Aggregator

CyberAv3ngers利用AI寻找默认密码和漏洞，编写bash和Python脚本，增强攻击能力。

代码如同神秘的魔法，而掌握调试工具就是魔法师手中的魔杖。本周更新多节x64dbg 是一款开源、免费、功能强大的动态反汇编调试器，能够在 Windows 平台上进行应用程序的反汇编、调试和分析工作，特别

近日，Internet Archive 遭到了黑客攻击，被窃取了一个包含3100万条记录的用户认证数据库。 互联网档案馆（Internet Archive）是一家非营利性的数字图书馆，旨在提供免费、普

一概述CAN 协议即控制器局域网络 (Controller Area Network)简称，由研发和生产汽车电子产品著称的德国 BOSCH 公司开发，成为国际标准ISO11519以及ISO11898。

·SDC2024 议题预告 ·01Rust 的安全幻影：语言层面的约束及其局限性本议题深入分析了 Rust 编程语言的编译二进制文件及其现有的安全问题。Rust 语言的安全机制源自于其背后的约束，Ru

Thursday, October 10,

The Internet Archive said its site is still being knocked offline by hackers who allegedly stole da

GAO: SSA Fails to Meet Industry and Federal Electronic Verification System Goals
The Social Security Administration is facing criticism for failing to update its fraud prevention technology, leaving financial institutions and federal authorities at risk of missing synthetic identity scams, according to a new Government Accountability Office report.

Thomvest Ventures Leads Series B Funding to Support Privacy and Security Compliance
Relyance AI raised $32 million in Series B funding to grow its data governance platform. The funds will be used to scale operations, enhance real-time data visibility, and support enterprises in complying with complex global privacy regulations, ensuring responsible AI adoption across industries.

Impact Is "What We Would Have Hoped For," Says NCSC CTO Ollie Whitehouse
A British cybersecurity official touted Operation Cronos, an international operation against LockBit, saying multiple strikes aimed at the ransomware-as-a-service have disrupted its ability to recruit hackers. The operation has resulted in indictments, sanctions, and server takedowns.

Act Imposes Mandatory Patching for IoT Devices
The European Council on Thursday adopted security-by-design regulation that makes patching and vulnerability updates mandatory for connected devices. The regulation will ensure that "products with digital components are made secure throughout the supply chain and throughout their life cycle."

GAO: SSA Fails to Meet Industry and Federal Electronic Verification System Goals
The Social Security Administration is facing criticism for failing to update its fraud prevention technology, leaving financial institutions and federal authorities at risk of missing synthetic identity scams, according to a new Government Accountability Office report.

Thomvest Ventures Leads Series B Funding to Support Privacy and Security Compliance
Relyance AI raised $32 million in Series B funding to grow its data governance platform. The funds will be used to scale operations, enhance real-time data visibility, and support enterprises in complying with complex global privacy regulations, ensuring responsible AI adoption across industries.

Impact Is "What We Would Have Hoped For," Says NCSC CTO Ollie Whitehouse
A British cybersecurity official touted Operation Cronos, an international operation against LockBit, saying multiple strikes aimed at the ransomware-as-a-service have disrupted its ability to recruit hackers. The operation has resulted in indictments, sanctions, and server takedowns.

Act Imposes Mandatory Patching for IoT Devices
The European Council on Thursday adopted security-by-design regulation that makes patching and vulnerability updates mandatory for connected devices. The regulation will ensure that "products with digital components are made secure throughout the supply chain and throughout their life cycle."

A vulnerability classified as critical has been found in D-Link COVR-2600R FW101b05. Affected is the function sub_24E28 of the component Environment Variable Handler. The manipulation of the argument HTTP_REFERER leads to buffer overflow. This vulnerability is traded as CVE-2024-44674. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Code Generation Handler. The manipulation leads to injection. This vulnerability is known as CVE-2024-46076. The attack can only be done within the local network. There is no exploit available.