Aggregator

悬镜安全成功入选成为首批SBOM工作组成员单位，国家工业信息安全发展研究中心软件所所长潘妍、副所长邓昌义为首批成员单位颁发了证书。

Random主要围绕数字供应链定义及安全共识、数字供应链开源安全情报平台建设以及数字供应链开源安全情报应用实践三个方面展开阐述，干货满满！

日前，中国网络安全产业联盟（CCIA）公布了“2024年网络安全优秀创新成果大赛”获奖名单，国利网安“专项隔离 […]

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

A vulnerability has been found in Exnet Informatics Software Ferry Reservation System and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2024-7735. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads to sql injection. This vulnerability is uniquely identified as CVE-2024-9087. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. This vulnerability was named CVE-2024-9088. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. This vulnerability is traded as CVE-2024-9086. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well.

A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. This vulnerability is traded as CVE-2024-9080. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel up to 4.5.4. It has been rated as critical. This issue affects some unknown processing of the component BPF Subsystem. The manipulation leads to use after free. The identification of this vulnerability is CVE-2016-4558. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

AuditBoard announced extensions to its modern connected risk platform to help teams improve efficiency, foster collaboration, and increase the rigor and intentionality of their GRC management programs. Available immediately, these functionalities include: AuditBoard analytics enhancements include nine new out-of-the-box workflows to automate testing and analysis to help Audit and Internal Controls teams uncover risks faster, minimize routine tasks, and enable focus on higher-value initiatives. Risk appetite provides risk management teams with precise analysis against set … More →

The post AuditBoard’s risk platform enhancements empower teams to boost efficiency appeared first on Help Net Security.

A vulnerability has been found in Street Walker 0.0.1 and classified as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7044. The attack needs to be initiated within the local network. There is no exploit available.

MiSRC活动时间:10.1-10.13

MiSRC活动时间:10.1-10.13

MiSRC活动时间:10.1-10.13

MiSRC活动时间:10.1-10.13

Исследование показало, что многие образовательные платформы запрашивают чувствительные данные.

美国地方法院法官 Colleen McMahon 以故意侵犯版权和无视投诉为由命令 Library Genesis (Libgen) 向出版商赔偿 3000 万美元。但问题是没人知道谁在运营 Libgen，因此赔偿金可能永远也无法兑现。2017 年 Libgen 曾被勒令向出版商赔偿 1500 万美元。法官 McMahon 在最新裁决中批准了一项范围广泛的禁令，所有积极关注和参与 Libgen 的人都被禁止共享版权内容，禁止任何人托管、注册 Libgen 域名或提供云存储、文件共享或广告服务等。该禁令甚至禁止使用工具显示 Libgen 链接或链接到 Libgen 的浏览器扩展。