Червь в VSCode Marketplace: раскрыта масштабная атака на криптопроекты
Анатомия новой атаки от фейковых отзывов до троянов.
Aggregator
Submit #466241: codezips E-commerce Site v1.0 SQL Injection [Accepted]
8 months 1 week ago
Submit #466241 / VDB-288975
laowuzi
CVE-2024-12793 | PbootCMS up to 5.2.3 IndexController.php tag path traversal
8 months 1 week ago
A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal.
This vulnerability is handled as CVE-2024-12793. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency
8 months 1 week ago
The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020.
An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data
The Hacker News
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency
8 months 1 week ago
Privacy / Data ProtectionThe Dutch Data Protection Authority (DPA) on Wednesday fined video on-dem
CVE-2024-12792 | Codezips E-Commerce Site 1.0 newadmin.php email sql injection
8 months 1 week ago
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection.
This vulnerability is known as CVE-2024-12792. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #465779: Hangzhou Aoyun Technology Co. PbootcmsPHP enterprise website development and construction management system <5.2.4 Arbitrary file reading [Accepted]
8 months 1 week ago
Submit #465779 / VDB-288974
J1rrY
盛邦安全产品全面适配神通数据库V7.0,赋能信创生态与数据安全防护
8 months 1 week ago
盛邦安全
盛邦安全产品全面适配神通数据库V7.0,赋能信创生态与数据安全防护
8 months 1 week ago
近日,盛邦安全全线产品完成与神通数据库管理系统 V7.0 的兼容性适配,并获得产品兼容互认证书。这不仅是盛邦安全与主流国产数据库平台深度融合的重要里程碑,更是公司信创战略布局的重要组成部分,为进一步提升产品数据安全防护能力、满足行业多样化需求奠定了坚实基础。
在数字化转型浪潮中,数据已成为企业的核心资产。作为神舟通用公司推出的企业级大型通用数据库管理系统,神通数据库管理系统 V7.0 凭借其卓越性能为行业提供了强大的数据支撑。此次盛邦安全全系列产品与神通数据库 V7.0 完成适配,标志着双方携手构建了一套更全面、更强大的数据安全防护体系,精准满足不同行业在网络安全与数据管理方面的多样化与个性化需求。
此次合作不仅进一步拓宽了盛邦安全在政府、金融、电信、能源等关键领域的服务深度,也为行业提供了更多量身定制的安全解决方案。通过整合神通数据库的技术优势与盛邦安全的专业安全能力,将为行业用户的数字化转型与业务创新注入更强动能。
目前,盛邦安全产品已成功应用于党政机关、公共安全部门以及金融、电力能源、运营商、教育、交通、医疗等关键行业的数字化建设中,并发挥着越来越重要的作用。此次与神舟通用数据库平台实现无缝对接是盛邦安全深化信创生态布局的重要举措,对提升产品数据安全能力以及灵活应对行业客户的多元化需求具有重要意义。
未来,盛邦安全将继续以核心技术为驱动,以高品质安全产品和服务为支撑,积极推动产业高质量发展,坚定不移地服务于我国网络强国战略,为构建更加安全、有序的数字世界贡献力量。
盛邦安全
CVE-2024-12569 | Milestone Systems XProtect VMS prior 13.5a on Windows HikVision Camera Driver log file
8 months 1 week ago
A vulnerability classified as problematic has been found in Milestone Systems XProtect VMS on Windows. Affected is an unknown function of the component HikVision Camera Driver. The manipulation leads to sensitive information in log files.
This vulnerability is traded as CVE-2024-12569. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Submit #465715: codezips E-commerce Site v1.0 SQL Injection [Accepted]
8 months 1 week ago
Submit #465715 / VDB-288973
laowuzi
深耕网络安全 布局未来新领域——访盛邦安全董事长权小文
8 months 1 week ago
盛邦安全
深耕网络安全 布局未来新领域——访盛邦安全董事长权小文
8 months 1 week ago
权小文表示,未来,盛邦安全将利用自身在网络安全和卫星通讯安全领域的优势,联合相关单位打造低空经济领域安全解决方案。
在数字化转型的浪潮中,网络安全作为基石,其重要性愈发凸显,对于保护数据资产、维护社会稳定具有重大意义。近日,远江盛邦(北京)网络安全科技股份有限公司(以下简称“盛邦安全”)董事长权小文接受了记者的采访,就网络安全、低空经济以及数据资产入表等话题进行了深入探讨。筑牢网络安全防线
同时,构建网络空间地图也是当前网络安全领域的一个重要方向。网络空间被视为第五个空间,与地理空间平行存在,绘制网络空间地图有助于清晰地了解网络空间的疆域、防御对象以及与周边网络的关系,从而更有效地进行网络防御,实现挂图作战。这一领域的工作在国内有多家科研和产业化单位开始意识到其重要性,并逐步将其从概念转化为商业化项目。
在权小文看来,当前国内卫星互联网发展处于快速发展期,然而通信安全问题容易被忽略,因为纵观早期民用卫星网络通信基本处于“裸奔”状态。和目前互联网绝大部分协议都是加密协议不同,民用卫星很多都处于“裸奔”状态,很容易被截获和篡改,他呼吁正在进行的卫星互联网体系建设,关注通信安全。卫星互联网组网的复杂性、共享性比传统卫星网要高,因此对通信安全的要求更高。
权小文介绍,作为国内较早开展卫星互联网通信安全业务的企业,目前盛邦安全在这方面已经取得了显著的成果。一方面,通过不断的研究与实践,盛邦安全已经开发出了一系列具有自主知识产权的卫星通信安全产品,这些产品能够有效地防范各种网络攻击和威胁,保障卫星通信的顺畅与安全。另一方面,盛邦安全还积极与国内外知名的卫星通信运营商和设备制造商进行合作,共同推动卫星通信安全技术的发展与应用。
此外,在谈及低空经济时,权小文认为这是一个充满机遇与挑战的新兴领域。低空经济对于盘活数据经济、推动地方政府减负与经济发展具有重要意义。他表示:“随着国家逐步放开低空经济试点城市,低空经济将迎来快速发展的契机。”
权小文表示,未来,盛邦安全将利用自身在网络安全和卫星通讯安全领域的优势,联合相关单位打造低空经济领域安全解决方案。
抓住数据资产入表机遇
“从行业角度来看,数据资产入表尚处于初期阶段,很多企业对此仍持观望态度,对于如何具体操作以及数据资产的价值评估等方面存在困惑。一些企业认为,数据资产的质量参差不齐,难以确定其价值,因此不愿意投入资源进行数据资产入表的工作。此外,数据交易和数据资产确权等方面也存在一定的挑战,需要进一步完善相关法律法规和标准体系。”
“盛邦安全在数据资产入表方面进行了积极探索和实践。我们的数据资产入表实践始于对数据的深入加工和输出。我们通过SaaS化的平台,为客户提供分析、加工和售后的数据服务。这种商业模式不仅为用户提供了便捷的数据查询和分析工具,还实现了数据资产的变现。”
权小文强调他们采集的数据都是公开数据,并且经过了严格的加工和处理。同时,他们还积极与有关部门合作,确保自己的数据产品和服务符合相关法规和标准。
盛邦安全的数据资产入表实践正得到有关机构的认可和支持。这一举措不仅有助于推动数据资产入表的普及和应用,还将为盛邦安全带来了更多的商业机会和发展空间。
来源:新华财经
盛邦安全
Happy YARA Christmas!
8 months 1 week ago
Table of contentsWhat is YARA?YARA rules at Sekoia.ioRule creation processCustom t
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure
8 months 1 week ago
In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the United Kingdom, and Israel have issued an urgent warning about ongoing malicious cyber activities by advanced persistent threat (APT) actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). The advisory provides critical new details on tactics, techniques, and procedures (TTPs) […]
The post Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Balaji
CVE-2024-12791 | Codezips E-Commerce Site 1.0 signin.php email sql injection
8 months 1 week ago
A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection.
The identification of this vulnerability is CVE-2024-12791. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Netwrix 1Secure enhances protection against data and identity access risks
8 months 1 week ago
Netwrix released a new version of its SaaS platform, Netwrix 1Secure. The latest version builds on its existing security monitoring functionality with more robust access rights assessment and expanded security auditing capabilities to overcome the lack of control when relying only on native security tools in Microsoft 365. Netwrix 1Secure helps customers promote a secure IT environment with the following added functionality: Risky permissions identification in SharePoint Online. Reporting on permissions provides actionable insights to … More →
The post Netwrix 1Secure enhances protection against data and identity access risks appeared first on Help Net Security.
Industry News
Submit #465711: Codezips E-Commerce Site v1.0 SQL Injection [Accepted]
8 months 1 week ago
Submit #465711 / VDB-288971
laowuzi
CVE-2007-2645 | libexif up to 0.6.13 EXIF Information memory corruption (EDB-30024 / Nessus ID 27317)
8 months 1 week ago
A vulnerability was found in libexif up to 0.6.13. It has been rated as critical. This issue affects some unknown processing of the component EXIF Information Handler. The manipulation leads to memory corruption.
The identification of this vulnerability is CVE-2007-2645. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
什么?远控程序被黑客利用了?
8 months 1 week ago
部分第三方公司,为了方便运维,会在服务器部署远程软件或者是内网穿透工具,如果该供应链遭受打击,那么基本可以说G。所以无思路时,不妨考虑考虑远程软件。