Aggregator

Федеральные агентства получили строгие сроки для устранения киберугроз.

CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.  
 

CISA urges organizations to encrypt persistent cookies employed in F5 BIG-IP devices and review the following article for details on how to configure the BIG-IP LTM system to encrypt HTTP cookies. Additionally, F5 has developed an iHealth heuristic to detect and alert customers when cookie persistence profiles do not have encryption enabled. BIG-IP iHealth is a diagnostic tool that "evaluates the logs, command output, and configuration of a BIG-IP system against a database of known issues, common mistakes, and published F5 best practices" to help users verify the optimal operation of their BIG-IP systems.

CISA released twenty-one Industrial Control Systems (ICS) advisories on October 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-284-01 Siemens SIMATIC S7-1500 and S7-1200 CPUs
• ICSA-24-284-02 Siemens Simcenter Nastran
• ICSA-24-284-03 Siemens Teamcenter Visualization and JT2Go
• ICSA-24-284-04 Siemens SENTRON PAC3200 Devices
• ICSA-24-284-05 Siemens Questa and ModelSim
• ICSA-24-284-06 Siemens SINEC Security Monitor
• ICSA-24-284-07 Siemens JT2Go
• ICSA-24-284-08 Siemens HiMed Cockpit
• ICSA-24-284-09 Siemens PSS SINCAL
• ICSA-24-284-10 Siemens SIMATIC S7-1500 CPUs
• ICSA-24-284-11 Siemens RUGGEDCOM APE1808
• ICSA-24-284-12 Siemens Sentron Powercenter 1000
• ICSA-24-284-13 Siemens Tecnomatix Plant Simulation
• ICSA-24-284-14 Schneider Electric Zelio Soft 2
• ICSA-24-284-15 Rockwell Automation DataMosaix Private Cloud
• ICSA-24-284-16 Rockwell Automation DataMosaix Private Cloud
• ICSA-24-284-17 Rockwell Automation Verve Asset Manager
• ICSA-24-284-18 Rockwell Automation Logix Controllers
• ICSA-24-284-19 Rockwell Automation PowerFlex 6000T
• ICSA-24-284-20 Rockwell Automation ControlLogix
• ICSA-24-284-21 Delta Electronics CNCSoft-G2

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

The Baldrige Award was redesigned earlier this year to focus on organizational resilience.

本周，互联网网络安全态势整体评价为良。

韩国女作家韩江获得 2024 年度的诺贝尔文学奖，以表彰她用强烈的诗意散文直面历史创伤，揭示人类生命的脆弱。韩江毕业于韩国延世大学的国文系。1999 年曾获得韩国小说文学奖。目前任教于首尔艺术大学文艺创作学系。韩江是首位亚洲女性诺贝尔文学奖得主，也是继2000年诺贝尔和平奖得主、时任韩国总统金大中后第 2 位韩国籍诺贝尔奖得主。她的作品包括：《玄鹿》、《素食者》、《失语者》、《少年来了》、《白》、《不做告别》，小说集《植物妻子》和诗集《把晚餐放进抽屉里》。其中《少年来了》的背景是光州事件。

A vulnerability was found in ChurchCRM 4.5.3. It has been rated as critical. This issue affects some unknown processing of the file /churchcrm/EventAttendance.php. The manipulation of the argument Event leads to sql injection. The identification of this vulnerability is CVE-2023-24787. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability was found in za-internet C-MOR Video Surveillance 5.2401/6.00PL01. It has been classified as critical. Affected is an unknown function of the file settimezone.pml of the component Web Interface. The manipulation of the argument city leads to os command injection. This vulnerability is traded as CVE-2024-45179. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in LemonLDAP::NG up to 2.19.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component OAuth2 Client Authentication. The manipulation of the argument client_password leads to improper authentication. This vulnerability is known as CVE-2024-45160. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nagios Nagios-plugins up to 2.4.4. It has been rated as problematic. Affected by this issue is the function check_by_ssh. The manipulation of the argument ProxyCommand/LocalCommand/PermitLocalCommand leads to command injection. This vulnerability is handled as CVE-2023-37154. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in oath-toolkit up to 2.6.11 and classified as critical. This issue affects the function oath_authenticate_usersfile of the file liboath/usersfile.c of the component pam_oath.so. The manipulation leads to symlink following. The identification of this vulnerability is CVE-2024-47191. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

仅一周时间，威胁猎人就监测到被泄露的企业员工账号数量超400万，涉及社交、电商、教育等行业近20万家企业。

Федеральные агентства раскрыли преступные схемы, которые направлены на уязвимые слои населения и добродушных жителей.

火山引擎助力企业提升IT管理效能

涵盖CUPS打印系统、恶意软件虚拟化、Exchange PowerShell等多领域漏洞，以及Active Directory检测、Zimbra邮件平台远程命令执行等关键威胁

Почему поиск работы становится невыполнимой миссией?