安全动态回顾|国家金融监督管理总局发布《银行保险机构数据安全管理办法》 黑客通过第三方违规窃取ZAGG客户信用卡信息
快速浏览!2024.12.30—2025.1.5安全动态周回顾。
Aggregator
2024中国网络安全产业势能榜优能企业「金融行业」典型案例展示
3 months 3 weeks ago
金融行业一直是信息安全的重点领域,随着金融科技的快速发展和数字货币的崛起,金融机构面临着前所未有的挑战。数据泄露、网络攻击等安全事件的频发,促使金融企业加强安全保障。然而,信息安全的提高不仅仅是防止外部威胁的关键,更重要的是确保业务在突发事件或安全事件发生时的连续性和稳定性。
为了应对不断变化的威胁环境,金融机构纷纷部署多层次的安全防护措施,包括灾难恢复计划、业务连续性管理(BCM)和关键基础设施的冗余设计等等。在这其中,云计算、大数据分析和人工智能等技术也发挥了重要作用,使得金融机构能够在遇到安全攻击或系统故障时迅速恢复业务并保证客户服务不受影响。
本期我们将通过一系列典型案例,展现金融行业如何通过强化风险防控、提升业务连续性管理,创新安全解决方案,有效应对复杂的安全威胁,并确保金融服务的连续性和可靠性。
PS:典型案例展示排名不分先后,按企业简称首字母排序。
LDAPNightmare: опубликован эксплойт критической уязвимости Windows
3 months 3 weeks ago
Всего одного запроса достаточно, чтобы разрушить любую инфраструктуру.
安全动态回顾|国家金融监督管理总局发布《银行保险机构数据安全管理办法》 黑客通过第三方违规窃取ZAGG客户信用卡信息
3 months 3 weeks ago
2024中国网络安全产业势能榜优能企业「金融行业」典型案例展示
3 months 3 weeks ago
CVE-2009-3099 | HP Operations Manager 8.1 HP OpenView Remote Code Execution (EDB-18619 / Nessus ID 34970)
3 months 3 weeks ago
A vulnerability classified as very critical was found in HP Operations Manager 8.1. Affected by this vulnerability is an unknown functionality of the component HP OpenView. The manipulation leads to Remote Code Execution.
This vulnerability is known as CVE-2009-3099. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2013-7316 | GitLab 6.0 README.html cross site scripting (EDB-30329 / XFDB-89932)
3 months 3 weeks ago
A vulnerability was found in GitLab 6.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file README.html. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2013-7316. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Collatzeral Damage: Bitwise and Proof Foolish
3 months 3 weeks ago
Let’s talk about the Collatz Conjecture, which is like mathematicians’ original version of thi
FSF 呼吁迁移出 GitHub 以抗议微软 Windows 11 对 TPM2.0 的强制性要求
3 months 3 weeks ago
微软高管上个月表示,TPM2.0 对 Windows 11 是必不可少的,不配备 TPM 的 Windows 10 电脑将无法升级到 Windows 11。TPM 代表 Trusted P
FSF 呼吁迁移出 GitHub 以抗议微软 Windows 11 对 TPM2.0 的强制性要求
3 months 3 weeks ago
微软高管上个月表示,TPM2.0 对 Windows 11 是必不可少的,不配备 TPM 的 Windows 10 电脑将无法升级到 Windows 11。TPM 代表 Trusted Platform Module,是用于储存加密密钥等敏感数据的专用安全芯片或固件,提供了硬件级安全性,确保敏感数据没有未经授权访问。对于 Windows 11 对 TPM2.0 的强制性要求,自由软件基金会(FSF)呼吁举行抗议,认为 Windows 10 即将终止支持,将无法再获得安全更新,而仍然能正常运行的 Windows 10 电脑无法升级到 Windows 11 是微软自己制造的问题。FSF 呼吁 Windows 10 用户或者迁移到 GNU/Linux,避开微软的新软件,将自己的项目迁移出微软旗下的代码托管平台 GitHub。减少数字垃圾,摆脱微软的控制,实现自己控制软件的权利。
恶意软件通过木马 VPN 应用和 SEO 投毒传播,推测其目标是中文用户
3 months 3 weeks ago
一种名为PLAYFULGHOST的新恶意软件具有多种信息收集功能,例如键盘记录、屏幕捕获、音频捕获、远程 shell 以及文件传输/执行。
恶意软件通过木马 VPN 应用和 SEO 投毒传播,推测其目标是中文用户
3 months 3 weeks ago
主站 分类 漏洞 工具 极客
Sam Altman称每月200美元的ChatGPT Pro正在亏损 因为大家使用次数超预期
3 months 3 weeks ago
#人工智能 这也能亏麻了?Sam Altman 称每月 200 美元的 ChatGPT Pro 订阅版正在亏损,因为大家的使用次数超过预期。Sam 透露 200 美元这个价格是他亲自选
如何重置 Firefox 浏览器?
3 months 3 weeks ago
Balancing proprietary and open-source tools in cyber threat research
3 months 3 weeks ago
In this Help Net Security interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses how threat research drives faster, better decision-making in cybersecurity operations. Roccia provides insights into balancing internal and external research strategies, the influence of AI and geopolitical events, and how organizations can strengthen their security posture to counter threats.
The post Balancing proprietary and open-source tools in cyber threat research appeared first on Help Net Security.
Mirko Zorz
CVE-2013-5318 | Benjamin Arnaudetr Ginkgocms 5.0 index.php rang sql injection (EDB-27274 / XFDB-86395)
3 months 3 weeks ago
A vulnerability was found in Benjamin Arnaudetr Ginkgocms 5.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument rang leads to sql injection.
The identification of this vulnerability is CVE-2013-5318. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Weekly Update 433
3 months 3 weeks ago
It sounds easy - "just verify people's age before they access the ser
Weekly Update 433
3 months 3 weeks ago
It sounds easy - "just verify people's age before they access the service" - but whether we're talking about porn in the US or Australia's incoming social media laws, the reality is way more complex than that. There's no unified
Troy Hunt
CVE-2001-0421 | Sun Solaris 2.6/8.0 FTP Server CWD Password information disclosure (EDB-20764 / Nessus ID 13378)
3 months 3 weeks ago
A vulnerability was found in Sun Solaris 2.6/8.0. It has been classified as critical. This affects an unknown part of the component FTP Server. The manipulation of the argument CWD with the input ~ leads to information disclosure (Password).
This vulnerability is uniquely identified as CVE-2001-0421. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
美国Akamai将在2026年6月关闭中国CDN服务 但会转售腾讯和网宿CDN
3 months 3 weeks ago
#科技资讯 美国 CDN 网络提供商 Akamai 将在 2026 年 6 月关闭中国 CDN 服务,但会变成转售腾讯云和网宿 CDN 产品继续为跨境客户提供服务。目前 Akamai