Aggregator

打红框的地方按照自己实际存储桶的位置来填写。比如北京是cn-north-1，宁夏是cn-northwest-1节点的S3 Endpoint填写s3.cn-north-1.amazonaws.co...

jeepay v2.4.0反射型xss+存储型xss分析

极客大挑战 web week3&week4

记一次Go SSTI打SSRF到任意文件读

WuCup 第一届“吾杯”网络安全技能大赛 WriteUp

Apache NiFi 高版本命令执行利用

某省移动网络安全技能竞赛决赛 个人赛第一名wp

This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data

Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include:

• The Canadian Centre for Cyber Security (CCCS).
• United Kingdom’s National Cyber Security Centre (NCSC-UK).
• New Zealand’s National Cyber Security Centre (NCSC-NZ).
• Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC).

Cyber threats to user privacy and data are growing, requiring customers to evaluate their processes for acquiring products and services from technology manufacturers. Proactive integration of security mitigations into the procurement process can assist in managing risks present within the technology supply chain and reduce costs for organizations. This guidance aids procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design. This is an update to previously released guidance (Secure by Design Choosing Secure and Verifiable Technologies).

CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.

Cisco released security updates to address a vulnerability in Cisco NX-OS software. A cyber threat actor could exploit this vulnerability to take control of an affected system. 

CISA encourages users and administrators to review the following advisory and apply the necessary updates:

• Cisco NX-OS Software Image Verification Bypass Vulnerability

CISA released two Industrial Control Systems (ICS) advisories on December 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software
• ICSA-24-340-02 Planet Technology Planet WGS-804HPT

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.