Aggregator

RDI技术以其高效和隐蔽的特性，在恶意代码开发中占据了不可替代的地位，尤其是在现代C2架构中发挥着关键作用。

Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options

Samba is the standard suite of programs that enables seamless interoperability between Linux/Unix and Windows systems. Version 4.21 has been officially released. Hardening In previous versions of Samba, if a user or group name in either option could not be resolved to a valid SID, the user (or group) would be skipped without any notification. This could result in unexpected and insecure behavior. Starting with this version of Samba, if any user or group name … More →

The post Samba 4.21 comes with upgraded security features appeared first on Help Net Security.

США ужесточат условия безопасности цепочек поставок ПО.

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. This vulnerability is traded as CVE-2024-8412. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #401770 / VDB-276224

A vulnerability, which was classified as problematic, has been found in ABCD ABCD2 up to 2.2.0-beta-1. This issue affects some unknown processing of the file /buscar_integrada.php. The manipulation of the argument Sub_Expresion leads to cross site scripting. The identification of this vulnerability is CVE-2024-8411. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. This vulnerability was named CVE-2024-8410. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. This vulnerability is uniquely identified as CVE-2024-8409. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #400792 / VDB-276492

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an "illegal database with billions of photos of faces," including those of Dutch citizens. "Facial recognition is a highly intrusive technology that you

Китайские власти преследуют интернет-активистов.

Submit #398843 / VDB-276491

Submit #398806 / VDB-276490

美国油服巨头 Halliburton 周二证实上个月遭到了网络攻击，表示未经授权的第三方访问并删除了其系统中的数据。上个月的攻击影响了 Halliburton 休斯顿园区和部分全球网络的业务运营。总部位于休斯顿的 Halliburton 是全球最大的油服公司之一，为全球主要能源公司提供钻井服务和设备，有近 48,000 名员工。该公司表示正在评估被删除信息的性质和范围，但认为不太可能产生重大影响。它没有透露更多信息，包括是否被黑客联系商讨支付赎金之类。

Системы безопасности работают в усиленном режиме.

在本文中，我们盘点了最具代表性的十款数据安全态势管理（DSPM）工具，并总结了其对应的功能、优势，方便大家全面了解这些工具的潜力和适用场景。

UK’s Financial Ombudsman warns fraud and scams hit a record high in Q2 2024

勒索软件攻击依然是当今企业面临的最大安全威胁之一。根据Sophos的报告，59%的企业在2023年遭遇了勒索软件攻击，其中56%的受害者最终选择支付赎金以恢复数据。

Hackread报道，黑客HikkI-Chan在Breach论坛泄露了俄罗斯最大社交网站VK超过3.9亿用户个人数据。