats.

一项研究发现，与训练有素的 AI 聊天机器人进行对话有助于减少阴谋论信仰。研究调查了 GPT-4 Turbo 等大模型 (LLM) 是否能利用其巨大的信息获取能力以及使用直接针对相信者提出的对具体证据的定制反驳来有效地揭穿阴谋论。在一系列涵盖 2190 名相信阴谋论者的实验中，参与者与 LLM 进行了几次个性化互动，分享了他们的阴谋论信仰以及他们认为的支持这些信仰的证据。LLM 也会类似地通过定制的、事实的和基于证据的反驳直接驳斥这些说法。一位受雇评估 GPT-4 Turbo 所作声明准确性的专业事实核查员报告说，在这些声明中，99.2% 被评为“真实”，0.8% 被评为“误导”，0 被评为“虚假”；并且没有发现任何声明包含自由派或保守派偏见。研究人员发现，由 AI 驱动的对话能使参与者的被误导的信念平均减少 20%。这种效应持续了至少 2 个月，并且在各种不相关的阴谋论以及各个人口统计类别中均被观察到。这些发现挑战了这样一种观念，即某人一旦采信了阴谋论，证据和论据就无效了。他们还质疑了社会-心理学理论，该理论将心理需求和动机作为阴谋论信念的主要驱动因素。

Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system.  

At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life). 

CISA recommends users and administrators review CISA and FBI's joint guidance on eliminating OS command injections and the Ivanti security advisory and apply the recommended updates. 

Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats. 

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-8190 Ivanti Cloud Services Appliance OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23).

The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs. The infographic highlights the most successful techniques for each tactic that RVAs documented. Both the analysis and infographic map threat actor behavior to the MITRE ATT&CK® framework.

CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques.

A vulnerability, which was classified as very critical, has been found in Daniel Stenberg cURL up to 7.4. Affected by this issue is some unknown functionality of the component Error Message Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2000-0973. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A hacker known as Amadon has reportedly managed to bypass the safety protocols of ChatGPT, a popular AI chatbot developed by OpenAI, to generate instructions for creating homemade explosives. This incident raises significant questions about generative AI technologies’ security and ethical implications. How It Happened Amadon employed a technique known as “jailbreaking” to manipulate ChatGPT […]

The post Hacker Tricks ChatGPT to Get Details for Making Homemade Bombs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Realm.Security has launched a platform for collecting and normalizing cybersecurity telemetry data that promises to streamline analytics.

The post Realm.Security Emerges to Tackle Cybersecurity Data Management appeared first on Security Boulevard.

A vulnerability was found in Adobe ColdFusion up to 2021.12/2023.6. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2024-45113. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Photoshop Desktop up to 24.7.4/25.11. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-45109. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Photoshop Desktop up to 24.7.4/25.11 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-45108. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Photoshop Desktop up to 24.7.4/25.11 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-43756. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Adobe ColdFusion up to 2021.15/2023.9. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-41874. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in gnuedu. Affected is an unknown function of the file web/logout.php. The manipulation of the argument LIBSDIR leads to code injection. This vulnerability is traded as CVE-2007-2609. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

医院因暗网数据泄露赔付6500万美元，伦敦交通局确认信息被盗……

Утечка переписок раскрыла тайные планы главного помощника Джулиана Ассанжа.

A vulnerability was found in gnuedu. It has been rated as critical. This issue affects some unknown processing of the file scripts/weigh_keywords.php. The manipulation of the argument ETCDIR leads to code injection. The identification of this vulnerability is CVE-2007-2609. The attack may be initiated remotely. Furthermore, there is an exploit available.