Aggregator

2024羊城杯ezJava EventListenerList新链反序列化

CISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-247-01 LOYTEC Electronics LINX Series

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2021-20123 Draytek VigorConnect Path Traversal Vulnerability
• CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability
• CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Традиционные антивирусы бессильны перед атакой на серверы.

近期，某知名制造业企业HR又收到了来自红队“求职者”的简历，显示名为「陈梓锋-华南理工大学-硕士」的压缩文件，经分析，本次钓鱼攻击使用了多款远控C2，规避调试器、规避内存扫描等，对抗技术丰富。

此类攻击的实施者可以通过破坏卫星系统来利用它，从而破坏通信和数据泄露，并影响导航和计时信息。

Переполнение буфера превращает ваши устройства в удобные цифровые мишени.

Почему иностранные боты опасны для России?

Цифровые удостоверения помогут доказать, что вы не машина.

Обнал за один клик помогает избегать обнаружения и работать из тени.

人工智能技术使网络犯罪激增，勒索软件支付额飙升，该如何应对？

榜上有名

实力上榜！360成了网安界的“显眼包”

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
When intruders want to break into an establishment, they look for an opening. An open port is one of the openings that a hacker or threat actor looks for to access a digital network. That open port may be on a firewall, a server, or any network-connected computing device. Just as a single unlocked door … Continued

The FTC has ordered Verkada to implement a comprehensive information security program to address its lax security practices that allowed a hacker to compromise customer security cameras.  Verkada will pay a $2.95 million fine for violating the CAN-SPAM Act by sending unsolicited commercial emails to prospective customers. The proposed order, which requires court approval, mandates […]

The post Verkada Pay $2.95 Million Failed To Secure Data Lead To Massive Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

一图读懂强制性国家标准GB 44495－2024《汽车整车信息安全技术要求》。

2024年国家网络安全宣传周将于9月9日至15日在全国范围举行。

在全球数字化、信息化、智慧化迅猛发展的浪潮中，关键信息基础设施正面临前所未有的威胁与挑战，关键信息基础设施安全保护已成为维护国家安全、保障经济社会稳定的战略要务。

北京市发布了《中国（北京）自由贸易试验区数据出境负面清单管理办法（试行）》和《中国（北京）自由贸易试验区数据出境管理清单（负面清单）（2024版）》，在全国范围内成功地探索并落地了具有“北京特色”的自贸区数据跨境先行先试政策。

意见反馈截止日期为2024年10月3日前。