Aggregator

Fastly DDoS Protection blocks malicious traffic

Help Net Security
8 months 3 weeks ago

Fastly released Fastly DDoS Protection to provide automatic protection from Layer 7 and other application-level DDoS attacks. With a click of a button, organizations can enable Fastly DDoS Protection to automatically shield their applications and APIs against highly disruptive data and query floods. Fastly’s DDoS Protection leverages the powerful, proven techniques behind protecting Fastly’s global network from massive DDoS attacks to offer a tailored protection product directly to customers. Modern DDoS attacks can bring even … More →

The post Fastly DDoS Protection blocks malicious traffic appeared first on Help Net Security.

Industry News

CVE-2023-52919 | Linux Kernel up to 6.5.8 nfc send_acknowledge null pointer dereference

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability has been found in Linux Kernel up to 6.5.8 and classified as critical. Affected by this vulnerability is the function send_acknowledge of the component nfc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2023-52919. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-52918 | Linux Kernel up to 6.6.47 cx23885_vdev_init null pointer dereference

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.47. Affected is the function cx23885_vdev_init. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-52918. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-10171 | code-projects Blood Bank System up to 1.0 Message Book /admin/massage.php bid sql injection

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php of the component Message Book. The manipulation of the argument bid with the input 2' AND (SELECT 1874 FROM (SELECT(SLEEP(5)))TlEY)-- jxOI as part of String leads to sql injection. This vulnerability is traded as CVE-2024-10171. It is possible to launch the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
vuldb.com

共筑澳门网安新防线:丈八网安王珩出席青创论坛 签署《共同守护澳门网络安全倡议书》

嘶吼
8 months 3 weeks ago

10月19日,由澳门学人发展协会主办的以“网络安全”为主题的“青年创新论坛”盛大启幕。论坛现场,来自澳门、粤港澳大湾区及内地的杰出企业家、知名学者及青年人才们齐聚一堂,共同分享并深入探讨网络安全领域的新进展与新思路。丈八网安CEO王珩受邀出席论坛,并发表了题为《网络靶场——建立网络空间新防线》的精彩演讲。此外,王珩还与现场多家澳门权威机构及企业代表一同签署了《共同守护澳门网络安全倡议书》,庄严承诺将携手并进,积极践行并推广网络安全理念。

论坛上,中共珠海市委组织部副部长李腾东表示,如今粤港澳大湾区建设加速提质,横琴粤澳深度合作区在封关运作、民生融合、产业协同等方面硕果累累,积极促澳多元发展,珠海、横琴的产业布局逐年完善,为港澳青年发展提供更多的珠海机遇。澳门学人发展协会会长陈青飞表示,进入数字化时代以后,国家高度重视网络安全,人才培养和区域合作是网络安全的重要议题,澳门近年来加强网络安全学科建设和人才培养,推动产学研合作,旨在提高人才的实战能力。

而关于具体如何提升网络安全实战能力,丈八网安王珩则以公司的网络靶场产品作为切入点,分析了当前网络安全现状与挑战,以及建设网络靶场的重要性。他指出,网络靶场虽然不能直接阻断入侵行为,但可以提供人员能力提升、应急演练所需的全要素,解决了“人”的能力提升问题;提供集成化的评估流程,极大方便了试验鉴定类业务的开展;提供安全可控的测试环境,让关键基础设施的高强度测试成为可能。

同时,王珩分享了丈八网络靶场平台的全新体验,升级后的丈八网络靶场平台是基于“网络靶场操作系统”的解耦式多用途弹性平台。将网络靶场的典型功能场景:授课教学、考试评测、攻防演练、实战演练、测试床、CTF、AWD等以“应用”的形式开发并组合插装在系统上,实现快速部署、即插即用,在自有知识库的海量资源支撑下,形成多元化解决方案的交付。

丈八网安自主研发、不断升级的新型网络靶场产品及解决方案受到现场广泛关注与认可,论坛期间,丈八网安也受邀与澳门学人发展协会、澳门物联网协会、澳门数字中国科技联盟、澳门高校内地学生联合会、澳门超级计算研究中心、澳门网络及数据安全学会、粤港澳大湾区青年创新与创业联盟代表先后签署《共同守护澳门网络安全倡议书》,旨在共同推进澳门网络安全建设工作。

此次出席论坛的嘉宾还包括:澳门中联办北联部交流处处长司晨,澳门中联办教青部代表林震宇,教育及青年发展局教研人员发展处处长黄达财,澳门邮电局资讯科技发展处处长李广亮,司法警察局资讯及电讯协调厅厅长陈思晶,澳门特别行政区政府旅游局资讯处处长蔡昌鸿,澳门珠海社团总会理事长卢德基,粤港澳大湾区青年创新中心执行秘书长黄恩华,澳门圣若瑟大学数据工程与科学学院院长杜文才等。

青年创新论坛旨在探索澳门创新发展之路,丈八网安作为内地企业代表出席,彰显了主办方对公司产品技术和创新能力的认可。丈八网安也期望通过此次赴澳机会,分享前沿的网络安全理念,展示创新型产品解决方案的同时,为澳门的网络安全产业发展贡献智慧和力量,通过更多创新实践推动产业繁荣发展。

企业资讯

CVE-2024-10057 | RSS Feed Widget Plugin up to 2.9.9 on WordPress Shortcode rfw-youtube-videos cross site scripting

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in RSS Feed Widget Plugin up to 2.9.9 on WordPress and classified as problematic. This issue affects the function rfw-youtube-videos of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10057. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-47793 | Kajitori Exment up to 5.0.11/6.1.4 Edit Screen cross site scripting

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as problematic has been found in Kajitori Exment up to 5.0.11/6.1.4. This affects an unknown part of the component Edit Screen. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-47793. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-10165 | Codezips Sales Management System 1.0 deletecustcom.php id sql injection

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2024-10165. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-10166 | Codezips Sales Management System 1.0 checkuser.php name sql injection

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. This vulnerability is handled as CVE-2024-10166. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad