Aggregator

当前，2021 年 SolarWinds 供应链攻击事件的影响尚未消退，2024年9月的黎巴嫩寻呼机爆炸事件再次以供应链安全问题震惊了全球。中国是全球供应链的重要参与者，但自2018年中美经贸摩擦开始

新闻速览•全国数据标准化技术委员会成立•国家数据局召开公共数据资源开发利用工作部署会议•3.1亿欧元！LinkedIn因违规处理用户数据遭受史上最大罚单•最高判6年！四名REvil勒索软件组织核心成员

A vulnerability, which was classified as problematic, has been found in Oracle E-Business Suite 11.5.7. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2004-1367. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in Apple tvOS up to 10.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Kernel. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-2401. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. [...]

A Threat Actor Has Allegedly Leaked 17.5 Million Lines of Optavia

DarkRaaS is Allegedly Selling the Database of Zanko Sdn Bhd

Handling large volumes of sensitive data in testing environments is challenging. You need to protect customer information, financial records, and other confidential data without compromising security or violating regulations. At the same time, you have to keep data relationships intact and make sure testing accurately reflects real-world scenarios. The risks multiply when data moves between […]

The post Test Data Management Best Practices: Handling Sensitive Data Across Multiple Databases first appeared on Accutive Security.

The post Test Data Management Best Practices: Handling Sensitive Data Across Multiple Databases appeared first on Security Boulevard.

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight […]

The post Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files appeared first on Microsoft Security Blog.

Authors/Presenters:Chloé Messdaghi, Kasimir Shulz

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – Got 99 Problems But Prompt Injection Ain’t Watermelon appeared first on Security Boulevard.

新开《信息系统安全》系列专业知识分享，希望这些基础知识对大家有所帮助！

Hiken Allegedly Has Leaked Source Code of Symphoenix SIMRS

A vulnerability classified as critical has been found in Apple watchOS up to 3.1. This affects an unknown part of the component Kernel. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-2401. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

真实，就是力量

Telegram и другие платформы стали «клеем» для токсичного контента.

In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum.