Aggregator

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, cybersecurity companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared with The Hacker News, adding

GNU Shepherd is a service manager designed to oversee the system’s daemons. It functions both as an “init” system (PID 1) and as a tool for unprivileged users to manage per-user daemons. GNU Shepherd GNU Shepherd supports various daemon startup mechanisms, including inetd, systemd-style socket activation, and timers. The Shepherd provides built-in services such as syslog and log rotation. Configuration and extensions are written in Guile Scheme, leveraging a straightforward, memory-safe, and callback-free programming model. … More →

The post 21 years since its inception, GNU Shepherd 1.0.0 is released appeared first on Help Net Security.

再攀新高！盛邦安全连续五年上榜CCIA50强

国家计算机病毒应急处理中心监测发现12款违规移动应用

盛邦安全GITEX GLOBAL 2024首秀，构筑网络安全纵深防御体系

盛邦安全世界互联网大会获多方肯定，新兴技术探索受媒体关注

[漏洞挖掘与防护] 05.CVE-2018-12613：phpMyAdmin 4.8.1后台文件包含缺陷复现及防御措施

WebRTC是一种支持浏览器之间点对点通信的框架，其握手过程采用DTLS协议。

可接管账户权限，DeepSeek 和 Claude AI 存在命令注入漏洞

Dell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software. The vulnerability, identified as CVE-2024-49600, could allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected systems. Users are urged to update immediately to mitigate potential risks. The vulnerability has been […]

The post Dell Warns of Critical Code Execution Vulnerability in Power Manager appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in SGI IRIX 6.5.22 and classified as critical. This vulnerability affects unknown code of the file usr/sysadm/privbin. The manipulation leads to improper privilege management. This vulnerability was named CVE-2005-2925. An attack has to be approached locally. Furthermore, there is an exploit available.

Последние разработки в мире ИБ меняют подход к безопасности приложений и операционных систем.

欧洲粒子物理研究所（CERN）报告，大强子对撞机（LHC）发现了 Hyperhelium-4 反物质粒子的首个证据。超核(Hypernuclei)是由质子、中子和超子形成的奇异核。超核是在宇宙射线中的发现的，至今有 70 多年历史，由于其不稳定且在自然界极其罕见，在实验室里制造和研究也极具挑战性，因此仍然充满着谜团。现在 LHC 的 ALICE 团队报告发现了 Hyperhelium-4 反物质粒子的首个证据，统计显著性为 3.5 个标准差。Hyperhelium-4 的反粒子由两个反质子、一个反中子和一个反 λ 粒子构成。

A vulnerability classified as problematic has been found in Apache HTTP Server up to 1.3.6. Affected is an unknown function. The manipulation with the input %5C leads to path traversal. This vulnerability is traded as CVE-2001-0042. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dameng DM Database Server. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library wdm_dll.dll. The manipulation leads to memory corruption. This vulnerability is known as CVE-2010-2159. The attack can be launched remotely. Furthermore, there is an exploit available.