Aggregator

A vulnerability was found in Palo Alto Networks Cloud NGFW, PAN-OS and Prisma Access. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-2552. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Android 12/13/14/15. This issue affects the function shouldHideDocument of the file ExternalStorageProvider.java. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2024-43093. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

提供 DRM-free 游戏服务的 GOG 宣布了经典游戏保存计划 GOG Preservation Program。它将投入资源确保获得 Good Old Game: Preserved by GOG 印章游戏的兼容性，并会持续提供技术支持。首批列入保存计划的游戏共 100 款，它特别列举了如何改进《魔法门之英雄无敌3：完整版》、《暗黑破坏神 + 地狱火》和《生化危机捆绑包》的兼容性，其它列入的经典游戏包括了《Jagged Alliance》、《System Shock 2》、《Warcraft I & II》、《Dungeon Keeper Gold》、《Theme Park》、《SimCity 3000 Unlimited》以及 Wing Commander 系列。GOG 称其商店出售的旧游戏不是所有它都有权修改，它和开发商签署的合同有的是禁止它修改的，如果发现存在 bug，只有开发商有权修改，而很多经典游戏的开发商早就不存在了。

Typecho 的原生搜索功能存在明显不足，极大地影响了用户体验。就拿搜索 windows 10 系统下载相关内容来说，当用户输入 “windows 10 系统” 这一关...

error code: 521

Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent

Белые хакеры обнаружили критическую уязвимость, но остались без выплат.

After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part of a “broad and significant cyber espionage campaign.” “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private … More →

The post FBI confirms China-linked cyber espionage involving breached telecom providers appeared first on Help Net Security.

提升数据安全治理监管能力对于加强数据安全、推动数据要素创新发展、实现经济社会高质量发展具有重大意义。

国家计算机病毒应急处理中心近期通过互联网监测发现，13款移动App存在隐私不合规行为，涉及电商、社交和教育等领域。

截至目前，共破获相关案件1900余起。近日，公安部公布依法打击网上侵权假冒犯罪10起典型案例。

公安部治安管理局副局长亓希国在会上表示，任何单位和个人利用网络发布制作或者销售枪爆物品信息，传授制枪制爆犯罪方法，设立用于制作或者销售枪爆物品的网站、通讯群组均涉嫌违法犯罪，公安机关将依法予以查处，构成犯罪的将依法追究刑事责任。

对话式人工智能技术的应用对现有的信息检索方式而言，可能带来一场深刻变革。但是，由于其算法模型的固有缺陷，隐藏的风险也不容小觑，自然语言交互、自动化提取、个性化推荐等特点使其在为用户提供贴心服务的同时，...

近年来，全球数字经济的高速发展，2019年我国首次将数据增列为生产要素，成为第五大生产要素。党的二十大报告指出，数据作为新型生产要素，正以前所未有的广度、深度融入经济社会发展各领域全过程，成为促进经济增长、构筑国家竞争优势的重要力量。

中国信息安全测评中心是我国专门从事信息技术安全测试和风险评估的权威职能机构，现面向社会招录10名非编产品安全测评人员。

胡金鱼

CISA released nineteen Industrial Control Systems (ICS) advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-319-01 Siemens RUGGEDCOM CROSSBOW
• ICSA-24-319-02 Siemens SIPORT
• ICSA-24-319-03 Siemens OZW672 and OZW772 Web Server
• ICSA-24-319-04 Siemens SINEC NMS
• ICSA-24-319-05 Siemens Solid Edge
• ICSA-24-319-06 Siemens SCALANCE M-800 Family
• ICSA-24-319-07 Siemens Engineering Platforms
• ICSA-24-319-08 Siemens SINEC INS
• ICSA-24-319-09 Siemens Spectrum Power 7
• ICSA-24-319-10 Siemens TeleControl Server
• ICSA-24-319-11 Siemens SIMATIC CP
• ICSA-24-319-12 Siemens Mendix Runtime
• ICSA-24-319-13 Rockwell Automation Verve Asset Manager
• ICSA-24-319-14 Rockwell Automation FactoryTalk Updater
• ICSA-24-319-15 Rockwell Automation Arena Input Analyzer
• ICSA-24-319-16 Hitachi Energy MSM
• ICSA-24-319-17 2N Access Commander
• ICSA-24-291-01 Elvaco M-Bus Metering Gateway CMe3100 (Update A)
• ICSMA-24-319-01 Baxter Life2000 Ventilation System

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability
• CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

NIST researchers have trained AI to detect the telltale sound even in noisy environments.

企业资讯