Aggregator

背景 有一种攻击叫做： 次级上下文穿越攻击， 也许单听名字你不理解这是怎么样一种攻击。但是下面我将用星巴克被攻陷的一个真实案例来跟你介绍这种巧妙的攻击方式以及它给我带来了怎么样的思考！正文 在尝试了一

有一种攻击叫做： 次级上下文穿越攻击。

Barings Law is planning to sue the two tech giants over numerous alleged violations of data misuse, including for AI training

A vulnerability was found in Siemens SIMATIC S7-1200 CPU 1211C AC, DC, Rly, SIMATIC S7-1200 CPU 1211C DC, SIMATIC S7-1200 CPU 1212C AC, SIMATIC S7-1200 CPU 1212C DC, SIMATIC S7-1200 CPU 1212FC DC, SIMATIC S7-1200 CPU 1214C AC, SIMATIC S7-1200 CPU 1214C DC, SIMATIC S7-1200 CPU 1214FC DC, SIMATIC S7-1200 CPU 1215C AC, SIMATIC S7-1200 CPU 1215C DC, SIMATIC S7-1200 CPU 1215FC DC, SIMATIC S7-1200 CPU 1217C DC, SIPLUS S7-1200 CPU 1212 AC, RLY, SIPLUS S7-1200 CPU 1212 DC, SIPLUS S7-1200 CPU 1212C DC, DC RAIL, SIPLUS S7-1200 CPU 1214 AC, SIPLUS S7-1200 CPU 1214 DC, SIPLUS S7-1200 CPU 1214C DC, SIPLUS S7-1200 CPU 1214FC DC, SIPLUS S7-1200 CPU 1215 AC, SIPLUS S7-1200 CPU 1215 DC, SIPLUS S7-1200 CPU 1215C DC and SIPLUS S7-1200 CPU 1215FC DC up to 4.6. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-47100. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens Industrial Edge Management OS and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-45385. The attack may be launched remotely. There is no exploit available.

Insurance company Allstate and its subsidiary Arity unlawfully collecte

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability. Threat actors gained unauthorized access to network devices, created accounts, and modified configurations. Experts urge organizations to […]

OverviewY2Q, shorthand for “Year to Quantum” – marks the critical point when quantum compute

A vulnerability has been found in Siemens Mendix LDAP up to 1.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to ldap injection. This vulnerability is known as CVE-2024-56841. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Nitin Natarajan joined the Cybersecurity and Infrastructure Security Agency (CISA) in the early day

Китай и США ведут сложные переговоры.

Pivoting in cyber thre