Aggregator

·SDC2024 议题预告 ·01Rust 的安全幻影：语言层面的约束及其局限性本议题深入分析了 Rust 编程语言的编译二进制文件及其现有的安全问题。Rust 语言的安全机制源自于其背后的约束，Ru

Thursday, October 10,

The Internet Archive said its site is still being knocked offline by hackers who allegedly stole da

GAO: SSA Fails to Meet Industry and Federal Electronic Verification System Goals
The Social Security Administration is facing criticism for failing to update its fraud prevention technology, leaving financial institutions and federal authorities at risk of missing synthetic identity scams, according to a new Government Accountability Office report.

Thomvest Ventures Leads Series B Funding to Support Privacy and Security Compliance
Relyance AI raised $32 million in Series B funding to grow its data governance platform. The funds will be used to scale operations, enhance real-time data visibility, and support enterprises in complying with complex global privacy regulations, ensuring responsible AI adoption across industries.

Impact Is "What We Would Have Hoped For," Says NCSC CTO Ollie Whitehouse
A British cybersecurity official touted Operation Cronos, an international operation against LockBit, saying multiple strikes aimed at the ransomware-as-a-service have disrupted its ability to recruit hackers. The operation has resulted in indictments, sanctions, and server takedowns.

Act Imposes Mandatory Patching for IoT Devices
The European Council on Thursday adopted security-by-design regulation that makes patching and vulnerability updates mandatory for connected devices. The regulation will ensure that "products with digital components are made secure throughout the supply chain and throughout their life cycle."

GAO: SSA Fails to Meet Industry and Federal Electronic Verification System Goals
The Social Security Administration is facing criticism for failing to update its fraud prevention technology, leaving financial institutions and federal authorities at risk of missing synthetic identity scams, according to a new Government Accountability Office report.

Thomvest Ventures Leads Series B Funding to Support Privacy and Security Compliance
Relyance AI raised $32 million in Series B funding to grow its data governance platform. The funds will be used to scale operations, enhance real-time data visibility, and support enterprises in complying with complex global privacy regulations, ensuring responsible AI adoption across industries.

Impact Is "What We Would Have Hoped For," Says NCSC CTO Ollie Whitehouse
A British cybersecurity official touted Operation Cronos, an international operation against LockBit, saying multiple strikes aimed at the ransomware-as-a-service have disrupted its ability to recruit hackers. The operation has resulted in indictments, sanctions, and server takedowns.

Act Imposes Mandatory Patching for IoT Devices
The European Council on Thursday adopted security-by-design regulation that makes patching and vulnerability updates mandatory for connected devices. The regulation will ensure that "products with digital components are made secure throughout the supply chain and throughout their life cycle."

A vulnerability has been found in Elaine Marketing Automation up to 6.18.17 and classified as problematic. This vulnerability affects unknown code of the file /system/interface/wrapper_dialog.php. The manipulation of the argument dialog leads to cross site scripting. This vulnerability was named CVE-2024-42831. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in D-Link COVR-2600R FW101b05. Affected is the function sub_24E28 of the component Environment Variable Handler. The manipulation of the argument HTTP_REFERER leads to buffer overflow. This vulnerability is traded as CVE-2024-44674. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Code Generation Handler. The manipulation leads to injection. This vulnerability is known as CVE-2024-46076. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in BlueCMS 1.6. This affects an unknown part of the file /admin/database.php?act=del. The manipulation of the argument file_name leads to denial of service. This vulnerability is uniquely identified as CVE-2024-45894. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Solidigm D7-P5500, D7-P5600, D5-P5316, D7-P5520, D7-P5620, D7-P5628, DC P4510, DC P4511, DC P4610, D5-P4320 and D5-P4326 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-47975. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability classified as problematic has been found in PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0. Affected is the function toUtf8 of the file src/PhpSpreadsheet/Reader/Security/XmlScanner.php of the component Excel Parser. The manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2024-45293. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.