Aggregator

一、境外厂商产品漏洞 1、Siemens Simcenter Nastran堆缓冲区溢出漏洞

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞378个，其中高危漏洞232个、中危漏洞126个、低危漏洞20个。

A vulnerability was found in Cisco Web Security Appliance up to 8.8. It has been classified as critical. This affects an unknown part of the component HTTP Response Code Handler. The manipulation leads to improper resource management (Memory). This vulnerability is uniquely identified as CVE-2016-1383. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Attackers can introduce a malicious document in systems such as Microsoft 365 Copilot to confuse the system, potentially leading to widespread misinformation and compromised decision-making processes.

Publicly exposed, critically vulnerable and highly privileged workloads are putting organizations a

A vulnerability classified as critical was found in Home Made Air Freshener 1.1. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7676. The attack can only be initiated within the local network. There is no exploit available.

NASA 于 10 月 14 日 12:06 p.m. EDT (1606 UTC)在佛罗里达肯尼迪太空中心使用 SpaceX 的 Falcon Heavy 火箭成功发射了欧罗巴快船（Europa Clipper），它将花费六年时间飞往木星卫星欧罗巴，调查其宜居性，为未来的登陆器挑选登陆地点。欧罗巴快船是 NASA 至今为行星任务建造的最大探测器。欧罗巴由伽利略于 1610 年发现，在已知的 95 颗木星卫星中，它的直径和质量第四大，它比月球小，主要由硅酸盐岩石构成，并具有水-冰地壳，可能是一个铁-镍核心。它有稀薄的大气层，主要由氧气组成；表面有大量裂缝和条纹，而陨石坑比较罕见，有在太阳系任何已知的固体物体的最光滑表面。已有证据表明其冰层下面存在一个地下海洋。欧罗巴被认为是太阳系中除地球之外最适宜生命生存的地方。探测器将于 2025 年 2 月利用火星和 2026 年 12 月利用地球的引力辅助，于 2030 年 4 月抵达目的地。

Узнайте, как новые теги и интеграции упрощают процессы.

Online scammers are targeting Booking.com and Airbnb users with Telekopye, a Telegram-based toolkit

Il Consiglio dell'Unione europea ha adottato "un nuovo regolamento sui requisiti di cibersicurezza p

A report finds a third (33%) of the cloud security incidents investigated by IBM Security X-Force researchers, involved phishing attacks to steal credentials, followed closely by 28% of incidents that involved attacks where cybercriminals had already obtained some type of valid credential.

The post IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals appeared first on Security Boulevard.

A vulnerability classified as critical has been found in TicketOne.it 2.2. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7674. The attack can only be done within the local network. There is no exploit available.

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on critical infrastructure in the UAE and wider Gulf region.  The group employs sophisticated techniques to gain unauthorized access and exfiltrate sensitive data, such as using a new backdoor to steal credentials via on-premises Microsoft Exchange servers by exploiting vulnerabilities like CVE-2024-30088 […]

The post OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

WARNING: This article discusses child sexual abuse material (CSAM).At first glan

尽管生成式人工智能被滥用于欺诈和深度伪造操作，网络安全公司Sophos在上周发布的一份报告中表示，该技术还可能被滥用，通过目标电子邮件传播定制的虚假信息。