Aggregator

The developer of the powerful Pegasus spyware was found liable on Friday for its role in the infect

Heap Overflow Flaw Threatens Industrial Control Systems Globally
Siemens issued a security advisory for a vulnerability affecting industrial control systems in its User Management Component that could enable attackers to execute arbitrary code. The heap-based buffer overflow flaw impacts products used in manufacturing and the energy sector.

Government Shutdown Could See Thousands of Federal Cyber Workers Furloughed
A looming shutdown could sharply reduce the Cybersecurity and Infrastructure Security Agency's operations, furloughing two-thirds of its workforce and exposing critical federal networks to heightened cyber threats, especially as malicious actors target vulnerable systems during the holiday season.

Looking Back on the Ransomware Attacks, Resilience Lessons and Tech Trends
In the latest weekly update, ISMG editors discussed defining cybersecurity moments of 2024, from the CrowdStrike outage and its implications for vendor resilience to ransomware's continued evolution, and the shifting dynamics in the tech industry affecting startups and M&A activity.

US Seeks Extradition of Dual Russian and Israeli Citizen Rostislav Panev from Israel
A newly unsealed U.S. federal indictment against Rostislav Panev says the LockBit ransomware operation paid the Israeli national a $10,000 monthly salary for coding and consulting services. Federal prosecutors are seeking Panev's extradition from Israel following his August arrest.

Today’s startups have an advantage with the rising popularity of artificial intelligence (AI) to enh

OpenAI 发布高级推理模型 o3OpenAI 发布了下一代推理模型 o3，这是今年早些时候发布的 o1「推理」模型的最新版本。就像 o1 一样，o3 是一个模型家族，o3-mini 是一款更小的精

小红书大批封号引热议，客服称未说明处罚时间就是永封；意大利对 OpenAI 处以 1500 万欧元罚款；美国要求英伟达调查其芯片如何流入中国

小红书大批封号引热议，客服称未说明处罚时间就是永封；意大利对 OpenAI 处以 1500 万欧元罚款；美国要求英伟达调查其芯片如何流入中国

OpenAI 发布高级推理模型 o3OpenAI 发布了下一代推理模型 o3，这是今年早些时候发布的 o1「推理」模型的最新版本。就像 o1 一样，o3 是一个模型家族，o3-mini 是一款更小的精

A vulnerability, which was classified as critical, has been found in Keyfactor Command. Affected by this issue is some unknown functionality of the component Access Token Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-49202. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Keyfactor Remote File Orchestrator 2.8.0. Affected is an unknown function of the component Logging Level Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-49201. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Digiteam 4.21.0.0 and classified as critical. This vulnerability affects unknown code of the file /RoleMenuMapping/AddRoleMenu. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-37758. Access to the local network is required for this attack to succeed. There is no exploit available.

IntelBroker Claims to have Leaked the Data of University of Bahrain

Mastering Codebase Migration: Strategies for Smooth Transition SuccessUnderstanding the Challenges

一、实施针对政治安全的“网络干扰选举战”，具有“统筹运作、多管齐下”的特点。互联网近年来已成为政治角力新战场，网络攻击政治化趋势日益明显。“网络干扰选举战”是指在网络空间发起的针对选举系统、候选人、选

国家间网络斗争博弈日益加剧，网络战成为国家实现政治、军事、经济等利益的重要手段。

CNCERT处置两起大型科技企业网络攻击事件近日，国家互联网应急中心（CNCERT）处置了两起美对我大型科技企业机构进行网络攻击窃取商业秘密事件，事件概况如下。2024年8月起，我国某先进材料设计研究

CNCERT处置两起网络攻击事件，辉立证券客户账号遭黑客入侵……