Aggregator

如何获得本次直播的参会提醒？

How CIOs and CISOs Can Navigate With Balance
Tariff wars may hit technology leaders hard in 2025 as the Trump administration's 10% import tax, plus reciprocal tariffs, spikes costs. CIOs and CISOs face supply chain disruption and heightened cyber risks. But they can adapt with cloud shifts, smart deals and better advocacy.

Rising Attacks Mask Lowering Profits, Attention Economy Competition
Ransomware groups' collective power to command victims' attention and compel extortion is waning, notwithstanding the disruption and chaos that continues to be their hallmark. The criminal underground powering ransomware is a world in flux where old, established groups are giving way to new brands.

Gartner's Pete Redshaw on Why the CISO or CRO Should Take the Lead
Cybersecurity, IAM, fraud and compliance will converge across financial institutions in the next five to six years. This transformation will follow a phased path, beginning with data integration, followed by tool alignment and eventually team restructuring.

Hoxhunt Predicts Phishing-as-a-Service Will Adopt AI Spear Phishing Agents
AI surpassed human red teams in crafting phishing attacks, at scale and with alarming success, asserts research from cybersecurity training firm Hoxhunt. The company's proprietary AI spear phishing agent, outperformed human counterparts by 24%, a turnaround from a31% deficit in 2023.

Analysts Praise FedRAMP's Speed Goals, but Worry About Unclear Execution Details
The General Services Administration is aiming to speed up cloud approvals by automating security assessments for FedRAMP, but experts tell Information Security Media Group that key questions remain on its execution, with concerns over vague directives and the impact on existing processes.

Hackers Use Credential Stuffing to Steal AU$500,000, Breach 20,000 Member Accounts
Australia's largest pension funds faced coordinated credential attacks last week that compromised thousands of user accounts and led to the theft of at least AU$500,000 from four superannuation accounts. The affected funds included AustralianSuper, Rest and Australian Retirement Trust.

A vulnerability classified as problematic has been found in bdthemes Element Pack Elementor Addons Plugin up to 5.5.3 on WordPress. This affects an unknown part of the component Trailer Box Widget. The manipulation of the argument element_pack_wrapper_link leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-1428. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is handled as CVE-2024-3426. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in EginDemirbilek Northstar C2 1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-28741. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability was named CVE-2024-3428. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-3427. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

新闻速览 •滥用AI技术非法获取系统数据发送骚扰短信，大学生胡某被抓获 •一批低俗炒作娱乐明星信息的违法违规账 […]

安全牛3月28日发布的《后量子密码安全能力构建技术指南（2025版）》研究报告，深入阐述了后量子密码技术在现阶 […]

疑似GanbRun黑产团伙使用商用终端管理软件

现代汽车将购买数万台波士顿动力机器人；为规避关税，消息称苹果公司将从印度组装工厂进口更多 iPhone 至美国以降低成本；小米公司发言人：有关小米 SU7 保险相关的谣言被有组织地扩散传播，已向公安机关报案

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /edit-computer-detail.php. The manipulation of the argument compname leads to sql injection. This vulnerability is traded as CVE-2024-30983. The attack needs to be initiated within the local network. There is no exploit available.