Ransomware attack hits leading heart surgery device maker
Ransomware attack hits leading heart surgery device maker
Aggregator
【附下载】2024数据安全 重大案例 官方视频 汇编
1 year 6 months ago
来源:重庆信通设计院天空实验室
本期摘要
文本要点:
16+ 大类
30+小类
涵盖医疗、生态、气象、测绘、软件开发、交通、地理、太空、外交、动画等多个领域
要点目录
一、弱口令类
案例1:运维测试账号未删除,内部数据在境外论坛被公开叫卖
案例2:对外公用邮箱维护不当,邮件数据被窃取
案例3:港口监控弱口令,导致目标海域被监控
二、头部企业类
案例1:14亿条腾讯用户数据被盗?有黑客公开称已窃取500GB数据库,腾讯回应称信息不实。专家指出,在AI技术下,历史数据安全风险仍然较大
三、生态领域
案例1:假借学术合作,窃取生态数据
案例2:拉拢引诱人员,窃取自然保护区各类数据
案例3:负责研发和运维的第三方公司违规采集、存储、处理生态环境相关数据
四、个人信息类
案例1:安徽合肥警方侦破特大侵犯公民个人信息案 贩卖个人信息超百万条
五、气象领域
案例1:数百非法气象站点被査处,向境外传输数据
六:医疗领域
案例1:西安警方侦破首例破坏医院计算机信息系统案
案例2:私自开发抢号软件牟利
案例3:窃取医院数据牟利
案例4:上海三甲医院医生泄露患者隐私信息,涉及211名患者信息和2人的裸照
案例5:医务人员泄露病患信息,被行政拘留
七、不正当竞争类
案例1:国内首例!涉数据抓取交易不正当竞争纠纷案终审宣判
八、黑客攻击类
案例1:招聘APP遭黑客攻击,300万条数据泄露
案例2:南昌某集团网络设备疑似被黑客远程控制,向境外传输大量数据
案例3:湖南某信息技术公司未履行数据安全保护义务被处罚
九、测绘领域
案例1:以合作为由,境外势力非法采集我国原始测绘数据
十、软件开发领域
案例1:境外组织通过SDK搜集我用户数据和个人信息
十一、交通领域
案例1:某国内信息公司为境外公司非法采集我国铁路数据
十二、地理空间领域
案例1:境外地图公司诱使境内人员地图“打卡”,非法采集敏感地理空间信息数据
十三、太空领域
案例1:提防“太空间谍”,我网民为间谍卫星“指路”
案例2:境外对我太空领域关键技术和数据的泄窃密风险
十四、航空领域
案例1:航空爱好者莫变为“窃密志愿者”
十五、外交领域
案例1:美国诬称中方购买美公民敏感数据
案例2:美调查中国联网汽车,言必称安全
十六:动画类
动画一:“安仔说国家安全”—— 数据安全篇
案例1:海事、航空领域,被诱骗安装AIS陆基基站(用于搜集船舶数据)、ADS_B信号接收设备(用于搜集飞机数据)
案例2:以咨询调查公司名义,搜集金融、生物、航运等领域信息
动画二:数据泄露:内部人员操作不当、网络攻击以及内鬼窃取
动画三:数据安全意识科普
动画四:小区数据大泄露
动画五:黑猫警长——数据安全篇
来源:重庆信通设计院天空实验室
网络伍豪
OpenAI 发布视频生成模型 Sora
1 year 6 months ago
OpenAI 正式发布了视频生成模型 Sora。该公司还开发了一个更快的版本 Sora Turbo。OpenAI 称用户能生成分辨率最高 1080p、最长 20 秒、宽屏、垂直或方形纵横比的视频。可在自己的资源上进行扩展、重新混合和融合,或从文本生成全新内容。Sora 的故事板工具让用户能精确指定每个帧的输入。
Balancing Security and Convenience With EV Charging
1 year 6 months ago
After years of quiet growth, the electric vehicle (EV) market has kicked into high gear, powered by sustainability trends, technology advances and increased consumer enthusiasm. Earlier this year, a team from Cornell created a new lithium battery that can charge in under five minutes, while maintaining stable performance over extended cycles of charging and discharging...
The post Balancing Security and Convenience With EV Charging appeared first on Security Boulevard.
Mike Nelson
CVE-2024-33861 | Qt release of reference
1 year 6 months ago
A vulnerability was found in Qt and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to release of reference.
This vulnerability is handled as CVE-2024-33861. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-12323 | turboSMTP Plugin up to 4.6 on WordPress page cross site scripting
1 year 6 months ago
A vulnerability has been found in turboSMTP Plugin up to 4.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting.
This vulnerability is known as CVE-2024-12323. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-11945 | Email Reminders Plugin up to 2.0.4 on WordPress id cross site scripting
1 year 6 months ago
A vulnerability, which was classified as problematic, was found in Email Reminders Plugin up to 2.0.4 on WordPress. Affected is an unknown function. The manipulation of the argument id leads to cross site scripting.
This vulnerability is traded as CVE-2024-11945. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-11928 | iChart Plugin up to 2.1.0 on WordPress width cross site scripting
1 year 6 months ago
A vulnerability, which was classified as problematic, has been found in iChart Plugin up to 2.1.0 on WordPress. This issue affects some unknown processing. The manipulation of the argument width leads to cross site scripting.
The identification of this vulnerability is CVE-2024-11928. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-11973 | Quran Multilanguage Text & Audio Plugin up to 2.3.21 on WordPress sourate/lang cross site scripting
1 year 6 months ago
A vulnerability classified as problematic was found in Quran Multilanguage Text & Audio Plugin up to 2.3.21 on WordPress. This vulnerability affects unknown code. The manipulation of the argument sourate/lang leads to cross site scripting.
This vulnerability was named CVE-2024-11973. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-11940 | Property Hive Mortgage Calculator Plugin up to 1.0.6 on WordPress price cross site scripting
1 year 6 months ago
A vulnerability classified as problematic has been found in Property Hive Mortgage Calculator Plugin up to 1.0.6 on WordPress. This affects an unknown part. The manipulation of the argument price leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-11940. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-11106 | Simple Restrict Plugin up to 1.2.7 on WordPress information disclosure
1 year 6 months ago
A vulnerability was found in Simple Restrict Plugin up to 1.2.7 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure.
This vulnerability is handled as CVE-2024-11106. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-10959 | Active Products Tables for WooCommerce Plugin up to 1.0.6.5 on WordPress Shortcode woot_get_smth code injection
1 year 6 months ago
A vulnerability was found in Active Products Tables for WooCommerce Plugin up to 1.0.6.5 on WordPress. It has been declared as critical. Affected by this vulnerability is the function woot_get_smth of the component Shortcode Handler. The manipulation leads to code injection.
This vulnerability is known as CVE-2024-10959. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-11868 | LearnPress Plugin up to 4.2.7.3 on WordPress REST API information disclosure
1 year 6 months ago
A vulnerability was found in LearnPress Plugin up to 4.2.7.3 on WordPress. It has been classified as problematic. Affected is an unknown function of the component REST API. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2024-11868. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-12397 | Quarkus-HTTP Cookie
1 year 6 months ago
A vulnerability was found in Quarkus-HTTP and classified as problematic. This issue affects some unknown processing of the component Cookie Handler. The manipulation leads to an unknown weakness.
The identification of this vulnerability is CVE-2024-12397. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-46455 | unstructured up to 0.14.2 XMLParser xml external entity reference
1 year 6 months ago
A vulnerability has been found in unstructured up to 0.14.2 and classified as problematic. This vulnerability affects unknown code of the component XMLParser. The manipulation leads to xml external entity reference.
This vulnerability was named CVE-2024-46455. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com
CVE-2024-9672 | PaperCut NG/MF up to 24.0 cross site scripting
1 year 6 months ago
A vulnerability, which was classified as problematic, was found in PaperCut NG and MF up to 24.0. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-9672. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Week 1: Breaking Patterns in Small Steps
1 year 6 months ago
Week 1: Breaking Patterns in Small Steps
CVE-2024-53441 | cookie-encrypter 1.0.1 index.js decryptCookie
1 year 6 months ago
A vulnerability, which was classified as problematic, has been found in cookie-encrypter 1.0.1. Affected by this issue is the function decryptCookie of the file index.js. The manipulation leads to an unknown weakness.
This vulnerability is handled as CVE-2024-53441. Access to the local network is required for this attack. There is no exploit available.
vuldb.com
CVE-2024-53919 | Barco ClickShare CX-20 up to 2.21.0 Web UI os command injection
1 year 6 months ago
A vulnerability classified as critical was found in Barco ClickShare CX-20, ClickShare CX-30, ClickShare C-5, ClickShare C-10 and ClickShare Core up to 2.21.0. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to os command injection.
This vulnerability is known as CVE-2024-53919. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
解决ova文件导入至vmware出现不可恢复错误的问题
1 year 6 months ago
解决ova文件导入至vmware出现的不可恢复错误的问题