Aggregator

这是全球首起将通信设备武器化并进行大规模实战运用的事件

2024年9月17日，中东地区的黎巴嫩出现一起非常规袭击事件，真主党成员使用的寻呼机在黎巴嫩各地同时引爆，造成多人伤亡。事件还没有确定的调查结论，奇安信威胁情报中心综合网上现有的公开信息整理寻呼机爆炸事件背后可能的攻击手段。

anecdotes has launched Anecdotes Trust Center, a centralized platform for companies to effortlessly share compliance and security information and documentation with prospects, customers, and partners. Reflecting the company’s real-time security and compliance posture, the Trust Center enables companies to decide exactly what information and documentation to share, and to what extent. This helps accelerate the sales cycle by streamlining the security review process. Sales teams can give prospects access to essential documentation early in the … More →

The post Anecdotes Trust Center simplifies compliance and security documentation sharing appeared first on Help Net Security.

A vulnerability classified as critical has been found in FirmWorX 0.1.2. This affects an unknown part of the file modules/bank/includes/design/main.inc.php. The manipulation of the argument fm_data[root] leads to file inclusion. This vulnerability is uniquely identified as CVE-2007-2891. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Get familiar with industry-standard tools and methodologies to identify, understand, and detect malware threats.

A vulnerability classified as critical was found in Apple macOS up to 10.12.3. This vulnerability affects unknown code of the component tcpdump. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-8574. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

30 способов обвести выгодную жертву вокруг пальца.

The suspected creator of Ghost, an encrypted communication platform allegedly used by organized crime groups worldwide, has been arrested

Почему сканеры видят то, чего нет и не находят то, что нужно?

A vulnerability classified as critical has been found in Halgame DK ONLINE Beta 1.0.2. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-6827. Access to the local network is required for this attack to succeed. There is no exploit available.

欢迎报名

根据多位专家和美国官员的分析，真主党成员使用的寻呼机很可能在生产或运输环节被植入了微型爆炸装置。这些装置在特定时间被远程触发，导致寻呼机爆炸，造成人员伤亡。这是一种典型的供应链攻击。

看雪论坛作者ID：ngiokweng

The U.S. Department of Treasury issued new sanctions against five executives and one entity linked to the Intellexa Consortium. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued new sanctions against five individuals and one entity associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware. The […]

Rapid7 has unveiled Vector Command, a fully-managed offensive security service. Vector Command combines the external attack surface assessment capabilities of Rapid7’s recently launched Command Platform with continuous Red Teaming services by its internal experts to help customers identify and validate IT security posture weaknesses from an attacker’s perspective. As the attack surface expands through shadow IT, cloud resources, SaaS solutions, and more, security leaders must maintain visibility of their organization’s internet-facing assets and the security … More →

The post Rapid7 launches Vector Command for continuous red teaming and security gap identification appeared first on Help Net Security.