Alleged Data Breach of Multiple Cryptocurrency Platforms
Alleged Data Breach of Multiple Cryptocurrency Platforms
Aggregator
Critical FortiSIEM Vulnerability: CVE-2025-25256 Exploited in the Wild
1 week 1 day ago
Security teams worldwide are scrambling to address a critical vulnerability in Fortinet’s FortiSIEM platform that has already been exploited by […]
The post Critical FortiSIEM Vulnerability: CVE-2025-25256 Exploited in the Wild appeared first on HawkEye.
HawkEye
新态势·新实战 | CSOP 2025 网络安全运营实战大会在京开幕
1 week 1 day ago
8月21日,年度网络安全盛会——CSOP 2025网络安全运营实战大会在北京拉开序幕。本次大会以“新态势·新实战”为主题,吸引了来自政府机构、国央企、科研院所、顶尖高校、运营商、大型金融机构、互联网头部企业等多位安全专家,共同探讨了实战安全运营新策略,分享关键基础设施防护实战经验,合力构建更具韧性的安全防线。
中国计算机学会计算机安全专业委员会主任严明为大会致辞。
中国计算机学会计算机安全专业委员会主任严明
新态势下的新实战
实战在网络安全中居于核心地位,是检验防御体系有效性、提升应对能力的关键标志和终极目标。
"我们的安全运营面临八大硬核难题,包括钓鱼攻击、漏洞管理、海量告警、高质量日志缺失、凭证泄露与滥用、加密流量检测、攻防时间不对称以及不断扩大的攻击面。"微步在线创始人兼CEO薛锋说,想要解决这些问题,必须回归安全运营的本质,通过提升基础能力而非盲目追逐热点,才能实现安全能力的质变。
微步在线创始人兼CEO薛锋
实战的另一个表现,是攻击路径已经变得更复杂、更隐蔽、更出乎意料,想要在实战攻防演练中获得高分并非易事。对此微步在线技术合伙人赵林林认为,必须要做到有的放矢,准确识别并防范供应链环节风险点,利用情报收集、厂商协同、快速响应层出不穷的0day,并通过攻击行为与技术特征快速研判对手水平,消耗并压制对方攻势。
微步在线技术合伙人赵林林
具体到办公终端而言,微步在线技术合伙人黄雅芳表示,面对钓鱼木马、漏洞攻击以及合法凭据、工具的滥用,以EDR为代表的高级威胁对抗技术,也面临着理解复杂攻击行为不易准确理解、检测的实时性与准确性之间难以平衡、被致盲与绕过等困境,需要在安全运营中做到及时的检测响应、常态化的威胁狩猎、构建企业特有的检测能力。
微步在线技术合伙人黄雅芳
智能驱动,从被动应对到主动防御
在实战化安全建设与运营过程中,许多嘉宾不约而同的提到了主动二字。
“历年来,京东方信息安全工作都有总体方针指导。”京东方信息安全中心总监李楠说,京东方以资产安全为驱动,通过基础平台建设、功能完善、运营优化和效率提升四个阶段,构建了覆盖资产全生命周期的智能安全运营体系,驱动安全能力从被动防护向主动防御演进。
京东方信息安全中心总监李楠
金山云企业安全负责人刘鹏介绍了企业安全在梳理、评估、布防、演练、保障等阶段的要点。在他看来,网络攻击的新态势,是攻击频率加快、规模扩大,攻击手段更加多样、隐蔽,攻击目标转向集权、核心系统,攻击流程更加自动化、智能化,只有通过“主动防御+纵深防御”形态才能更好地抵御网络攻击。
金山云企业安全负责人刘鹏
顺丰科技网络安全总监梁博分享了甲方视角下的威胁情报&狩猎。顺丰通过构建以威胁情报为核心、威胁狩猎为关键手段的主动安全运营体系。并基于XDR理念,构建了检测响应安全工具链,在实战持续优化,初步形成安全运营驾驶舱,确保在攻防对抗中争夺并掌握制信息权,有效应对包括APT和0day在内的高级威胁,为公司业务保驾护航。
顺丰科技网络安全总监梁博
不过,在当前复杂的环境下,安全建设并非一蹴而就,而是要坚持长期主义。中信集团网络安全专家李显旭在分享《综合型集团企业办公防护体系建设探索》时表示,坚持安全长期主义,就是坚持可持续性的建设、可升级的安全体系和主动塑造的企业安全生态相结合,围绕终端安全的“投递—执行—控制”三阶段实施三步防护策略,以实现经济、有效、可控的集团化安全防护,推动安全建设从威胁驱动转向风险驱动。
中信集团网络安全专家李显旭
AI技术赋能,检测、响应降本增效
随着以人工智能为代表的新技术的广泛应用,攻防两端都随之发生改变,传统的网络安全防护思路在应对新型威胁时,或许已不再适用。
“传统SOC运营中,存在告警过载、响应延迟、标准化难度高及人才短缺等诸多痛点。”猿辅导信息安全负责人温飞表示,要建设基于大模型的智能运营三层架构:通过降噪层实现AI告警精准过滤,决策层构建人机协同研判机制,自治层执行安全边界内的剧本自动化响应。
猿辅导信息安全负责人温飞
对于AI的应用,中国科学院计算机网络信息中心高级工程师赵静表示,AI驱动的自演进网络安全不是简单的自动化或智能化,而是要构建一个以数据为燃料、以AI为引擎、以持续对抗为进化压力、以人机协同为控制中枢的动态有机体,能够自动优化监测策略,提升对高级隐蔽攻击的检测与智能处置能力。
中国科学院计算机网络信息中心高级工程师赵静
面对巨大的双向流量、多样化设备以及广大师生用户,清华大学校园网网络安全负责人姚星昆将运营思路概括为“四化”,即复杂的事情简单化,简单的事情标准化,标准的事情流程化,流程的事情自动化,通过动态、智能、自动化的安全运营,实现“策略设定-发现问题-处置问题-处置确认-优化策略”的完整闭环。
清华大学校园网网络安全负责人姚星昆
本届网络安全运营实战大会在北京站结束之后,将继续在上海、深圳举办,博采众智,再造一届安全运营实战技术交流盛会。
企业资讯
CVE-2024-50087 | Linux Kernel up to 6.1.113/6.6.57/6.11.4 btrfs read_alloc_one_name Name uninitialized pointer (Nessus ID 213018 / WID-SEC-2024-3289)
1 week 1 day ago
A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been classified as problematic. This affects the function read_alloc_one_name of the component btrfs. Performing manipulation of the argument Name results in uninitialized pointer.
This vulnerability was named CVE-2024-50087. The attack needs to be approached within the local network. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2024-50085 | Linux Kernel up to 6.11.4 mptcp_pm_nl_rm_addr_or_subflow use after free (Nessus ID 212784 / WID-SEC-2024-3289)
1 week 1 day ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.11.4. Impacted is the function mptcp_pm_nl_rm_addr_or_subflow. This manipulation causes use after free.
This vulnerability is registered as CVE-2024-50085. The attack requires access to the local network. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2024-50086 | Linux Kernel up to 6.1.113/6.6.57/6.11.4 ksmbd session_lock use after free (Nessus ID 213191 / WID-SEC-2024-3289)
1 week 1 day ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. This affects the function session_lock of the component ksmbd. Such manipulation leads to use after free.
This vulnerability is traded as CVE-2024-50086. Access to the local network is required for this attack to succeed. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2024-50084 | Linux Kernel up to 6.6.57/6.11.4 vcap_api_encode_rule_test use after free (20b5342de51b/170792097bb2/217a3d98d1e9 / Nessus ID 213018)
1 week 1 day ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.57/6.11.4. This impacts the function vcap_api_encode_rule_test. The manipulation leads to use after free.
This vulnerability is traded as CVE-2024-50084. Access to the local network is required for this attack to succeed. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2024-50083 | Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4 request_sock_subflow_v4 net/mptcp/protocol.c denial of service (Nessus ID 212953 / WID-SEC-2024-3289)
1 week 1 day ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4. Affected is an unknown function of the file net/mptcp/protocol.c of the component request_sock_subflow_v4. The manipulation results in denial of service.
This vulnerability is known as CVE-2024-50083. Access to the local network is required for this attack. No exploit is available.
You should upgrade the affected component.
vuldb.com
Russian Espionage Group Static Tundra Targets Legacy Cisco Flaw
1 week 1 day ago
Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos
Florida man gets 10 years in prison in first Scattered Spider sentencing
1 week 1 day ago
Noah Urban’s sentence stems from a broader conspiracy involving four other defendants who conducted attacks from September 2021 to April 2023.
The post Florida man gets 10 years in prison in first Scattered Spider sentencing appeared first on CyberScoop.
Greg Otto
Alleged Sale of RDWeb Access to an Unidentified Software Company in USA
1 week 1 day ago
Alleged Sale of RDWeb Access to an Unidentified Software Company in USA
Dark Web Informer
Warlock Ransomware Exploiting SharePoint Vulnerabilities to Gain Access and Steal Credentials
1 week 1 day ago
In recent weeks, the cybersecurity community has witnessed the rapid emergence of Warlock, a novel ransomware strain that weaponizes unpatched Microsoft SharePoint servers to infiltrate enterprise networks. Initial analysis reveals that threat actors exploit publicly exposed SharePoint instances via specially crafted HTTP POST requests, deploying web shells that grant remote code execution within the target […]
The post Warlock Ransomware Exploiting SharePoint Vulnerabilities to Gain Access and Steal Credentials appeared first on Cyber Security News.
Tushar Subhra Dutta
CIS Controls Ambassador Spotlight: Eric Woodard
1 week 1 day ago
The CIS Controls Ambassador program is an initiative of the CIS that focuses on enhancing the adoption of key cybersecurity best practices.
Prepping the Front Line for MFA Social Engineering Attacks
1 week 1 day ago
Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest security assets.
Paul Underwood
Claude Code Router远程命令执行漏洞
1 week 1 day ago
错误的CORS配置导致任意命令执行
已在v1.0.34版本中修复
https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c
透明人
生僻字
1 week 1 day ago
兔子洞系列:生僻字
透明人
播客学习方法分享
1 week 1 day ago
提高播客学习效率
透明人
AI推理对比
1 week 1 day ago
看着姜文新电影预告,想到一个问题考考AI:让子弹飞是导演几岁的时候拍的
透明人
他们叫这幸福
1 week 1 day ago
本文由ChatGPT编写
透明人
《不要因为走得太远而忘记为什么出发》
1 week 1 day ago
算书评?
透明人