Aggregator

本制度将于2025年6月1日开始试行。

本制度将于2025年6月1日开始试行。

本制度将于2025年6月1日开始试行。

本制度将于2025年6月1日开始试行。

Palo Alto Networks CTO Nir Zuk predicts Google's security push through its $32 billion buy of Wiz won't succeed, as customers are reluctant to buy multi-cloud tools from cloud vendors. Zuk details how adversaries use LLMs at scale and how Palo Alto is unifying SOC tools under its Cortex platform.

Incident Spotted in March 2024 Is Yet Another Attack Against Medical Billing Firms
A Nebraska-based firm that provides revenue cycle management and billing services to healthcare firms is notifying tens of thousands of people and an undisclosed number of companies that their personal, health and financial information was compromised in a March 2024 hack.

Also: Rapid7's Boardroom Shake-Up, China's Shift Tactical Cyber Shift
In this week's update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7’s boardroom shake-up led by activist investors, and China's shift from cyber espionage to infrastructure sabotage - driving key shifts in global cybersecurity strategy and resilience.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members’ private accounts and communications.

立即行动！保护您的Wazuh服务器免受远程代码执行攻击！

立即行动！保护您的Wazuh服务器免受远程代码执行攻击！

立即行动！保护您的Wazuh服务器免受远程代码执行攻击！

立即行动！保护您的Wazuh服务器免受远程代码执行攻击！

立即行动！保护您的Wazuh服务器免受远程代码执行攻击！

立即行动！保护您的Wazuh服务器免受远程代码执行攻击！

A vulnerability has been found in SurveyJS Form Library up to 1.10.3 and classified as problematic. This vulnerability affects unknown code of the file question_image.ts. The manipulation of the argument imageLink leads to cross site scripting. This vulnerability was named CVE-2024-36043. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. This vulnerability is traded as CVE-2024-5097. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in NixOS Nix up to 2.22.1. Affected by this vulnerability is an unknown functionality of the component Hash Cache Handler. The manipulation leads to code injection. This vulnerability is known as CVE-2024-36050. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Kiteworks Totemomail up to 7.0.0 and classified as problematic. This issue affects some unknown processing of the file /responsiveUI/EnvelopeOpenServlet. The manipulation of the argument envelopeRecipient leads to cross site scripting. The identification of this vulnerability is CVE-2024-28063. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Microsoft Edge 124.0.2478.109. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is traded as CVE-2024-30056. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.