Aggregator

1月9日，在北京召开的中国网络空间安全协会人工智能安全治理专业委员会工作年会上，中文互联网基础语料2.0、中文互联网语料资源平台正式向社会发布。

1月10日，全国数据工作会议在京召开。会议以习近平新时代中国特色社会主义思想为指导，全面贯彻落实党的二十大和二十届二中、三中全会精神，按照全国发展和改革工作会议部署，总结2024年工作，安排部署2025年重点任务。

近日，国家发展改革委、国家数据局、财政部、人力资源社会保障部联合印发《关于促进数据标注产业高质量发展的实施意见》。

点击文章，了解最前沿的国际网安资讯！

A vulnerability classified as critical has been found in Imagination Technologies Graphics DDK up to 24.2 RTM2. This affects an unknown part of the component GPU Firmware. The manipulation leads to use of out-of-range pointer offset. This vulnerability is uniquely identified as CVE-2024-52938. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead

The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From

Microsoft Takes Legal Action Against AI “Hacking as a Service” SchemeNot sure this will ma

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
• CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.

Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance.

For more information on questions to consider during procurement discussions, see CISA’s Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To learn more about secure by design principles and practices, visit Secure by Design.

A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions

A vulnerability was found in Event Monster Plugin up to 1.4.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Visitors List Export. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-11396. The attack may be launched remotely. There is no exploit available.

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the

Threat Detection / Network SecurityIn 2024, ransomware attacks targeting VMware ESXi servers reach

Three Russian nationals have been indicted in the Northern District of Georgia for their alleged role as operators of cryptocurrency mixing (cryptomixer) services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on Dec. 1, 2024, roughly a year after Sinbad.io’s online infrastructure was seized as part of a coordinated law enforcement action among the Netherlands’ Financial Intelligence and Investigative Service, Finland’s National Bureau of Investigation, and the FBI. The third defendant, … More →

The post Alleged Blender, Sinbad cryptomixer operators arrested, indicted appeared first on Help Net Security.

A vulnerability was found in Imagination Technologies Graphics DDK up to 24.2 RTM2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component GPU System Call Handler. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-47897. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that is impacting some Microsoft 365 (M365) users. The problem, which surfaced earlier today, is preventing affected users from accessing certain M365 applications, raising concerns for businesses and individuals who rely on these services for essential operations. Microsoft flagged the issue via […]

The post Microsoft Warns of MFA Issue Affecting Microsoft 365 users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Imagination Technologies Graphics DDK up to 24.2 RTM2. It has been classified as critical. Affected is an unknown function of the component GPU Firmware. The manipulation leads to use of out-of-range pointer offset. This vulnerability is traded as CVE-2024-52937. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.