Aggregator

一站式智能安全合规业务管理和风险治理体系

一站式智能安全合规业务管理和风险治理体系

一站式智能安全合规业务管理和风险治理体系

一站式智能安全合规业务管理和风险治理体系

一站式智能安全合规业务管理和风险治理体系

一站式智能安全合规业务管理和风险治理体系

Veracode found a 47% increase in the average time taken to patch software vulnerabilities, driven by growing reliance on third-party code

Cisco Systems has issued a critical security advisory addressing a command injection vulnerability in its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode.  Designated as CVE-2025-20161, the flaw allows authenticated local attackers with administrative privileges to execute arbitrary commands on the underlying operating system with root-level access.  The vulnerability, discovered during internal […]

The post Cisco Nexus Vulnerability Let Attackers Inject Malicious Commands appeared first on Cyber Security News.

Обычный иранский город внезапно превратился в сеть из тысяч глаз.

Издатели одержали временную победу над Z-Library в Telegram.

Тестирование на проникновение остается редкостью в бизнесе.

“暴动和捣毁机器是否能够拦阻技术的进步发展？显然，它无法阻止作为一个整体之工业资本主义的胜利。然而，从比较小的规模来看，它绝非像人们过去所理解的，是一种绝望且不具效果的武器。”

Phishing has been the method most often employed by cybercriminals to achieve initial access to targeted organizations in 2024, according to risk advisory firm Kroll, which expects this trend to continue in 2025. But attackers have also increasingly been using valid accounts (i.e., credentials stolen via infostealers) and social engineering to get a foothold into targets’ systems and networks. “Social engineering tactics observed in 2024 included CEO-spoofing that takes advantage of artificial intelligence (AI) to … More →

The post 2024 phishing trends tell us what to expect in 2025 appeared first on Help Net Security.

A new attack dubbed nRootTag has exposed over 1.5 billion Apple devices, including iPhones, iPads, Apple Watches, and Macs, to covert tracking by malicious actors.  To be Detailed in a forthcoming USENIX Security Symposium 2025 paper by researchers Junming Chen, Xiaoyue Ma, Lannan Luo, and Qiang Zeng, the attack exploits Apple’s Find My network to […]

The post New “nRootTag” Attack Turns 1.5 Billion iPhones as Free Tracking Agents for Attacker appeared first on Cyber Security News.

CISA released two Industrial Control Systems (ICS) advisories on February 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-058-01 Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers
   
• ICSMA-25-058-01 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

A vulnerability, which was classified as critical, has been found in Adobe Substance3D Painter up to 10.1.0. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-49520. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Substance3D Painter up to 10.1.0. Affected is an unknown function. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-49525. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Substance3D Painter up to 10.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-47439. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.3/19.5 and classified as problematic. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-49510. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.3/19.5. It has been classified as problematic. Affected is an unknown function. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-49511. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.