Aggregator

Apache NiFi 高版本命令执行利用

某省移动网络安全技能竞赛决赛 个人赛第一名wp

This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data

Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include:

• The Canadian Centre for Cyber Security (CCCS).
• United Kingdom’s National Cyber Security Centre (NCSC-UK).
• New Zealand’s National Cyber Security Centre (NCSC-NZ).
• Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC).

Cyber threats to user privacy and data are growing, requiring customers to evaluate their processes for acquiring products and services from technology manufacturers. Proactive integration of security mitigations into the procurement process can assist in managing risks present within the technology supply chain and reduce costs for organizations. This guidance aids procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design. This is an update to previously released guidance (Secure by Design Choosing Secure and Verifiable Technologies).

CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.

Cisco released security updates to address a vulnerability in Cisco NX-OS software. A cyber threat actor could exploit this vulnerability to take control of an affected system. 

CISA encourages users and administrators to review the following advisory and apply the necessary updates:

• Cisco NX-OS Software Image Verification Bypass Vulnerability

CISA released two Industrial Control Systems (ICS) advisories on December 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software
• ICSA-24-340-02 Planet Technology Planet WGS-804HPT

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

All three were awarded the “Distinguished Rank,” the highest category of Presidential Rank Awards.

网络钓鱼电子邮件越来越多地使用 SVG 附件来逃避检测

酒业巨头Stoli因勒索攻击无法正常运转，正式申请破产

真•软件管家！微软商店现在可以更新通过外部安装的软件 即非商店软件也能更新

A vulnerability was found in Adobe Flash Player 11.2.202.491/18.0.0.209. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2015-5134. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Microsoft has found that Russian APT Secret Blizzard piggybacks on other cybercriminals' infr4asytructure to conduct cyber espionage

A vulnerability classified as problematic was found in FreeBSD 6.0. This vulnerability affects the function PT_LWPINFO of the component ptrace. The manipulation leads to denial of service. This vulnerability was named CVE-2006-4516. Access to the local network is required for this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Any good ways to learn coding

SurePath AI launched SurePath AI Discover, a new offering that provides visibility into a company’s employee use of public AI services. By classifying AI use by intent and identifying sensitive data violations, companies can better understand the volume, use case, and risk of AI use across their organization. “Our launch of the GenAI discovery program creates a first-in-industry solution for our launch partners,” said Jim Melton, VP of Alliance at SurePath AI. “We are excited … More →

The post SurePath AI Discover classifies AI use by intent and detects sensitive data violations appeared first on Help Net Security.

作者：Jinzhong Xu 原文链接：https://xujinzh.github.io/2024/01/08/ai-Interlm-langchain-RAG/index.html 本篇介绍基于 InternLM 和 LangChain 搭建私人知识库。 python!conda create --name internlm_langchain --clone=/root/share/c...

CVE-2024-31317 复现

快捷指令 | 把价值千万的爱彼三问报时装进 iPhone

谷歌浏览器类型混淆漏洞让攻击者能够执行远程代码

附更新方法：树莓派与美光合作通过调整内存时序提升Raspberry Pi 4/5性能