Aggregator

error code: 521

HackerNews 编译，转载请注明出处： 美国卫生与公共服务部（HHS）民权办公室（OCR）提议对医疗机构实施新网络安全规定，以保护患者数据免受网络攻击。 该提案旨在修订1996年《健康保险流通与问责法案》（HIPAA），作为加强关键基础设施网络安全广泛行动的一环，OCR指出。 新规将通过升级HIPAA安全标准，强化电子保护健康信息（ePHI）的安全防护，以“更有效地应对医疗行业日益严峻的网络安全挑战。” 据此，提案要求医疗机构审查技术资产清单和网络图，识别电子信息系统潜在漏洞，并建立72小时内恢复特定电子信息系统及数据的流程。 其他关键条款包括：每年至少实施一次合规审计，确保静态及传输中的ePHI加密，强制采用多因素认证，部署反恶意软件保护，并清理电子信息系统中的冗余软件。 《拟议规则通知》（NPRM）还要求医疗实体实施网络分段，建立备份与恢复技术控制，至少每六个月进行一次漏洞扫描，及每年至少一次渗透测试。 此举措出台之际，医疗行业正频繁遭受勒索软件攻击，不仅造成经济损失，还因破坏诊断设备和患者医疗记录系统访问，危及患者生命。 微软2024年10月指出，医疗组织因存储高度敏感数据而成为勒索软件攻击目标，但更大风险在于可能承担的巨额财务赔偿。 勒索软件事件还导致周边医疗设施不堪重负，因急需治疗的患者涌入而无法及时响应。 据网络安全公司Sophos数据，2024年67%的医疗机构遭遇勒索软件攻击，较2021年的34%显著上升，主要归因于漏洞利用、凭证泄露及恶意邮件。 其中，53%的机构在数据被加密后支付了赎金以恢复访问，赎金中位数达150万美元。 同时，勒索软件攻击后的恢复时间也在延长，仅22%的受害者在一周内完全恢复，远低于2022年的54%。 Sophos首席技术官John Shier表示：“医疗信息的高度敏感性和对即时访问的需求，使医疗行业始终成为网络犯罪分子的攻击目标。遗憾的是，许多医疗组织准备不足，恢复时间不断延长。” 上月，世界卫生组织（WHO）将针对医院和医疗系统的勒索软件攻击视为“生死攸关”，呼吁国际社会共同应对这一网络安全威胁。   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability has been found in CVS and classified as very critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2004-0416. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Fully homomorphic encryption can safeguard highly sensitive health data related to rare diseases, underserved populations and clinical trials as it is shared with medical researchers, said Kurt Rohloff, co-founder and CTO of Duality Technologies, who said projects to apply it are underway right now.

Attackers Exploiting OS Command Injection Vulnerability
Hackers are exploiting a high-severity command injection vulnerability in Chinese-manufactured Four-Faith industrial routers. Typical customers of Four-Faith use the routers for remote monitoring, control systems, supervisory control and data acquisition networks.

2025 Is Likely to See Balanced Approach to AI Across Industries
The AI landscape is set to transform in 2025 with pragmatic approaches to implementation replacing the experimental fervor. This shift will span industries and developer ecosystems. Technologies will ride on the transformative power of AI and the responsibility that comes with it.

Hackers Targeted a PAN-OS Flaw Days After Its Disclosure
A suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage. UNC5325 activity aligns with the Chinese hacking strategy of targeting edge devices.

Treasury Tells Lawmakers Chinese Threat Actor Remotely Breached Agency Workstations
The U.S. Treasury Department notified lawmakers Friday that the agency was the victim of a major cyberattack in which Chinese-linked hackers gained access to unclassified documents after gaining access to remote workstations through a third-party software provider, BeyondTrust.

A vulnerability, which was classified as critical, has been found in Cisco IOS XE 17.13.1/17.13.1a. This issue affects some unknown processing of the component Protocol Independent Multicast Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-20464. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mono 2.10.8. It has been rated as problematic. This issue affects the function ProcessRequest of the component Error Message Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2012-3382. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Thekelleys Dnsmasq up to 2.32. Affected is an unknown function of the component Interfaces. The manipulation leads to denial of service. This vulnerability is traded as CVE-2012-3411. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Jan Kara Linux DiskQuota up to 3.0 and classified as critical. This issue affects the function hosts_ctl of the file rquota_svc.c of the component TCP Wrapper. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2012-3417. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

保护银行系统的稳健性和香港金融市场的完整性

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability has been found in Microsoft Virtual Machine 5.0.3805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Data Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2002-0867. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Microsoft Internet Explorer up to 6.0. It has been classified as critical. Affected is an unknown function of the component Remote Data Services. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2002-1142. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Microsoft Virtual Machine up to 5.0.3805. This issue affects the function com.ms.osp.ospmrshl of the component XML Handler. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2002-0865. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Microsoft Virtual Machine 5.0.3805. Affected is the function com.ms.jdbc.odbc.JdbcOdbc of the component Java Database Connectivity. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2002-0866. It is possible to launch the attack remotely. There is no exploit available.

剪映产品负责人张逍然离职；vivo 内部 MR 团队已达 500 人，原型机体验明年 9 月上线；英伟达计划 2025 上半年发布新一代人形机器人芯片 Jetson Thor

美团将在全国上线防疲劳机制12 月 30 日消息，美团骑手防疲劳机制已于今日在全国主要城市范围内启动上线工作。美团骑手收到的通知显示，跑单超过 8 小时会收到提醒，此后每隔一小时提醒一次；跑单 12