Aggregator

意见反馈截止时间为2025年1月31日24:00前。

大数据时代，信息在网络空间发布、传播渠道愈发丰富多样。值得警惕的是，一些敏感信息在未经脱密处理、未经风险隐患评估的情况下，通过互联网公开传播，成为境外间谍情报机关获取开源情报的重要来源，对我国家安全构成威胁。

2024年11月20日，2024中国5G+工业互联网大会“5G+AI赋能新型工业化”分论坛在武汉市成功举办。会上，中国移动重磅发布了工业互联网行业首份聚焦人工智能安全的《AI+工业互联网安全解决方案白皮书》。

近日，全球领先的IT市场研究和咨询公司IDC发布《IDC Technology Assessment：中国安全大模型实测之安全运营，2024》（Doc#CHC52725024，2024年11月）报告。

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

The Foundation for Defense of Democracies has warned that Chinese-made LIDAR sensors could be weaponized for espionage

针对七大行业进行供需两端的市场及技术趋势分析。今天走进教育行业。

勒索防护新思路｜通过验证提升勒索防护能力

Группа специалистов становится на стражу целостности голосования.

Trying to hack Thermopro TP25

KDE 项目今年 8 月底宣布，从 Plasma 6.2 开始将在桌面环境中直接请求捐款。用户会在每年的 12 月看到一次系统通知，请求向非盈利组织 KDE e.V.捐款。开发者表示他们尽最大努力减少请求捐款的系统通知的恼人程度，通知很小且不显眼，容易关闭。关闭之后一年之后才会再次出现。用户也很容易永久关闭该通知。现在 12 月已经过去了一天，请求捐款的系统通知是否有效？开发者报告，非常有效，KDE e.V.在一天内收到的捐款两倍于之前一整个月收到的捐款。对社交网络上相关评论的跟踪显示，大部分用户对此都持正面态度，几乎没有差评。Kubuntu 和 Debian 等主流发行版尚未使用 Plasma 6.2 桌面，开发者猜测明年 12 月的情况可能会更好。

OpenAI正在考虑在ChatGPT中针对免费用户投放广告以平衡成本支出

A vulnerability was found in Netgear WGR614 V8/V9. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument "?") leads to improper input validation. This vulnerability is handled as CVE-2008-6122. The attack may be launched remotely. Furthermore, there is an exploit available.

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a full account takeover. The vulnerability, uncovered during a penetration testing exercise, hinges on misconfigurations within Salesforce Communities, particularly exploiting the Salesforce Lightning component framework. The implications of this vulnerability are severe, affecting both data security and privacy. Attackers could gain access […]

The post Salesforce Applications Vulnerability Could Allow Full Account Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

上周关注度较高的产品安全漏洞(20241125-20241201)

CNVD漏洞周报2024年第48期

官方紧急延长售油运营时间

A vulnerability has been found in Sun Solaris up to 7.0 and classified as critical. This vulnerability affects unknown code of the component profil. The manipulation leads to improper privilege management. This vulnerability was named CVE-1999-0674. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.