Aggregator

A vulnerability classified as problematic has been found in Apple iOS and iPadOS. Affected is an unknown function of the component Private Relay Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-44246. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple Safari. Affected by this vulnerability is an unknown functionality of the component Private Relay Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-44246. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14.6/15.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is handled as CVE-2024-54495. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation PowerMonitor 1000 Remote. It has been rated as very critical. Affected by this issue is some unknown functionality of the component API. The manipulation leads to unprotected alternate channel. This vulnerability is handled as CVE-2024-12371. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical has been found in Rockwell Automation PowerMonitor 1000 Remote. This affects an unknown part. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-12372. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Databricks JDBC Driver up to 2.6.39. It has been classified as critical. This affects an unknown part of the component JNDI Handler. The manipulation of the argument krbJAASFile leads to injection. This vulnerability is uniquely identified as CVE-2024-49194. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Optimizely Configured Commerce up to 5.2.2407. It has been classified as problematic. Affected is an unknown function of the component Search History Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-56174. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Kafka up to 3.7.1/3.8.0. It has been declared as problematic. This vulnerability affects unknown code of the component SCRAM. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability was named CVE-2024-56128. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

网络攻击这件事，不是会不会发生的问题，而是何时发生的问题了。尽管如此，当数据泄露事件发生时，组织往往还是会措手不及；而且安全团队不是把重点放在降低风险以及防止组织进一步受损上，而是忙于处理那些原本可以

新闻速览•CNCERT发现并处置两起针对我国大型科技企业机构的网络攻击事件•美国商务部以“国家安全”为由，拟彻底封禁中国电信•《生成式人工智能服务安全应急响应指南》等两项网络安全标准实践指南公开征求意

In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation.

The post Leadership skills for managing cybersecurity during digital transformation appeared first on Help Net Security.

<p>We're back with another post about common malware techniques. This time, we are talking about using shared memory sections to inject and execute code in a remote process. This method of process injection uses Windows…</p>

December 19, 2024Over o

error code: 521

HackerNews 编译，转载请注明出处： 近日，欧盟委员会启动了新的调查，旨在查明 TikTok 是否违反《数字服务法案》，允许外国势力干涉近期罗马尼亚选举。 本月初，法院取消了总统选举第二轮投票，此前一名不明身份的独立候选人、普京崇拜者 Calin Georgescu 出人意料地领先。 根据解密的情报报告，选举前几周， TikTok 突然激活了成千上万个账户，委员会正依据这些报告展开调查。 欧盟委员会主席 Ursula von der Leyen 表示：“我们必须保护我们的民主免受任何形式的外国干涉。当我们怀疑有此类干涉，尤其是在选举期间时，我们必须迅速而果断地采取行动。” “在有严重迹象表明外国势力通过 TikTok 干预了罗马尼亚总统选举后，我们正在彻查 TikTok 是否因未能应对此类风险而违反了《数字服务法案》。在欧盟，所有在线平台，包括 TikTok ，必须对此负责。” 具体而言，调查将重点审查 TikTok 在政治广告和付费政治内容方面的政策，包括其推荐系统是否存在被有组织、有计划的操控，以及是否做了足够的工作来减少个别人试图在选举前影响公众舆论的风险。 显然，一些宣传 Calin Georgescu 的 TikTok 内容没有被标记为选举内容，违反了当地法律。 如果 TikTok 被发现违反了《数字服务法案》第 34(1) 条、第 34(2) 条和第 35(1) 条，可能会面临巨额罚款。该法案赋予监管机构权力，对违规公司处以全球年营业额 6% 的罚款。 这家公司已经因各种违规行为在美国和英国被罚款数千万美元。去年，爱尔兰数据保护委员会（DPC）要求其支付3.45亿欧元（约合3.68亿美元），因其在处理儿童用户信息时违反了《通用数据保护条例》（GDPR）。   消息来源：Infosecurity Magazine, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

OverviewRecently, NSFOCUS CERT detected that Apache issued a security announcement, fixing the

I was scammed by a user (that0therperson) a week ago. He sent me a website link that said

谈 AI 时代电商的思考、国际站的关键转型、以及中国外贸的新机遇。