Aggregator

新闻速览 •9项网络安全国家标准获批发布，2024年4月1日起施行 •2024 年第三季邮件安全态势观察：二维 […]

近日，海外网站更新了台湾苗栗地区的卫星影像数据，意外曝光台军目前正在整建位于台苗栗县西湖乡的原“胜利女神”导弹阵地。根据整建情况初步分析判断，该导弹阵地整建完成后将进驻“爱国者”防空导弹系统。

第四届全国开源情报技术大会（The 4th China Open Source Intelligence Technology Conference，COSINT 2024）将于2024年10月26日至27日在湖北武汉召开。

议题征集、观众报名持续火热进行中！

Critical Infrastructure Firms Are Hiring - and Paying Well
As digital transformation continues to reshape industries, the convergence of operational technology and cybersecurity has emerged as a critical area of focus. But there's a noticeable gap in the workforce. Professionals who truly understand both OT and cybersecurity are in short supply.

Justice Department Aiming to Emphasize Privacy and Security in AI Deployment
The U.S. Department of Justice is drafting new guidelines for law enforcement on the use of artificial intelligence and facial recognition tools to enhance public safety while safeguarding civil rights and ensuring ethical deployment, a senior official said Wednesday.

WestCap-Led Funding to Drive Click-Fraud Protection, Ad Integrity Expansion
Human Security's recent $50 million growth funding, led by WestCap, will drive the development of click-fraud defense and enhance advertising integrity solutions. CEO Stu Solomon aims to leverage the funding for scaling the engineering and data science teams, addressing emerging fraud threats.

Hotel Chain Also Settles with Federal Trade Commission
The world's largest hotel chain agreed Wednesday to pay $52 million and agree to two decades of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The multi-million payout is part of a settlement reached with 50 U.S. attorneys general.

Cyber Bill Says the Government Can't Use Information to Prosecute Victims
Ransom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require larger businesses to report ransom payments to the government.

Submit #415992 / VDB-173150

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-9792. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to replace the affected component with an alternative.

Submit #415991 / VDB-192236

Submit #415988 / VDB-173151

A vulnerability was found in Wireshark up to 4.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component ITS Dissector. The manipulation leads to missing initialization of a variable. This vulnerability is handled as CVE-2024-9780. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Wireshark up to 4.2.7/4.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component AppleTalk Dissector/RELOAD Framing Dissector. The manipulation leads to improper handling of missing values. This vulnerability is known as CVE-2024-9781. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #415532 / VDB-279945

A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-9790. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-9789. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.