Aggregator

全球首个具有法律约束力的人工智能（AI）国际框架公约

MeterSphere是一个一站式开源持续测试平台，它提供了测试跟踪、接口测试、UI测试和性能测试等功能。它全面兼容JMeter、Selenium等主流开源标准，助力开发和测试团队实现自动化测试，加速软件的高质量交付。

美国及其盟友已将发动全球关键基础设施攻击的幕后黑手确定为俄罗斯黑客组织（被追踪为Cadet Blizzard和Ember Bear），其幕后黑手是俄罗斯武装部队总参谋部第 29155 部队（又称 GRU）。 在今天发布的联合咨询报告中，俄罗斯 GRU 军事情报黑客被描述为 GRU 第 161 专科训练中心的“初级现役 GRU 军官”，由经验丰富的29155部队领导层协调，他们因于 2022 年 1 月在乌克兰部署 WhisperGate 数据擦除恶意软件而闻名。 该组织自 2020 年以来一直在策划针对整个欧洲的破坏和暗杀行动以及针对北约成员国以及北美、欧洲、拉丁美洲和中亚国家关键基础设施部门的网络攻击，并从 2022 年初开始转而破坏对乌克兰的援助努力。 今年 4 月，《内部人》与《60 分钟》和《明镜周刊》联合发表了 一项调查报告，报告将 GRU 的 29155 部队与哈瓦那综合症事件联系起来。 “自 2020 年以来，29155 部队扩大了他们的间谍技术，包括攻击性网络行动。29155 部队网络行动者的目标似乎包括为间谍目的收集信息、因窃取和泄露敏感信息造成的声誉损害、以及因销毁数据造成的系统性破坏。”今天发布的联合咨询报告称，“这些人似乎通过进行网络行动和入侵获得了网络经验并提高了他们的技术技能。此外，FBI 评估称，29155 部队的网络参与者依赖非 GRU 参与者，包括已知的网络犯罪分子和推动者来开展他们的行动。” 美国联邦调查局称，它检测到了超过 14,000 次针对至少 26 个北约成员国和几个欧盟 (EU) 国家的域名扫描实例。与俄罗斯 29155 部队有关的黑客破坏了网站并使用公共域名泄露被盗数据。 美国国务院宣布通过“正义奖励”计划悬赏高达 1000 万美元，奖励提供有关弗拉基米尔·博罗夫科夫、丹尼斯·伊戈列维奇·丹尼先科、尤里·丹尼索夫、德米特里·尤里耶维奇·戈洛舒博夫和尼古拉·亚历山德罗维奇·柯察金的信息，这五名俄罗斯军事情报官员据信是 GRU 29155 部队的成员。 美国国务院表示：“这些人是俄罗斯总参谋部情报总局（GRU）第 29155 部队的成员，该部队针对美国关键基础设施，特别是能源、政府和航空航天领域进行了恶意网络活动。这些 29155 部队 GRU 军官负责袭击乌克兰和数十个西方盟国的关键基础设施。” 五名 GRU 军官和平民阿明·蒂莫维奇（Amin Timovich，因 WhisperGate 攻击于 6 月被起诉）今天还因参与俄罗斯 2022 年 2 月入侵之前针对乌克兰和 26 个北约成员国的网络攻击而被指控。 美国政府敦促关键基础设施组织立即采取行动，包括优先进行系统更新和修补已知漏洞，以防御这些与 GRU 相关的网络攻击。 其他建议包括网络分段以遏制恶意活动，并对所有外部服务（特别是网络邮件、虚拟专用网络（VPN）和有权访问关键系统的帐户）实施防网络钓鱼的多因素身份验证（MFA）。 2022 年 2 月，在使用WhisperGate 擦除恶意软件、HermeticWiper 恶意软件和勒索软件诱饵对乌克兰进行攻击后，CISA 和 FBI 警告称，破坏性的恶意软件网络攻击可能会蔓延到其他国家的目标。 本周三，美国政府查封了与俄罗斯有关的 Doppelgänger 影响力行动使用的 32 个网络域名，这些域名用于针对美国公众传播虚假信息和亲俄宣传。   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/8cdbsI4EQexbQD7ulMkpjg 封面来源于网络，如有侵权请联系删除。

A vulnerability classified as critical has been found in NAVER nGrinder up to 3.5.8. This affects an unknown part of the component Delay Handler. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2024-28214. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.45/6.10.4. This affects the function irqfd_wakeup of the component privcmd. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2024-44957. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.45/6.10.4 and classified as problematic. This vulnerability affects the function i_lru of the component tracefs. The manipulation leads to improper initialization. This vulnerability was named CVE-2024-44959. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.4 and classified as critical. Affected by this vulnerability is the function vport_open of the component idpf. The manipulation leads to memory leak. This vulnerability is known as CVE-2024-44964. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Experts Say Orgs That Handle Highly Sensitive Health Info Are Targets of Attacks
Planned Parenthood of Montana, which provides patients with reproductive healthcare services including birth control and abortion, is responding to a hack and a threat by cybercriminal group RansomHub to leak 93 gigabytes of data allegedly stolen from the organization.

To achieve our goals, we need to communicate well with others. But, instead of engaging in healthy d

A vulnerability was found in Cisco CBOS. It has been classified as problematic. This affects an unknown part of the component TCP/IP Stack. The manipulation leads to uncontrolled memory allocation. This vulnerability is uniquely identified as CVE-2002-0886. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

error code: 1106

SSHamble是一款功能强大的SSH技术安全分析与研究工具，可以帮助广大研究人员更好地分析SSH相关的安全技术与缺陷问题。

新闻速览 •第二届网络空间安全（天津）论坛成功举办 •欧盟将开放签署一项具有法律约束力的国际性人工智能公约 • […]

A vulnerability was found in AjPortal2Php. It has been declared as critical. This vulnerability affects unknown code of the file includes/footer.inc.php. The manipulation of the argument PagePrefix leads to Remote Code Execution. This vulnerability was named CVE-2007-2142. The attack can be initiated remotely. Furthermore, there is an exploit available.

01 方案背景 随着物质文化生活水平的提高，人们对医疗服务便捷化、智能化的需求越来越迫切。智慧医疗作为以自动化 […]

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid

IntroductionLaravel is a popular PHP framework for developing and building web applications and API

A vulnerability classified as problematic was found in Adobe ColdFusion up to 8.1. This vulnerability affects unknown code of the file administrator/logviewer/searchlog.cfm. The manipulation of the argument startRow leads to cross site scripting. This vulnerability was named CVE-2009-1872. The attack can be initiated remotely. Furthermore, there is an exploit available.

VeilTransfer是一款功能强大的企业数据安全检测与增强工具，旨在帮助广大研究人员完成企业环境下的数据安全测试并增强检测能力。

Thanks to @sixtyvividtails who corrected a mistake I made in the earlier version of the pos