Aggregator

基于函数选择和语义等价匹配的多函数同源漏洞检测技术

基于函数选择和语义等价匹配的多函数同源漏洞检测技术

研究背景：开源软件漏洞威胁软件供应链安全随着开源软件的快速发展，代码重用已经成为加速软件开发的常见手段。但是，如果被重用的代码中包含漏洞，则这些漏洞可能会被继承传播到其他软件中，从而导致下游软件出现同

New Non-Binding Recommendations Target Medical Device Makers, Software Developers
Manufacturers are eager to incorporate AI into a wide range of medical devices, from cardiac monitors that can spot developing heart problems to medical imaging systems that can find malignancies a radiologist might miss. The FDA released a new guidance this week on how to secure these devices.

CISA Urges IT and Design Sector Software Developers to Improve Cyber Hygiene
The Cybersecurity and Infrastructure Security Agency is urging the information technology and product design sectors to strengthen foundational cybersecurity practices throughout the software development life cycle by aiming to achieve a series of new sector-specific goals released on Tuesday.

Phylum's Product Delivers Real-Time Detection of Malicious Open-Source Packages
To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools to detect malicious open-source packages. The purchase strengthens Veracode's software composition analysis offering and enables faster, more reliable threat mitigation.

Hackers Use Updated Version of the Malware Plugin, Kaspersky Says
Hackers are deploying an updated strain of EagerBee malware to target internet service providers and government organizations in the Middle East, warn security researchers. EagerBee operates in memory and comes with advanced stealth and security evasion capabilities.

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Googl

Tor Browser 14.0.4 is now available from the Tor Browser download page and also from our distributio

你可能错过的新鲜事英伟达发布 RTX 50 系显卡1月6日，英伟达在 CES 2025 上发布 RTX 50 系列显卡，搭载 Blackwell 架构，支持 DLSS 4 和升级版帧生成技术，其中 R

引  言在数字化转型的浪潮中，工业领域正经历着前所未有的变革与创新。随着智能制造、工业互联网等新兴技术的蓬勃发展，工业系统的复杂性和互联性日益增强，这为工业生产带来了前所未有的效率与灵活性。然而，与此

揭示三大标准在保障工业网络安全方面的异同与优劣。

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.

Explore the invisible war being fought in cyberspace, where nations battle without traditional weapons. This comprehensive guide explains modern cyberattacks, their impact on global security, and how countries defend their digital borders in an increasingly connected world.

The post The Digital Battlefield: Understanding Modern Cyberattacks and Global Security appeared first on Security Boulevard.