Aggregator

办事处的网络流量和安全事件的监控怎么发现、及时的处置与响应？

ArmorCode宣布其ASPM平台的增长，能够统一AppSec和基础架构漏洞管理。 ArmorCode中基于风险的漏洞管理（RBVM）的持续创新使安全团队能够通过增强的优先级、自动化、资产和修复工作流来处理基础设施、云和应用程序中的漏洞，为企业提供全面的风险管理方法。 ArmorCode 提供了一个独立的治理层，可将多种扫描工具（包括基础架构和应用程序安全扫描仪）的发现整合到一个视图中。凭借先进的人工智能功能和无代码自动化，该平台简化了复杂的漏洞分流和修复过程，大大减少了企业管理多样化和广阔的安全环境所需的时间、精力和成本。 安全团队面临着一些严峻的挑战，包括基础设施和云资产的分散可见性、需要处理的漏洞数量过多、资产责任的所有权混乱、耗时的人工流程导致修复速度减慢等等。 ArmorCode 平台通过提供统一、全面的可见性，简化工作流程，以及利用人工智能驱动的自动化提供更快、更高效的漏洞管理，帮助团队克服这些挑战。 ArmorCode首席运营官马克-兰伯特（Mark Lambert）说：“当今的安全团队被越来越多的基础设施、云和应用资产中的大量漏洞所淹没。ArmorCode 的 RBVM 持续增长，提供了一个统一的、以风险为中心的视图，横跨所有漏洞来源，从而迎头解决了这一挑战。通过结合先进的人工智能和自动化，我们使基础设施和应用安全团队能够专注于最重要的事情，高效、大规模地修复关键漏洞，从而实施更有效的持续威胁暴露管理（CTEM）计划。” 传统的漏洞管理方法仅根据严重程度来确定漏洞的优先级，而ArmorCode则不同，它采用的风险评分模型结合了业务背景和威胁情报。这样，安全团队就能将精力集中在对企业构成最大威胁的漏洞上，从而降低风险敞口，提高运营效率。ArmorCode 与供应商无关的方法可确保来自任何扫描仪的发现都能在平台内进行关联和分流，从而为团队提供完整、准确的漏洞管理计划。 为进一步简化漏洞管理，ArmorCode 平台将基础设施和云资产提升为 RBVM 流程中的一等公民。通过关联多个来源的资产数据，ArmorCode 提供了准确、完整的资产可视性。 这使企业能够在基础设施、云、容器和应用程序的整个生态系统中跟踪漏洞，并通过将漏洞与资产所有者和责任直接关联，实现修复工作流程的自动化。这种以资产为中心的方法加强了优先级排序、修复和自动化，使团队能够进行更精确的漏洞管理，并更有效地关闭积压工作。 Key RBVM + ASPM 的主要优势包括： 统一的漏洞管理： 唯一真正跨基础架构、云、容器和应用程序集成漏洞管理的平台。没有其他 RBVM 提供商能以同样的方式将 AppSec 和基础架构安全结合到一个平台中，实现全面的企业级风险管理。 人工智能驱动的 RBVM： ArmorCode 已处理超过 100 亿个发现，也是唯一一家在数据量、多样性和验证方面支持 AI 功能（如 AI Correlation 和 AI Remediation）的供应商。这种可扩展性可帮助安全团队降低 MTTR、减少浪费并加快工作速度。 以资产为中心的自动化工作流： 在整个漏洞管理生命周期中，通过无代码自动化为团队赋能。其灵活性、以云和基础架构资产为中心的工作流程以及定制功能使 ArmorCode 能够适应任何企业的特定 RBVM 需求。 与供应商无关的洞察力： 提供准确、可靠的漏洞优先级排序，不受专有扫描仪的影响，实现厂商兼容。 ArmorCode ASPM 平台在统一应用安全与基础架构漏洞管理方面的进一步发展，顺应了客户对更高效的漏洞管理工具的需求，这些工具可减轻安全团队的负担，并在整个漏洞生命周期中提供可操作的洞察力。 ArmorCode平台拥有250多个集成和100亿个处理结果，为统一和管理跨内部部署和混合环境的漏洞提供了最全面的解决方案，使企业能够建立统一的CTE。     转自安全客，原文链接：https://www.anquanke.com/post/id/302071 封面来源于网络，如有侵权请联系删除

卫星和空间技术领导者 Maxar Space Systems 公司遭遇数据泄露。 “我们的信息安全团队发现，一名使用香港 IP 地址的黑客锁定并访问了 Maxar 系统，该系统中包含某些含有员工个人数据的文件。” “当我们在 2024 年 10 月 11 日发现这一情况时，我们立即采取了行动，以防止对系统的进一步未经授权的访问。尽管如此，根据我们的调查，黑客很可能在采取这一行动之前已经访问了系统中的文件大约一个星期。” 以下员工数据已被访问： 姓名 家庭住址 社会保险号 业务联系信息（电话、地址、电子邮件等） 性别 就业状况 员工编号 职位名称 聘用日期、角色开始日期，以及（如适用）终止日期 主管 部门 攻击者访问的文件不包含任何银行账户信息或出生日期。 Maxar 在发现这一问题后展开了调查，与网络安全专家和执法部门合作评估漏洞的范围，并确保受影响系统的安全。 这次攻击发生时，太空和国防领域正面临着不断升级的网络威胁，对手的目标是战略基础设施和敏感的人员数据。     转自安全客，原文链接：https://www.anquanke.com/post/id/302094 封面来源于网络，如有侵权请联系删除

The Zone returns: its gates have re-opened 17 years later, promising a journey like no other.Novemb

Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in PAN-OS. CVE-2024-0012 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management […]

由于微软修改了 Windows 11 的硬件需求，现有的 Windows 10 用户基本上无法直接升级到 Windows 11，而 Windows 10 即将于 2025 年 10 月终止支持，用户除非更换电脑，那么只剩下继续使用不再支持的操作系统（另一选择是安装 Linux 发行版），这将会增加他们的安全风险。微软对此的做法是用全屏广告不断轰炸用户，督促他们购买新 PC。

MITRE收集、分析了2023年6月至2024年6月之间披露3.1万个漏洞，并发布了2024年最危险的软件漏洞TOP 25名单。 该名单可以帮助企业评估企业基础设施的安全情况，MITRE表示：“如果企业的基础设施涉及相关的漏洞弱点，就可能受到未知黑客的攻击，包括全完接管系统、窃取数据或系统无法运行。” MITRE对3.1万个漏洞进行了详细地分析，并根据每个漏洞的严重性和利用频率进行评分，其中会重点关注添加到CISA已知利用漏洞（KEV）目录中的安全漏洞。MITRE强调，强烈建议审查列表上的漏洞类型，并指导其软件安全策略，防止软件生命周期中可能出现的严重漏洞。 以下是2022年CWE前25个最危险的软件漏洞列表：       转自Freebuf，原文链接：https://www.freebuf.com/news/415862.html 封面来源于网络，如有侵权请联系删除

A vulnerability was found in AIPHONE IX-MV, IX-MV7-HB, IX-MV7-HBT, IX-MV7-HW, IX-MV7-HWT, IX-MV7-HW-JP, IX-MV7-B, IX-MV7-BT, IX-MV7-W, IX-MV7-WT, IX-DA, IX-DAU, IX-DB, IX-DBT, IX-EA, IX-EAT, IX-EAU, IX-DV, IX-DVT, IX-DVF, IX-DVF-P, IX-DVF-L, IX-DVM, IX-DU, IX-DVF-RA, IX-DVF-2RA, IX-BA, IX-BAU, IX-BB, IX-BBT, IX-FA, IX-SSA, IX-SS-2G, IX-SS-2GT, IX-SS-2G-N, IX-BU, IX-SSA-RA, IX-SSA-2RA, IX-RS-B, IX-RS-BT, IX-RS-W, IX-RS-WT, IXW-MA, IX-SPMIC, IXG-2C7, IXG-2C7-L, IXG-DM7, IXG-DM7-HID, IXG-DM7-HIDA, IXG-DM7-10K, IXG-MK, IXGW-GW, IXGW-TGW and IXGW-LC. It has been classified as problematic. This affects an unknown part of the component Address Book Handler. The manipulation leads to insufficiently protected credentials. This vulnerability is uniquely identified as CVE-2024-39290. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in techfyd Sky Addons for Elementor Plugin up to 2.6.1 on WordPress and classified as problematic. Affected by this issue is the function save_options. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-11601. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in AIPHONE IXG-2C7 and IXG-2C7-L up to 2.03 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to insufficiently protected credentials. This vulnerability is known as CVE-2024-47142. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, was found in AIPHONE IX-MV, IX-MV7-HB, IX-MV7-HBT, IX-MV7-HW, IX-MV7-HWT, IX-MV7-HW-JP, IX-MV7-B, IX-MV7-BT, IX-MV7-W, IX-MV7-WT, IX-DA, IX-DAU, IX-DB, IX-DBT, IX-EA, IX-EAT, IX-EAU, IX-DV, IX-DVT, IX-DVF, IX-DVF-P, IX-DVF-L, IX-DVM, IX-DU, IX-DVF-RA, IX-DVF-2RA, IX-BA, IX-BAU, IX-BB, IX-BBT, IX-FA, IX-SSA, IX-SS-2G, IX-SS-2GT, IX-SS-2G-N, IX-BU, IX-SSA-RA, IX-SSA-2RA, IX-RS-B, IX-RS-BT, IX-RS-W, IX-RS-WT, IXW-MA, IX-SPMIC, IXG-2C7, IXG-2C7-L, IXG-DM7, IXG-DM7-HID, IXG-DM7-HIDA, IXG-DM7-10K, IXG-MK, IXGW-GW, IXGW-TGW and IXGW-LC. Affected is an unknown function of the component Request Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-31408. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in codelizarplugs Ultimate YouTube Video & Shorts Player With Vimeo Plugin up to 3.3 on WordPress. This issue affects the function get_setting of the component Setting Handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-11355. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in bplugins Easy Twitter Feed Plugin up to 1.2.6 on WordPress. This vulnerability affects the function etf of the component Shortcode Handler. The manipulation leads to authorization bypass. This vulnerability was named CVE-2024-10666. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in techfyd Sky Addons for Elementor Plugin up to 2.6.2 on WordPress. This affects the function save_options. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-11104. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Palantir sls-oracle-sidecar up to 0.543.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Endpoint. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-49588. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 13.6/14.6 and classified as critical. This issue affects some unknown processing. The manipulation leads to sandbox issue. The identification of this vulnerability is CVE-2024-44256. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to enforcement of behavioral workflow. This vulnerability was named CVE-2024-44255. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple visionOS. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to enforcement of behavioral workflow. The identification of this vulnerability is CVE-2024-44255. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple tvOS. Affected is an unknown function. The manipulation leads to enforcement of behavioral workflow. This vulnerability is traded as CVE-2024-44255. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple watchOS. Affected by this vulnerability is an unknown functionality. The manipulation leads to enforcement of behavioral workflow. This vulnerability is known as CVE-2024-44255. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.