Aggregator

Известная кибершпионская банда впервые применила вирус-вымогатель.

VMware 于 3 月 21 日向特拉华州地方法院起诉西门子美国子公司，指控这家工业巨头盗版了它的软件。VMware 称，自 2012 年 11 月 28 日起它就与西门子签署了 Master Software License and Service Agreement 协议。去年 9 月西门子向 VMware 寄去了一份维护和支持服务采购订单，寻求续订一年支持服务。但 VMware 发现西门子的清单包含了大量没有许可证订购记录的产品。为了避免西门子业务中断以及避免被告，VMware 同意了提供支持服务。诉讼称西门子抵制了 VMware 寻找在其系统上运行脚本以查明该公司运行多少 VMware 软件的尝试。

A vulnerability classified as problematic was found in WP To Do Plugin up to 1.3.0 on WordPress. This vulnerability affects the function wptodo_manage. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-3945. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in AffiEasy Plugin up to 1.1.7 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-4218. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in List Categories Plugin up to 0.4 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-4356. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WP To Do Plugin up to 1.3.0 on WordPress. This issue affects the function wptodo_settings. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-3947. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WP To Do Plugin up to 1.3.0 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-3946. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WPB Elementor Addons Plugin up to 1.0.9 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-3063. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Remote Content Shortcode Plugin up to 1.5 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2089. The attack may be initiated remotely. There is no exploit available.

The UK’s National Cyber Security Centre has released new guidance to help domain registrars enhance security

Submit #522504 / VDB-301502

在数字经济蓬勃发展的今天，数据正成为不法分子眼中的“数字黄金”。

工业和信息化部正式印发《工业互联网安全分类分级管理办法》（以下简称《办法》），旨在加强工业互联网安全分类分级管理，落实企业网络安全主体责任，提升安全防护水平，护航新型工业化高质量发展。 《办法》明确了工业互联网安全分类分级管理工作的统筹指导原则，地方工业和信息化主管部门及通信管理局负责本行政区域内的相关工作。 《办法》将工业互联网企业分为联网工业企业、平台企业、标识解析企业三类，并依据企业规模、业务范围、应用程度等要素进行自主定级，级别分为三级、二级、一级。企业需在定级要素变化时及时重新定级，并通过全国工业互联网安全分类分级管理平台进行信息登记，地方主管部门负责核查。 《办法》还规定了工业互联网企业的网络安全责任，包括按照相应标准规范落实安全要求、定期开展符合性评测、积极消除网络安全风险等。同时，工业和信息化部及地方主管部门需建立健全相关制度机制，加强监测预警、应急处置、安全检查等工作，企业应配合并建立自身网络安全管理制度。 此外，《办法》强调了对工业互联网安全的支持与保障措施，如加大人员经费投入、加强政策标准宣贯、培养人才、鼓励第三方机构开展安全服务等。