Aggregator

24 апреля в Москве более трехсот руководителей ИБ-служб соберутся на межотраслевой конференции по ИБ.

加强工业互联网安全分类分级管理，落实企业网络安全主体责任。

SpyX 是一家因开发间谍软件而声名狼藉的公司，该公司遭遇了数据泄露事件，致使近 200 万用户的个人信息被泄露。

加强工业互联网安全分类分级管理，落实企业网络安全主体责任。

SpyX 是一家因开发间谍软件而声名狼藉的公司，该公司遭遇了数据泄露事件，致使近 200 万用户的个人信息被泄露。

In AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT applications, which rely on predefined rules and static algorithms, ML models are dynamic—they develop their own internal patterns and decision-making processes by analyzing training data. Their behavior can change as they learn from new data. This adaptive nature introduces unique security challenges. Securing these models requires a new approach that not only addresses … More →

The post A CISO’s guide to securing AI models appeared first on Help Net Security.

CSS-in-JS 是一种前端开发技术，它将 CSS 代码直接嵌入到 JavaScript 代码中，以解决传统 CSS 的一些局限性。

Конец эпохи bigsmp и поддержки RAM > 4 ГБ.

A vulnerability classified as problematic has been found in idcCMS 1.35. Affected is an unknown function of the file /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-36550. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file admin/vpsClass_deal.php?mudi=add. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-36547. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in idcCMS 1.35 and classified as problematic. This vulnerability affects unknown code of the file admin/vpsCompany_deal.php?mudi=del. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-36548. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Uniview NVR301-04S2-P4. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-3850. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Brizy Plugin up to 2.4.43 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Form Functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1164. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Brizy Plugin up to 2.4.43 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Form Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-2087. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Brizy Plugin up to 2.4.43 on WordPress. It has been classified as problematic. This affects an unknown part of the component Widget Link to URL. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-3667. It is possible to initiate the attack remotely. There is no exploit available.

Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes. “Malwoverview is simple and direct, integrating multiple public sandboxes to retrieve and display only relevant information. It enables professionals to gather broad insights into a threat before analyzing it. The tool pulls data from sources like VirusTotal, Hybrid Analysis, Malshare, URLHaus, Polyswarm, AlienVault, Malpedia, Malware Bazaar, Triage, InQuest, and Virus Exchange. … More →

The post Malwoverview: First response tool for threat hunting appeared first on Help Net Security.

A vulnerability classified as critical was found in Red Hat OpenShift. Affected by this vulnerability is an unknown functionality of the component kubevirt-csi. The manipulation leads to trust boundary violation. This vulnerability is known as CVE-2024-1725. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in HP Display Control and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2024-24970. Attacking locally is a requirement. There is no exploit available.