Aggregator

A vulnerability was found in Oracle Adaptive Access Manager 11.1.1.5/11.1.1.7/11.1.2.1/11.1.2.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library lib/commons-beanutils-1.8.0.jar of the component OAAM Server. The manipulation of the argument this leads to improper input validation. This vulnerability is known as CVE-2014-0114. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

HomeWindowsPowerToys v0.87.0 更新，新建+ 功能支持 Windows 10，预览窗格支持 .ahk 文件、高级粘贴的 AI 功能

A vulnerability was found in Zeroo HTTP Server 1.5. It has been classified as critical. Affected is an unknown function of the component GET Request Handler. The manipulation leads to path traversal. This vulnerability is traded as CVE-2002-2416. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €

「因材施教」，在 AI 时代有了新意义。整理 | Li Yuan编辑 | 靖宇因材施教，是从有教育这个概念开始，人类就一直有的教育梦想。然而受限于现实因素，在过去，将教育普及到所有人身边，已经十分困难

把大模型拉下神坛。整理 | 连冉编辑 | 靖宇两年前，大模型刚兴起时，周鸿祎开始用四个「你相不相信」呼吁现场建立 AI 信仰，从此踏上「AI 布道者」之路。去年，作为国内第一批发布大模型的互联网公司，

「因材施教」，在 AI 时代有了新意义。

把大模型拉下神坛。

What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing cybersecurity operations enterprise-wide is not feasible for just one person. In 2025, I foresee a shift in CISO accountability. Security will be a business-wide responsibility As security touches and impacts every aspect of the organization, it’s no surprise that it will … More →

The post CISO accountability: Navigating a landscape of responsibility appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in WPC Shop as a Customer for WooCommerce Plugin up to 1.2.8 on WordPress. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-12432. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Video Share VOD Plugin up to 2.6.30 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12449. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Philantro Plugin up to 5.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12500. It is possible to launch the attack remotely. There is no exploit available.

The artificial intelligence boom has created an unprecedented demand for GPU computing power, but ac

7 款实用的DevSecOps工具，保障软件开发全程安全 日期：2024年12月18日 阅：71

DevSecOps已改变了软件开发模式，它将安全从事后考虑因素转变为开发过程中不可或缺的一部分。DevSecO […]

特斯拉新车被曝出现大量自动驾驶电脑故障；以色列间谍软件公司Paragon以36亿元被美国公司收购 | 牛览 日期：2024年12月18日

新闻速览 •特斯拉新车被曝出现大量自动驾驶电脑故障 •微软365安全性遭亚马逊质疑，行业巨头安全博弈再升级？ […]

In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor onboarding, and updating privacy requirements to ensure compliance across third-party contracts. From leveraging automation and AI-driven tools to streamline vendor onboarding to practical strategies for updating thousands of contracts with evolving privacy requirements, this interview explores actionable solutions for organizations aiming to build scalable compliance frameworks.

The post Key steps to scaling automated compliance while maintaining security appeared first on Help Net Security.

● 点击↑蓝字关注我们，获取更多安全风险通告漏洞概述漏洞名称Apache Tomcat 远程代码执行漏洞漏洞编号QVD-2024-51272,CVE-2024-50379公开时间2024-12-17影