志愿军女军人
战争不仅没有让女人走开,而且让女人走来
Aggregator
CVE-2014-8493 | ZTE ZXHN H108L 4.0.0d Zrq Gr4 access control (ID 129139 / EDB-35276)
9 months 3 weeks ago
A vulnerability classified as critical has been found in ZTE ZXHN H108L 4.0.0d Zrq Gr4. Affected is an unknown function. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2014-8493. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries
9 months 3 weeks ago
Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries Pierluigi P
Data Detection & Response (DDR): Not the Dance Revolution It Claims
9 months 3 weeks ago
In today’s cybersecurity landscape, protecting sensitive information is more critical than ever. Th
From Dreams to Reality: The Magic of 3D Printing, with Elle Hunt
9 months 3 weeks ago
I was in my mid-30s before I felt comfortable standing up in front of an audience and talking about technology. Come to think of it, "comfortable" isn't really the right word, as, frankly, it was nerve-racking. This, with my obvious bias as her father, makes it
Troy Hunt
CVE-2016-7992 | tcpdump up to 4.8.x Classical IP over ATM Parser print-cip.c cip_if_print memory corruption (RHSA-2017:1871 / Nessus ID 96844)
9 months 3 weeks ago
A vulnerability has been found in tcpdump up to 4.8.x and classified as critical. Affected by this vulnerability is the function cip_if_print of the file print-cip.c of the component Classical IP over ATM Parser. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2016-7992. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Exploding Hezbollah Pagers Not Likely a Cybersecurity Attack
9 months 3 weeks ago
Cybersecurity Experts Say Operatives Probably Intercepted Physical Supply Chain
It doesn't appear to be a cyberattack, security experts said of the hundreds of pagers that blew up Tuesday across Lebanon, an apparent salvo against Hezbollah militants by the Israeli government. "The only logical explanation is that explosives and a side channel for detonation was likely used."
It doesn't appear to be a cyberattack, security experts said of the hundreds of pagers that blew up Tuesday across Lebanon, an apparent salvo against Hezbollah militants by the Israeli government. "The only logical explanation is that explosives and a side channel for detonation was likely used."
Apple Moves to Dismiss Suit Against Spyware Firm NSO Group
9 months 3 weeks ago
iPhone Maker Seeks Voluntary Dismissal, Citing Concerns Over Sensitive Data Leaking
Apple has filed a motion to dismiss its lawsuit against NSO Group, citing concerns over the potential exposure of sensitive threat intelligence information. The tech giant believes continuing the lawsuit could compromise its ability to protect users and lead to the disclosure of sensitive data.
Apple has filed a motion to dismiss its lawsuit against NSO Group, citing concerns over the potential exposure of sensitive threat intelligence information. The tech giant believes continuing the lawsuit could compromise its ability to protect users and lead to the disclosure of sensitive data.
UK Orgs Tout Government Help in Ransomware Incidents
9 months 3 weeks ago
Former Royal Mail and Manchester University CISOs Talk Ransomware Response
Timely notification of ransomware incidents to British law enforcement agencies played a crucial role in understanding the threats and in developing mitigation strategies, the former security heads of Royal Mail and the University of Manchester said.
Timely notification of ransomware incidents to British law enforcement agencies played a crucial role in understanding the threats and in developing mitigation strategies, the former security heads of Royal Mail and the University of Manchester said.
Can CISA’s Federal Cybersecurity Alignment Plan Really Work?
9 months 3 weeks ago
Experts Warn Federal Cyber Strategies Increasingly Lack Accompanying Resources
The U.S. Cybersecurity and Infrastructure Security Agency has released a new plan to further align federal cybersecurity operations that experts say will likely face significant implementation roadblocks due to a lack of funding, leadership buy-in and technical resources.
The U.S. Cybersecurity and Infrastructure Security Agency has released a new plan to further align federal cybersecurity operations that experts say will likely face significant implementation roadblocks due to a lack of funding, leadership buy-in and technical resources.
As Geopolitical Tensions Mount, Iran's Cyber Operations Grow
9 months 3 weeks ago
Increasing attacks by the OilRig/APT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.
Robert Lemos, Contributing Writer
2024网安周 | 梆梆安全多元视角解读移动应用安全新路径
9 months 3 weeks ago
珠江水岸,南海之门。2024年国家网络安全宣传周于9月9日在广州南沙隆重举行。
网络安全为人民、网络安全靠人民。2024网安周开幕式、系列论坛、座谈会、主题日一场场引人注目、影响广泛的活动陆续展开,网络安全领域专家学者、从业人士以及致力于网安事业的高校师生、社会大众等齐聚一堂,共同展现出一幅全民行动、共同筑牢网络安全防线的生动画面。
个人信息保护分论坛
9月10日上午
梆梆安全 · 陈 露
9月10日上午,由中央网信办网络数据管理局指导,中国互联网协会主办的“个人信息保护分论坛”在广州南沙举行。政府部门、行业组织、互联网企业等相关单位共聚一堂,探讨当下个人信息保护的实践路径。广东省委网信办一级巡视员许华,中央网信办网络数据管理局数据安全监管处副处长王兆兴出席论坛并致辞。
梆梆安全陈露受邀在论坛上作主题为《监管驱动下的移动应用隐私合规建设》演讲,聚焦移动应用隐私合规监管态势,围绕高频问题剖析监管驱动下的移动应用隐私合规建设思路。
信息化时代,APP覆盖每一个人工作生活的方方面面,移动应用安全作为网络安全的重要组成部分,与人民群众的利益息息相关。随着国家个人信息保护体系不断完善,监管部门对个人信息保护的治理行动持续进行,移动应用安全治理也越来越受到应用开发者、运营者、使用者、包括监管者的高度重视。APP违规收集个人信息,强制、频繁、过度索取权限等问题依然是当下出现的高频问题,梆梆安全通过个人信息保护策略建设、合规融入开发阶段、移动应用隐私合规评估等动作助力个人信息保护。
网络安全博览会
9月11日上午
梆梆安全 · 刘 洋
9月11日上午,2024年国家网络安全宣传周网络安全博览会暨网络安全产品和服务供需洽谈会持续进行中,博览会作为国家网络安全宣传周重要活动之一,聚焦网络安全高质量发展主线,通过开展网络安全行业展示、业务洽谈、网安人才现场招聘,群众互动体验等多种形式,打造集行业交流、人才对接、科普宣传于一体的“新型博览会”。
梆梆安全刘洋作主题为《移动应用端到端全渠道的安全防护体系实践》演讲,针对当前移动端应用安全风险及移动应用安全事件提出的移动应用全渠道的整体安全建设防护体系,对移动应用端的数据安全和漏洞风险进行解析同时对移动应用端攻防对抗进行全渠道安全建设体系,聚焦移动应用的运营安全,通过全渠道的安全防护手段,保障移动应用的安全运营。
在2024年国家网络安全宣传周系列论坛、博览会等重要活动中,梆梆安全资深安全专家从多元视角与观众深入分享,吸引了众多行业监管、移动应用开发者、高校师生、媒体等驻足交流。未来,梆梆安全会继续深耕移动应用安全领域,助力大众增强网络安全防范意识,积极践行维护网络安全使命,合力共建网络强国。
梆梆安全
m00m world: A Cyberpunk MMO Redefining Mobile Gaming
9 months 3 weeks ago
m00m world: A Cyberpunk MMO Redefining Mobile GamingLaunched on IOS and Android, m00m World is a co
CVE-2007-2902 | Dokeos 1.8.0 my_progress.php course sql injection (EDB-3974 / XFDB-34468)
9 months 3 weeks ago
A vulnerability classified as critical was found in Dokeos 1.8.0. Affected by this vulnerability is an unknown functionality of the file main/auth/my_progress.php. The manipulation of the argument course leads to sql injection.
This vulnerability is known as CVE-2007-2902. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
再获认可!梆梆安全入选GoUpSec《邮件安全产品及服务购买决策参考》
9 months 3 weeks ago
9月10日,国内安全行业知名第三方权威机构——GoUpSec 正式发布2024年中国网络安全行业《邮件安全产品及服务购买决策参考》,从产品功能、应用行业、成功案例、安全策略等维度对各厂商邮件安全产品及服务进行调研了解,旨在帮助 CISO 拨开营销迷雾,提高市场能见度,全面了解潜在邮件安全战略合作合作伙伴。凭借在邮件安全领域深耕多年的防护技术与综合解决方案能力,梆梆安全被评为邮件安全“酷厂商”。
本次报告共收录7家国内网络安全厂商,共计11个安全产品及服务,具体成功实施案例17例,适用于政府、医疗、金融、互联网、国央企、能源、制造业、交通、教育等重点行业。梆梆安全自主研发的移动应用安全加固平台、应用安全测评平台、移动应用安全监测平台,凭借对邮件移动端的安全保障能力及差异化技术优势,经严格资质审核后成功入选,标志着行业与用户对梆梆安全技术成果的认可,也表明梆梆安全是值得信赖的邮件安全产品和服务供应商之一。
电子邮件是政府和企业沟通的主要渠道之一,同时也是多年来网络攻击和实战攻防演习的首要目标和媒介。随着生成式AI技术的普及,RaaS等勒索软件运营模式的流行,深度伪造等新的攻击手段和技术工具快速迭代,新型邮件攻击技术的应用给邮件安全工作带来了严峻的挑战。与此同时,针对远程/混合办公、移动办公、BYOD的移动端漏洞利用、恶意软件投放和数据泄露等威胁事件也频繁发生。
作为业界率先实现基于移动应用的VMP虚拟化保护技术、建立系统化移动应用安全保护技术体系的安全厂商,梆梆安全针对邮件安全系统项目提出了“应用加固+基线检测+威胁感知”的全面解决方案。以安全加固增强基础防范,针对Android、iOS、鸿蒙等多版本应用使用静态防护和动态防护加固技术;以安全测试夯实基线检查,对移动应用上线前进行安全检测,全方位检测应用中存在的代码安全问题;以风险监测增强运营防范,通过移动应用威胁感知平台,发现移动应用运行过程中可能遭受到的攻击与威胁,保护用户个人隐私信息安全及数据安全。
梆梆安全在网络安全技术上积极探索,围绕移动安全、物联网安全、数据安全、内容安全、安全服务帮助用户制定网络安全建设规划,构筑覆盖全网络环境的新型信息安全立体纵深防御系统,大幅提升企业安全能力水平。未来,梆梆安全将继续聚焦移动业务场景和安全需求,深耕安全技术创新,推进科技成果转化与落地,致力于为客户提供更稳定、更高效的安全产品、解决方案和安全服务,为国家网络安全发展贡献梆梆力量。
梆梆安全
Leading KOLs Web3 Marketing Agencies For Crypto Projects
9 months 3 weeks ago
Launching a new crypto project often necessitates engaging with top-tier Web3 marketing agencies to
CVE-2024-43985 | MagePeople Team Bus Ticket Booking with Seat Reservation Plugin up to 5.3.5 on WordPress cross site scripting
9 months 3 weeks ago
A vulnerability was found in MagePeople Team Bus Ticket Booking with Seat Reservation Plugin up to 5.3.5 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-43985. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-44047 | IDX Broker IMPress for Plugin up to 3.2.2 on WordPress cross site scripting
9 months 3 weeks ago
A vulnerability has been found in IDX Broker IMPress for Plugin up to 3.2.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-44047. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-43977 | Posimyth Plus Addons for Elementor Page Builder Lite Plugin cross site scripting
9 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Posimyth Plus Addons for Elementor Page Builder Lite Plugin up to 5.6.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2024-43977. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-43938 | Jeroen Peters Name Directory Plugin up to 1.29.0 on WordPress cross site scripting
9 months 3 weeks ago
A vulnerability classified as problematic was found in Jeroen Peters Name Directory Plugin up to 1.29.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-43938. The attack can be initiated remotely. There is no exploit available.
vuldb.com