Aggregator

CVE-2025-10718 | Ooma Office Business Phone App up to 7.2.2 on Android com.ooma.office2 improper export of android application components

Vuldb Updates
4 months 3 weeks ago
A vulnerability described as problematic has been identified in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. This vulnerability was named CVE-2025-10718. The attack needs to be approached locally. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10721 | Webull Investing & Trading App 11.2.5.63 on Android AndroidManifest.xml improper export of android application components

Vuldb Updates
4 months 3 weeks ago
A vulnerability classified as problematic has been found in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The identification of this vulnerability is CVE-2025-10721. The attack can only be executed locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10722 | SKTLab Mukbee App 1.01.196 on Android com.dw.android.mukbee AndroidManifest.xml improper export of android application components

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in SKTLab Mukbee App 1.01.196 on Android and classified as problematic. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. This vulnerability is cataloged as CVE-2025-10722. The attack must be initiated from a local position. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Last Week in Security (LWiS) - 2025-09-22

不安全
4 months 3 weeks ago
文章总结了近期网络安全新闻与技术进展,包括NPM重大漏洞、微软云身份验证漏洞、WebSocket安全测试工具及Linux内核漏洞等。同时介绍了EDR-Freeze、Linux Kernel Guard等工具与技术。

Cybersecurity jobs available right now: September 23, 2025

Help Net Security
4 months 3 weeks ago

Application Security Engineer PayPal | USA | On-site – View job details As an Application Security Engineer, you will apply security best practices to enhance and optimize systems, ensuring protection and efficiency, while beginning to understand and align security solutions with business objectives. Analyze and resolve security challenges by adapting standard processes and exploring alternative approaches to address threats. Application Security Testing Manager Netcracker Technology | UAE | On-site – View job details As an … More →

The post Cybersecurity jobs available right now: September 23, 2025 appeared first on Help Net Security.

Anamarija Pogorelec

HIPAA Business Associates - What’s Your Function?

TrustedSec
4 months 3 weeks ago
<p>Many teams working with health care providers receive requests to sign a Business Associate Agreement. In this blog, we break down HIPAA’s definition of a “Business Associate” to help you know if signing is necessary.</p>
Chris Camejo

在遭受网络攻击时,企业最需要的三大核心能力

不安全
4 months 3 weeks ago
文章强调了企业在面对网络攻击时需具备三大核心能力:实时可见性以快速掌握事态全貌、控制权以遏制攻击扩散、以及可靠的备份与恢复解决方案以确保可恢复性。通过提前部署这些能力,企业可在攻击发生时有效应对,将损失降至最低。

在遭受网络攻击时,企业最需要的三大核心能力

嘶吼
4 months 3 weeks ago

网络攻击发生的那一刻,倒计时便已开始。文件被锁定、系统陷入停滞、警报电话不断响起,压力瞬间飙升。每一秒都至关重要,后续的应对举措将直接决定结局——是成功恢复,还是陷入灾难。

在这样的紧急时刻,人们最需要的三样东西无疑是:清晰的局势认知、对攻击的控制权,以及可靠的救援保障。缺少它们,即便经验最丰富的IT团队或托管服务提供商(MSP),也可能在混乱中因局势不明而陷入被动,眼睁睁看着损失扩大。而有了这三者,人们就能果断行动,保护客户利益,将攻击造成的影响降至最低。 

现在就来了解,MSP与IT团队应在攻击发生前准备好哪三大关键能力。当混乱突袭时,充分的准备足以让“可控事件”与“彻底灾难”产生天壤之别。

1. 清晰认知:快速掌握事态全貌

网络攻击引发的第一波恐慌,往往源于“未知”。要彻底分清这是勒索软件攻击?钓鱼攻击?还是内部人员滥用权限?哪些系统已被攻陷?哪些仍安全?

若无法厘清局势,人们只能靠猜测应对。而在网络安全领域,猜测不仅会浪费宝贵时间,更可能让情况雪上加霜。因此,攻击发生时,首先需要的是“实时可见性”。人们需要借助合适的解决方案与流程,实现以下目标:

·即时检测异常:无论是异常登录行为、意外文件加密,还是反常的网络流量,都能第一时间察觉;

·呈现统一精准的视图:将分散在不同仪表盘上的警报整合,形成对事件的完整认知,而非碎片化信息;

·明确攻击影响范围:确定哪些数据、用户与系统已受波及,以及攻击已扩散到何种程度。

清晰的认知能将混乱转化为可控局面。凭借准确的信息,可迅速决策:需隔离哪些设备?需保护哪些数据?需立即关闭哪些系统?

那些能成功抵御攻击的MSP与IT团队,无一不是能迅速回答这些问题的佼佼者。

2. 控制权:阻止攻击扩散

厘清局势后,下一个关键需求便是“控制权”。网络攻击的设计初衷,就是通过横向移动、权限提升与数据窃取实现扩散。若无法快速遏制攻击,损失将呈倍数增长。

“控制权”意味着我们需具备以下能力:

·即时隔离受攻陷端点:切断受影响设备与网络的连接,防止勒索软件或恶意软件进一步扩散;

·按需撤销访问权限:若攻击者已盗用凭据,可立即关闭相关权限;

·自动执行安全策略:从拦截可疑进程,到阻止未授权文件传输,实现全流程自动防护。

这就像灭火:清晰认知告诉人们“火在哪里”,而控制权则让人们能“阻止火势吞噬整栋建筑”。

有效的事件响应计划也在此刻发挥关键作用。仅有工具远远不够,需要预先定义好团队角色、操作手册与升级路径,确保团队在高压下也能精准掌握控制权。

此外,拥有“集成化且易于管理的技术栈”也至关重要。攻击发生时,在多个系统间切换操作不仅危险,效率也极低。

通过单一界面可控的恢复功能越多,应对效果越好——所有功能集中管理,恢复过程会更快速、更简洁。其中,端点检测与响应(EDR)和扩展检测与响应(XDR)工具尤为关键。

3. 救援保障:确保可恢复性

即便实现了可见性与攻击遏制,网络攻击仍可能留下破坏痕迹——数据被加密、系统离线,客户也会因恐慌不断追问。此时,我们最需要的是一条能信赖的“救援保障”:它能帮你恢复一切,让组织重新运转。

这条“救援保障”,就是备份与恢复解决方案。但它必须能应对实时攻击的紧迫性,具备以下特性:

·不可变备份:确保勒索软件无法篡改用于恢复的数据;

·精细化恢复选项:不仅能恢复完整系统,还能在几分钟内找回关键文件与应用;

·自动化灾难恢复:在修复漏洞的同时,能在安全环境中快速启动所有工作负载。

最有力的防御,是确信无论攻击多严重,都能迅速恢复业务运营。这种确定性,既能恢复系统,也能重建信任。

对MSP而言,恢复能力是攻击后维系客户忠诚度的“生命线”;对企业内部IT团队而言,它则是避免业务陷入停滞的关键。

准备,是应对攻击的核心

网络攻击不是“会不会发生”的问题,而是“何时发生”的问题。一旦攻击来临,人们没有时间临时拼凑方案——清晰认知、控制权与救援保障,必须提前部署就绪,随时可启用。

这意味着我们需要:投入资源构建先进的监控与检测能力;制定经过验证的事件响应操作手册;部署专为“抗风险”设计的备份与恢复平台。

事实是,没有任何企业能阻止所有攻击,但所有企业都应提前做好面对攻击的准备。面对网络威胁,“准备与否”正是“成功恢复”与“陷入灾难”的唯一最大分野。

胡金鱼

CVE-2025-10231 | N-able N-central up to 2025.2 File default permission (EUVD-2025-27561)

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in N-able N-central up to 2025.2. It has been rated as critical. The affected element is an unknown function of the component File Handler. Performing manipulation results in incorrect default permissions. This vulnerability is known as CVE-2025-10231. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-10480 | SourceCodester Online Student File Management System 1.0 /save_file.php unrestricted upload

Vuldb Updates
4 months 3 weeks ago
A vulnerability labeled as critical has been found in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The identification of this vulnerability is CVE-2025-10480. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-10592 | itsourcecode Online Public Access Catalog OPAC 1.0 POST Parameter mysearch.php search_field/search_text sql injection

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in itsourcecode Online Public Access Catalog OPAC 1.0 and classified as critical. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument search_field/search_text leads to sql injection. This vulnerability is listed as CVE-2025-10592. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

Managed ad