Aggregator

A vulnerability classified as problematic was found in LibTIFF 4.0.7. Affected by this vulnerability is the function TIFFReadDirEntryLong8Array of the file libtiff/tif_dirread.c. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-9815. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 广州大学法学院 段陆平10月8日，广东省政务服务和数据管理局公布《广东省数据条例（草案征求意见稿）》（以下简称《

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063人工智能是新一轮科技革命和产业变革的重要驱动力量，将对全球经济社会发展和人类文明进步产生深远影响。中国高度重视人工智能发

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-8234106310月23日，深信服科技举办2024秋季新品发布会，推出两项创新成果：实现动静态数据分类分级和数据风险自动研判分析的安全

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-8234106310月22日，为期四天的第十七届（2024）中国国际社会公共安全产品博览会暨智能与安全产业发展大会（以下简称“安博会”）

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063近期，中国国家网络与信息安全信息通报中心发现一批境外恶意网址和恶意IP，有多个具有某大国政府背景的境外黑客组织，利用这些

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 中国电子信息产业发展研究院软件与集成电路评测中心副主任 吴志刚公共数据是重要的社会公有财富，与人民群众生活息息相

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 华北电力大学 李建彬 李智勇 刘雨杉近年来，勒索软件攻击日益全球化，许多国家的政府、金融、教育、医疗、制造、交通

如果用户发现自己的设备因这种攻击而陷入崩溃循环，可以尝试在打开浏览器之前在设置中禁用 JavaScript，然后关闭有问题的标签页。

A vulnerability has been found in Linux Kernel up to 6.10.13/6.11.2 and classified as critical. Affected by this vulnerability is the function get_new_segment of the component f2fs. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-49887. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

深入探讨运营商在边缘安全加速领域的应用，包括边缘节点的全面安全升级、零信任服务的实践、边缘计算的创新应用以及行业洞察。

Tips for Employers on Securing the Home Environment and Promoting Better Hygiene
Remote work is a critical part of the future of cybersecurity and many other industries. For those who continue to work remotely or in a hybrid model, the need for robust cybersecurity practices needs to be a priority. But one of the biggest obstacles to that is isolation.

It's crucial for healthcare sector organizations to vet their artificial intelligence tech vendors in the same robust way they scrutinize the privacy and security practices of all their other third-party suppliers, said attorney Linda Malek of the law firm Crowell & Moring.

AI-Powered Cloud Remediation, Multi-Cloud Support at Core of Series B Investment
With a $30 million boost from Series B funding, Stream.Security will enhance its cloud security offerings. The company’s focus includes auto-remediation, faster, AI-driven threat responses, increased support for multi-cloud and hybrid environments, and boosted market presence in the U.S. and beyond.

U.S. Federal Government Gives Agencies Three Weeks to Patch or Mitigate
Fortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."

New Ransomware Group Deploys Rust-Based Tools in Attacks
A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.

Proposal Will Be Open for Public Comment Next, But Will It Go Anywhere?
The Department of Health and Human Service last Friday submitted for White House review long-awaited updates to the 20-year-old HIPAA Security Rule containing modifications aimed at strengthening the cybersecurity of electronic protected health information.

A vulnerability was found in Ethereal 0.9.0/0.9.1/0.9.2/0.9.3. It has been declared as critical. This vulnerability affects unknown code of the component SMB Dissector. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2002-0401. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

近日，360数字安全集团成功中标中国移动2024年至2026年终端安全软件产品集采项目。本次中标合作，将依托360终端安全管理系统打造智能化终端安全防护新体系，整体提升中国移动企业内部的数字安全防护能

9月20日，德国黑森州警方发布警告：有华裔男子通过小红书、微信等国内平台，以“紧急求租”、“买房”等借口约见单身女房东，见面后即会性侵。目前法兰克福及周边地区已发生四起相关连环性侵案，嫌犯疑似为同一华