T00.ls正式推出:打造网络安全人士的个人名片
T00.ls是T00ls推出的一项创新服务,旨在为网络安全领域的专业人士提供一个简洁、高效且易于分享的个人在线名片。通过T00.ls,用户可以轻松创建一个包含多个网址的短链接,方便粉丝和同行快速访问其个人网站、博客、社交媒体等重要链接。
Aggregator
T00.ls正式推出:打造网络安全人士的个人名片
9 months 2 weeks ago
T00.ls是T00ls推出的一项创新服务,旨在为网络安全领域的专业人士提供一个简洁、高效且易于分享的个人在线名片。通过T00.ls,用户可以轻松创建一个包含多个网址的短链接,方便粉丝和同行快速访问其个人网站、博客、社交媒体等重要链接。
T00.ls正式推出:打造网络安全人士的个人名片
9 months 2 weeks ago
T00.ls是T00ls推出的一项创新服务,旨在为网络安全领域的专业人士提供一个简洁、高效且易于分享的个人在线名片。通过T00.ls,用户可以轻松创建一个包含多个网址的短链接,方便粉丝和同行快速访问其个人网站、博客、社交媒体等重要链接。
T00.ls正式推出:打造网络安全人士的个人名片
9 months 2 weeks ago
T00.ls是T00ls推出的一项创新服务,旨在为网络安全领域的专业人士提供一个简洁、高效且易于分享的个人在线名片。通过T00.ls,用户可以轻松创建一个包含多个网址的短链接,方便粉丝和同行快速访问其个人网站、博客、社交媒体等重要链接。
Top Database Security Tools for Enhanced Vulnerability Assessment and Compliance
9 months 2 weeks ago
November 14, 2024 4 Minute Read
每周高级威胁情报解读(2024.11.08~11.14)
9 months 2 weeks ago
- Lazarus 利用 macOS 扩展文件属性隐藏恶意代码
- 伊朗“梦想工作”活动披露
- WIRTE 继续针对中东并转向破坏性活动
- 金眼狗团伙近期活动跟踪
奇安信情报沙箱助力,识破求职网站伪装下的恶意软件
9 months 2 weeks ago
我们发现一个来自伪装为求职网站的可疑压缩包。通过奇安信情报沙箱的智能恶意行为综合判断,识别出文件可疑并给出10分的恶意评分。RAS 检测结果表明样本可能采用 DLL 侧加载手段。结合手动分析,认为此次恶意活动是 UNC1549 攻击的延续。
因使用盗版软件期刊撤下了两篇论文
9 months 2 weeks ago
期刊出版商 Elsevier 旗下的《Ain Shams Engineering Journal》撤下了两篇讨论溃坝的论文,原因是论文使用的计算流体力学软件 FLOW-3D 被开发商 Flow Science 投诉是盗版。期刊主编称,他们在收到投诉之后展开了调查,论文作者承认 FLOW-3D 没有购买许可证。而论文发表的条件之一是不能侵犯任何个人或实体的知识产权,任何软件的使用都需要在软件所有者的授权或许可下进行。
NIST report on hardware security risks reveals 98 failure scenarios
9 months 2 weeks ago
NIST’s latest report, “Hardware Security Failure Scenarios: Potential Hardware Weaknesses” (NIST IR 8517), explores the hidden vulnerabilities in computer hardware, a domain often considered more secure than software. The report highlights how hardware flaws embedded in chip designs can lead to security risks that are difficult to fix post-production. The document outlines 98 failure scenarios, detailing various ways attackers can exploit hardware design and implementation weaknesses. Issues such as improper access control, faulty coding standards … More →
The post NIST report on hardware security risks reveals 98 failure scenarios appeared first on Help Net Security.
Mirko Zorz
大语言语言模型安全攻击以及AI供应链漏洞
9 months 2 weeks ago
本篇文章为翻译文章,让我们跟随梅苑师傅的脚步,一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞!
大语言语言模型安全攻击以及AI供应链漏洞
9 months 2 weeks ago
本篇文章为翻译文章,让我们跟随梅苑师傅的脚步,一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞!
大语言语言模型安全攻击以及AI供应链漏洞
9 months 2 weeks ago
本篇文章为翻译文章,让我们跟随梅苑师傅的脚步,一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞!
大语言语言模型安全攻击以及AI供应链漏洞
9 months 2 weeks ago
本篇文章为翻译文章,让我们跟随梅苑师傅的脚步,一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞!
大语言语言模型安全攻击以及AI供应链漏洞
9 months 2 weeks ago
本篇文章为翻译文章,让我们跟随梅苑师傅的脚步,一起来研究一下大语言语言模型安全攻击以及AI供应链漏洞!
匈牙利确认国防采购机构遭黑客攻击
9 months 2 weeks ago
匈牙利官员向当地媒体证实,该国国防采购机构(VBÜ)遭到“国际黑客组织”的攻击。 周四早些时候,名为 INC Ransomware 或 INC Ransom 的网络犯罪组织声称可以访问该机构的数据,并在其暗网门户网站上发布了示例截图。 先前的研究表明,该组织于去年出现,主要针对医疗保健、教育和政府实体。其背后的运营者仍然未知。 匈牙利国防部在回应媒体询问时拒绝透露可能的信息泄露,称调查仍在进行中。该部补充说,VBÜ 不存储敏感的军事数据。匈牙利是北约联盟的成员。 总理维克托·欧尔班的幕僚长盖尔盖利·古利亚斯将此次袭击归咎于“敌对的外国非国家黑客组织”,但没有透露该组织的名字。 古利亚斯在周四的新闻发布会上表示,可能被访问的最敏感数据包括“有关军事采购的计划和数据”。 匈牙利新闻媒体 Magyar Hang报道称,INC 勒索软件入侵了该机构的服务器,下载并加密了所有文件。据称,黑客发布了包含匈牙利军队空中和陆地能力数据的文件截图,以及标有“非公开”的文件。 媒体报道称,泄露的数据“相当新”,一些文件可追溯到今年 10 月。据报道,黑客索要 500 万美元赎金。 匈牙利官员没有就他们是否正在与黑客谈判发表评论。国防部尚未回应 Recorded Future News 的置评请求。 转自军哥网络安全读报,原文链接:https://mp.weixin.qq.com/s/bIPxaypcWTd3AUp9Ov9O8g 封面来源于网络,如有侵权请联系删除
内容转载
CVE-2022-43551 | Apple macOS up to 13.2.1 curl cleartext transmission (HT213670 / Nessus ID 211153)
9 months 2 weeks ago
A vulnerability was found in Apple macOS up to 13.2.1. It has been classified as problematic. This affects an unknown part of the component curl. The manipulation leads to cleartext transmission of sensitive information.
This vulnerability is uniquely identified as CVE-2022-43551. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-43551 | Oracle HTTP Server 12.2.1.4.0 SSL Module information disclosure (Nessus ID 211153)
9 months 2 weeks ago
A vulnerability was found in Oracle HTTP Server 12.2.1.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSL Module. The manipulation leads to information disclosure.
This vulnerability is known as CVE-2022-43551. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2022-43551 | Oracle MySQL Server up to 5.7.41/8.0.32 Packaging information disclosure (Nessus ID 211153)
9 months 2 weeks ago
A vulnerability classified as critical has been found in Oracle MySQL Server up to 5.7.41/8.0.32. Affected is an unknown function of the component Packaging. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2022-43551. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2022-43552 | cURL Proxy Error use after free (Nessus ID 211153)
9 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in cURL. Affected is an unknown function of the component Proxy Error Handler. The manipulation leads to use after free.
This vulnerability is traded as CVE-2022-43552. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-43551 | cURL HSTS cleartext transmission (FEDORA-2022-d7ee33d4ad / Nessus ID 211153)
9 months 2 weeks ago
A vulnerability has been found in cURL and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to cleartext transmission of sensitive information.
This vulnerability is known as CVE-2022-43551. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com