Aggregator

灵脉AI安全智能体震撼来袭，真正让“安全开发”变得智能高效！

当前访问出现环境异常错误，需完成验证后继续使用。

Octosuite Octosuite is an open-source lightweight yet advanced osint framework that targets GitHub users and organizations. With over 20+ features, Octosuite only runs on 2 external dependencies. And returns the gathered intelligence in a...

The post Octosuite: Advanced Github OSINT Framework appeared first on Penetration Testing Tools.

台检方以国家安全法国家核心关键技术营业秘密之域外使用等罪嫌，起诉工程师陈力铭、吴秉骏、戈一平 3 人，最重求刑 14 年。台积电表示，对任何违反保护营业秘密及损害公司利益的行为，始终秉持零容忍态度，绝对从严处理，并追究到底。三人中陈力铭已转职到日本 Tokyo Electron 的子公司。这名前台积电员工为了提升 Tokyo Electron 作为台积电开发的电路线宽 2 纳米的新一代半导体设备供应商的地位，拜托台积电的技术人员提供营业秘密。

The FBI has released new findings on a long-running cyber campaign that quietly infiltrated major U.S. telecommunications providers and critical infrastructure around the world. The campaign, carried out by a group of hackers linked to the Chinese government, is known as Salt Typhoon. According to federal officials, the operation has been active since at least […]

The post FBI Issues Updated Warning on Salt Typhoon’s Global Cyber-Espionage Operations appeared first on Centraleyes.

The post FBI Issues Updated Warning on Salt Typhoon’s Global Cyber-Espionage Operations appeared first on Security Boulevard.

A vulnerability was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. It has been rated as critical. This issue affects some unknown processing of the file /crm/wechatSession/index.php?msgid=1&operation=upload. This manipulation of the argument File causes unrestricted upload. The identification of this vulnerability is CVE-2024-11122. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Impacted is an unknown function of the file /crm/data/pdf.php. Such manipulation of the argument url with the input ../config.inc.php leads to path traversal. This vulnerability is referenced as CVE-2024-11123. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303, 8000-0002, PFC100 G1 0750-810x, xxxx-xxxx and PFC200 G1 750-820x-xxx-xxx. This impacts an unknown function of the component Docker Settings Setup. This manipulation causes missing authentication. This vulnerability appears as CVE-2024-41968. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303, 8000-0002, PFC100 G1 0750-810x, xxxx-xxxx and PFC200 G1 750-820x-xxx-xxx. Affected is an unknown function of the component Firmware Upgrade Handler. Such manipulation leads to missing authentication. This vulnerability is traded as CVE-2024-41967. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. Affected by this vulnerability is an unknown functionality of the component BACNet Service. Performing manipulation results in incorrect permission assignment. This vulnerability is known as CVE-2024-41974. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. It has been classified as critical. The affected element is an unknown function of the component File Handler. Performing manipulation results in path traversal. This vulnerability is identified as CVE-2024-41971. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. It has been declared as critical. The impacted element is an unknown function of the component File Handler. Executing manipulation can lead to path traversal: '.../...//'. This vulnerability is tracked as CVE-2024-41972. The attack can be launched remotely. No exploit exists.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. It has been rated as problematic. This affects an unknown function of the component File Handler. The manipulation leads to path traversal: '.../...//'. This vulnerability is listed as CVE-2024-41973. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002 and classified as problematic. Impacted is an unknown function of the component Diagnostic Data Handler. Such manipulation leads to incorrect permission assignment. This vulnerability is referenced as CVE-2024-41970. It is possible to launch the attack remotely. No exploit is available.

Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery

AI赋能：安全大模型重构安全运营

想了解大模型业务系统中的安全风险以及主要安全供应商都有那些？请查看这份研究报告

Link11 has achieved Payment Card Industry Data Security Standard (PCI-DSS) Level 1 certification. This is the highest level of security and compliance in the payment industry, which reinforces the company’s existing security standards. A uniform security framework now applies to all products and services across the entire group. “PCI-DSS Level 1 certification for our entire […]

The post Link11 achieves PCI DSS Level 1 and establishes uniform security standard appeared first on Link11.

Cybersecurity breaches often stem not from advanced exploits but from human error, misconfigurations, and routine mistakes. True resilience comes from designing systems that expect failure, leverage automation wisely, and foster a security-first culture through simulations, guardrails, and psychological safety.

The post Can We Really Eliminate Human Error in Cybersecurity?  appeared first on Security Boulevard.

文章指出网络安全的核心问题在于人类行为而非技术漏洞。人为错误如点击恶意链接、重复密码等是主要威胁。设计应考虑人类本能和压力下的反应，通过模拟攻击、自动化工具和红队演练提升安全性，并建立支持员工报告问题的文化环境。