Aggregator

作为一家设备齐全、流程完善的大公司的漏洞运营，李明（化名）格外谨慎。他非常清楚，被漏洞打穿意味着什么。李明也是被搞怕了。之前每天光漏扫都有大几十个漏洞，再加上官方&非官方渠道的漏洞消息，要修的漏洞轻松过百。这么多漏洞，李明一个人一周根本修不完，而且绝大部分的漏洞信息不足，要么不值得修，要么该修未及时修，要么就根本没法修。前段时间，公司虽然接入了新的商业漏洞情报，但李明心里依旧没底，每天盼着

因供应商未能按时删除用户数据并泄露，AT&T遭监管处罚超9000万元，并实施安全改进计划。 安全内参9月19日消息，美国联邦通信委员会（FCC）与AT&T就2023年1月发生的重大数据泄露事件达成了一项1300万美元（约合人民币9181万元）的和解协议。该事件源自AT&T的一家第三方云服务供应商。 供应商未能按时删除数据并泄露，FCC要求甲方严格落实审查责任 此次数据泄露导致AT&T超过890万名移动客户的信息被窃取。根据和解协议，一家未具名的公司，负责为AT&T提供用于营销、账单处理和生成个性化视频内容的服务，是此次事件的罪魁祸首。协议中提到，AT&T为了使用这家供应商的服务，与其共享了包括用户数据在内的大量客户信息。 AT&T与该供应商之间签署的合同中，明确规定了对这些数据进行保护和处理的要求。2016年至2020年间，经过多次审查和评估，表明该供应商遵循了数据删除政策。 然而，在2023年1月的泄露事件中，本应在2017年或2018年删除的数据被盗。FCC最终认定，AT&T对这一失误负有不可推卸的最终责任。 9月17日，在华盛顿召开的全球年度数据隐私会议上，FCC执法局局长Loyaan Egal指出，这份和解协议提醒企业，FCC正对企业在供应链中如何确保客户数据安全给予更为严格的审查。 他表示：“当我们调查美国境内企业的数据泄露事件时，若涉及到供应商，我们会重点关注这些供应商的所在地以及他们的数据保留情况。这些供应商是否有权保留被泄露的数据？你们能否有效追踪这些第三方所使用的数据？” AT&T推进数据泄露响应工作，并将实施改进计划 根据和解协议，AT&T于2023年1月6日向该供应商通报了数据泄露事件，并于同年2月7日通过在线报告表格向政府报告了此次事件。被盗数据包括客户账号中涉及的电话号码数量、账单余额、支付信息，以及针对约8.9万名受影响客户的1%的费率计划名称。 除了支付1300万美元的罚款外，AT&T还与政府达成了一项同意令，承诺对其在云端存储和保护客户数据的方式进行一系列改进。这些改进措施包括年度合规审计，以及制定一项“全面的”信息安全计划，以更好地保护敏感的客户数据。 此外，该协议要求AT&T加强对其第三方供应商生态系统的监管。具体措施包括限制对敏感客户数据的访问权限、改进对与供应商共享信息的追踪方式、严格执行数据处理要求，以及加强对供应商在其系统和网络中采用的数据保护政策和措施的监督。 在接受外媒CyberScoop采访时，AT&T发言人Alexander Byers表示，该公司从2023年3月开始通知客户此次数据泄露事件，且被盗的数据并不包括信用卡信息、社会安全号码或账户密码。 Byers在一份电子邮件声明中称：“尽管我们的系统并未在此次事件中遭到攻破，我们仍着手改进内部客户信息管理方式，并对供应商的数据管理实践实施了新的要求。” 尽管此次和解结束了FCC对2023年1月供应商云端泄露事件的调查，但FCC仍在继续调查另一宗规模更大的AT&T数据泄露事件。该事件于2023年7月曝光，黑客通过攻击第三方云平台Snowflake，窃取了几乎所有客户长达六个月的电话和短信记录。   转自安全内参，原文链接：https://www.secrss.com/articles/70402 封面来源于网络，如有侵权请联系删除

1. Bianlian勒索团伙公布新的受害公司 2. RansomHub勒索团伙公布新的受害公司 3. Play勒索团伙公布了新的受害公司

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. This vulnerability is traded as CVE-2024-9032. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manipulation of the argument comment leads to cross site scripting. The identification of this vulnerability is CVE-2024-9031. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the argument notes leads to cross site scripting. This vulnerability was named CVE-2024-9030. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #410976 / VDB-278202

A vulnerability was found in Tiandy IP Cameras 5.56.17.120 and classified as problematic. This issue affects some unknown processing of the component Service Port 3001. The manipulation as part of Request leads to information disclosure. The identification of this vulnerability is CVE-2017-15236. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

9月23日-9月30日反爬专项开测！

Submit #410565 / VDB-278201

A vulnerability has been found in GStreamer up to 1.10.1 and classified as problematic. Affected by this vulnerability is the function _parse_pat of the component mpegts Parser. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2016-9813. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in synology DS audio 3.4. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6868. Access to the local network is required for this attack. There is no exploit available.

在共和党总统候选人、前总统特朗普（Donald Trump）遭到第二次暗杀企图之后，特朗普支持者马斯克（Elon Musk）在旗下平台 X/Twitter 上周日发帖说，为什么没人试图暗杀民主党总统拜登和副总统、民主党总统候选人贺锦丽（Kamala Harris）。这一帖子后来在周一删除了。根据彭博社根据信息自由法案递交的信息披露请求，美国特勤局正对此调查，但拒绝透露更多信息。威胁美国总统或副总统是重罪，最高可判处五年监禁。白宫批评马斯克的言论是不负责任的。

On September 17 and 18, a series of devastating explosions rocked Lebanon, resulting in 37 fatalities and nearly 3,000 injuries, according to the Lebanese Minister of Public Health. Initial investigations suggest these attacks were not mere accidents but rather the result of a sophisticated cyber operation targeting communication devices. Understanding the Attack Experts indicate that […]

The post The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Webo-facto Plugin up to 1.40 on WordPress. This affects an unknown part. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2024-8853. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Envoy up to 1.28.6/1.29.4/1.30.0. It has been rated as critical. Affected by this issue is the function sendLocalReply. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-45810. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Red Hat OpenShift Service Mesh 2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-7207. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in sofastack sofa-hessian up to 3.5.4. It has been classified as very critical. Affected is an unknown function of the component SOFA Hessian Protocol Handler. The manipulation leads to injection. This vulnerability is traded as CVE-2024-46983. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Envoy 1.31.0/1.31.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect control flow. The identification of this vulnerability is CVE-2024-45807. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Envoy up to 1.28.6/1.29.4/1.30.0 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument internal_address_config leads to authorization bypass. This vulnerability was named CVE-2024-45806. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.