Aggregator

A vulnerability, which was classified as critical, was found in Oracle Banking Enterprise Default Management 2.7.1/2.12.0. This affects an unknown part of the component Collections. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2021-44832. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Dec 12, 2024Join us for this segment as we discuss government regulationsand certifications as they

美国网络安全战略专家、新锐网安公司SentinelOne首席安全顾问摩根·莱特（Morgan Wright）日前撰文称，特朗普第二任期政府已表态减少物理战争，网络战将是替代选择，预计针对美军进攻性网络行动的管控政策将进一步宽松，以实现美国的全球优势。以下为全文翻译，安全内参做了少量编辑。 美国网络司令部和国家安全局（NSA）前负责人保罗·仲宗根将军（Paul Nakasone）有一句名言，能最恰如其分地概括下届特朗普政府将面临的网络安全挑战。他曾说：“如果我们发现自己只在内部网络进行防御，我们已经失去了主动权和优势。” 网络空间威胁态势每天都在变化。虽然新的AI技术将在打击对手方面发挥重要作用，但一项更具进攻性的网络政策可能成为美国能够部署的最强大的武器。 特朗普政府即将于明年1月上台，人们不禁要问：在未来的几个月和几年中，我们是否会看到更多进攻性的网络行动？ 对此，摩根·莱特认为答案是肯定的。启动一场传统战争与派出一支网络战队截然不同。传统战争风险高代价大，而网络战则完全相反。 美军进攻性网络行动近年频次暴涨 按照惯例，美国在非战区或未明确敌对状态的情况下展开军事行动，需要得到总统批准。美国法典第10编（武装部队规则）是军事权力的基础。 然而，针对本·拉登的代号为“海神之矛行动”的任务则是根据美国法典第50编（间谍活动与秘密行动规则）进行的。这项由海豹突击队第六分队执行的情报导向行动，尽管取得了成功，但必须先经过总统批准。这是一个漫长且复杂的过程。 与之类似，针对伊朗核设施的代号为“奥林匹克行动”的知名网络破坏任务，在连续两届美国政府中都需要总统授权。这一过程同样繁琐。这些行动虽然本质上是网络作战，但目标均是固定的物理设施。 网络战争需要不同的政策和全新的思维方式。奥巴马政府期间出台总统政策指令（PDD-20）要求，进攻性和防御性网络行动必须经过白宫多次审批。这一规定导致行动速度大幅放缓，不是因为技术能力，而是政策约束。 2018年，特朗普第一任期内的政府开始转向新方法。《第13号国家安全总统备忘录》（NSPM-13）授予国防部长更大的权限，以开展进攻性网络行动。结果是短短几个月内，美国进行的网络空间行动数量超过了过去10年的总和。这一策略被称为“持续交战”。 据美媒C4isrnet 2018年的报告显示，这些更具进攻性的网络活动，帮助美国军方在应对对手方面更加高效。然而，进攻性军事网络行动的性质，决定了它们通常属于机密。美国的机密政策会产生一个问题，人们几乎从未听闻成功案例，失败案例却在国会监督框架下被广泛讨论。 网络威胁态势不断恶化将推动管控政策进一步宽松 美国持续面临来自俄罗斯、朝鲜和伊朗等敌对国家不断演变的众多威胁，以及代理人和跨国网络犯罪组织的持续攻击。值得注意的是，一些新的变化正在发生，而新的应对方法可能对未来的网络空间政策产生重大影响。 2021年5月，拜登总统因太阳风事件（国家支持的网络威胁行动）和Colonial管道事件（跨国网络犯罪组织攻击）发布了网络安全行政命令（EO 14028）。该命令不仅要求实施多因素认证、加密等基础网络安全工具，还对政府传统上采用的应对方法提出质疑，呼吁采用现代化解决方案。 另一起更近期的网络事件，由外国支持的“盐台风”针对美国电信行业的攻击。这引发了更多要求建立独立美国网络部队的讨论。虽然支持与反对的争论仍在继续，但在今年4月，美国的最大网络对手已经成立了专门的网络空间部队。 未能阻止外国实施激进网络间谍活动的代价越来越大。外国黑客持续窃取美国国防等领域的知识产权。朝鲜持续通过远程IT工作者骗局寻找新的方式获取流动资金，以资助其军事与核计划。伊朗也表示，将扩大铀浓缩规模，并积极开展低风险的网络攻击行动。 俄罗斯同样不容低估。即使在乌克兰战争期间，俄罗斯仍然对美国关键基础设施实施攻击。 美国前总统西奥多·罗斯福有一句名言：“说话温和，但手持大棒。”在网络空间，这根“大棒”并不是花哨的AI技术、军事硬件或最新的小工具，而是一项明确的政策，并辅以这些技术工具作为支撑。 真正的成功标准不是对敌人成功攻击的次数，而是敌人对美国的攻击完全不存在。 即将上任的特朗普政府已明确表示，他们更倾向于减少动能战争。如果这一目标真正实现，将更多是因为政策的调整，而非技术上的突破。可以预见，政策将更多地聚焦于第五领域（网络空间）的战争。     转自安全内参，原文链接：https://www.secrss.com/articles/73451 封面来源于网络，如有侵权请联系删除

It’s 3:00 a.m.A biology graduate student in Hanoi stares at her laptop, one hand nursing a cup of i

Author:(1) David Staines.Table of LinksAbstract1 Introduction2 Mathematical Arguments3 Outli

by TortsDecember 12th, 2024Too Long; Didn't ReadThis section provides a visual comparison of how d

Possible Long-Term Attack by Unknown Hackers Thwarted
Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of their internals and deployed a previously unknown family of malware, security researchers from Huntress said Thursday. Cleo published a patch Wednesday evening.

DOJ Indicts North Korean IT Workers for Using Remote Jobs to Steal Sensitive Info
U.S. federal prosecutors indicted 14 North Koreans for a long-running IT scam generating $88 million by exploiting remote work with U.S. firms, a scheme prosecutors say is tied to DPRK-controlled companies that fund weapons programs through stolen identities, data theft and extortion.

Secret Blizzard Used Third-Party Amadey Bots to Hack Ukrainian Military Devices
A Russian state-backed hacker group used third-party data-stealing bots and possibly a backdoor used by another Russia-based threat group to infiltrate and spy on devices used by frontline Ukrainian military units, according to a report from the Microsoft threat intelligence team.

Also: Australia Fines Kraken AU$8 Million Over Breaches
This week, scammers targeted crypto workers with fake meeting apps, Australia fined Kraken crypto exchange operator Bit Trade, a Los Angeles federal court ordered five individuals to pay $5 million, Polish police detained a Russian former exchange operator and FTX debtors clawed back more cash.

A vulnerability was found in Linux Kernel up to 6.6.14/6.7.2/6.8-rc1. It has been rated as critical. This issue affects the function mlx5e_tc_del_fdb_peer_flow in the library lib/list_debug.c of the component mlx5e. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2023-52487. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.10.209/5.15.148/6.1.75/6.6.14/6.7.2. Affected by this issue is the function mtk_jpeg_dec_device_run of the component mtk-jpeg. The manipulation leads to use after free. This vulnerability is handled as CVE-2023-52491. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.10.209/5.15.148/6.1.75/6.6.14/6.7.2. This affects the function parse_xfer_event of the component mhi. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-52493. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.14/6.7.2/6.8-rc1. It has been rated as problematic. This issue affects the function btrfs_submit_bio of the component scrub. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-26616. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.7.2. Affected by this issue is some unknown functionality of the file fs/proc/task_mmu of the component MMU Notifications Handler. The manipulation leads to race condition. This vulnerability is handled as CVE-2024-26617. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.76/6.6.15/6.7.3/6.8-rc2. Affected by this vulnerability is an unknown functionality in the library /build/work/knet/arch/x86/lib/retpoline.S of the component ipmr. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-26626. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in britner Gutenberg Blocks Plugin up to 3.2.23 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-1541. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Linux Kernel up to 6.8-rc1. Affected by this vulnerability is the function rmb_desc of the component smc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-26615. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in jackc pgproto3 and pgx and classified as critical. This vulnerability affects unknown code of the component Protocol Message Size Handler. The manipulation leads to sql injection. This vulnerability was named CVE-2024-27304. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.