От случайной плесени к спасению миллионов: медальон Флеминга продан за $76 000
Секреты прошлого всё еще удивляют и дорого стоят.
Aggregator
梆梆安全出席2024中韩个人信息合作论坛 多维度阐述个人信息保护策略
9 months 2 weeks ago
2024年10月24日,由中国互联网协会与韩国互联网振兴院、大韩贸易投资振兴公社联合主办的“2024中韩个人信息合作论坛”在北京成功召开。中国互联网协会副理事长陈家春、大韩民国驻中国大使馆科技参赞李镇守分别在会上致辞,中韩双方代表围绕个人信息保护、跨境数据流动等相关议题进行了分享与交流。
梆梆安全首席信息安全官张斌表示,随着移动互联网的快速发展,个人信息的采集、使用、处理和传输变得越来越容易和频繁。全球范围内,越来越多的国家和地区开始重视个人信息保护立法工作。
我国个人信息保护体系相关法律法规、标准规定以及监管规范也在不断完善,从 2017 年实施的《网络安全法》,到 2021 年实施的《个人信息保护法》《数据安全法》,网信办、工信部、公安部等监管部门持续加强对个人信息的管理和保护。
个人信息保护治理行动也在有条不紊的进行中,工信部开展纵深推进APP侵害用户权益专项整治行动,分批次对违规App进行通报处理,网信办开展App违法违规收集使用个人信息专项治理,对不合规App采取公开通报、责令整改、下架等处罚措施等。截止到8月底,工信部及各省通管局今年累计公开通报873款应用,工具类、生活类、购物类应用通报的数量最多,其中违规收集使用个人信息、强制索取权限等侵害用户权益的问题较为突出。
梆梆安全基于多年来对移动应用安全技术和监管政策的研究,同时参考国家行业法律标准和规范,推出了移动应用合规检测及咨询等服务,从移动 APP 安全、数据保护、隐私合规等多方面,覆盖移动应用的设计、开发、检测、发布、运营等环节,真正为客户提供全生命周期的安全解决方案,并可依托专业的技术服务人员,输出全面详尽的合规检测报告,协助移动应用程序开发和运营企业进行隐私合规检测、合规整改,满足合规监管检测、企业自查自纠等检测场景需求,保障应用上架后符合监管单位的相关要求。
数字时代数据隐私和数据安全相辅相成,它们共同构成了数字时代信息保护的重要基石,一方面,保护数据隐私有助于增强用户对数字服务的信任,促进数字经济的健康发展。另一方面,确保数据安全可以保障数据的完整性和可用性,为业务运营提供稳定可靠的支持。个人信息安全直接关系到每一个人的切身利益,筑牢个人信息安全离不开监管要求、企业责任与用户意识等层面的共同推进。
梆梆安全
CVE-2024-47041 | Google Android kernel syscall.c valid_address out-of-bounds
9 months 2 weeks ago
A vulnerability was found in Google Android kernel. It has been rated as problematic. Affected by this issue is the function valid_address of the file syscall.c. The manipulation leads to out-of-bounds read.
This vulnerability is handled as CVE-2024-47041. Local access is required to approach this attack. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-37846 | MangoOS up to 5.1.x Platform Management Edit Page injection
9 months 2 weeks ago
A vulnerability classified as problematic has been found in MangoOS up to 5.1.x. Affected is an unknown function of the component Platform Management Edit Page. The manipulation leads to injection.
This vulnerability is traded as CVE-2024-37846. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-37845 | MangoOS up to 5.1.x Active Process Command os command injection
9 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in MangoOS up to 5.1.x. Affected by this issue is some unknown functionality of the component Active Process Command Handler. The manipulation leads to os command injection.
This vulnerability is handled as CVE-2024-37845. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-10295 | Red Hat 3scale API Management Platform 2 APICast improper authentication
9 months 2 weeks ago
A vulnerability classified as critical has been found in Red Hat 3scale API Management Platform 2. This affects an unknown part of the component APICast. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2024-10295. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com
CVE-2024-10278 | ESAFENET CDG 5 ReUserOrganiseService.java userId sql injection
9 months 2 weeks ago
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection.
This vulnerability is uniquely identified as CVE-2024-10278. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-10279 | ESAFENET CDG 5 PrintPolicyService.java policyId sql injection
9 months 2 weeks ago
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection.
This vulnerability was named CVE-2024-10279. The attack can be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
外星生命能否在无行星环境下生活?
9 months 2 weeks ago
天文学家普遍认为,外星生命应该在行星上出现,毕竟地球是唯一已知有生命的星球。地球拥有稳定的重力和大气层维持适合液态水的温度,并富含碳和氧等基本元素,还有充足的阳光提供能量。因此寻找外星生命时,科学家通常将焦点放在行星上。有研究团队提出在无需行星环境的情况下,仍有可能构建支持生命生存的环境。如水熊虫已证明能在太空真空中存活。研究团队藉由计算机模拟,建构出一种能在太空中自由漂浮且自我生存的生物群落。该群落的直径约为 100 米,由薄而坚硬的透明壳包覆,能稳定维持内部液态水的压力和温度,并产生温室效应。虽然这类生命是否存在仍未知,但此项研究,对于人类未来建造太空殖民地提供了重要的参考资讯。
Threat Actor IntelBroker Claims Leak of Nokia’s Source Code
9 months 2 weeks ago
The threat actor known as IntelBroker, in collaboration with EnergyWeaponUser, has claimed responsibility for a significant data breach involving Nokia’s proprietary source code. The news, which has sent ripples through the tech industry, was shared on social media, highlighting the potential consequences for Nokia and its stakeholders. The breach reportedly involves a substantial collection of […]
The post Threat Actor IntelBroker Claims Leak of Nokia’s Source Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
Космическое дежавю: Китай превращает Long March 9 в «близнеца» Starship
9 months 2 weeks ago
Новая разработка станет серьезным конкурентом американским технологиям в космосе.
Open-source software: A first attempt at organization after CRA
9 months 2 weeks ago
The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized by creating representative bodies capable of giving an organic response to issues such as those raised at the European level by the Cyber Resilience Act. I have been advocating for years the need to transform a … More →
The post Open-source software: A first attempt at organization after CRA appeared first on Help Net Security.
Help Net Security
ZDI-CAN-25682: NVIDIA
9 months 2 weeks ago
A CVSS score 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L severity vulnerability discovered by 'David Fiser and Alfredo Oliveira ( Nebula of Trend Micro )' was reported to the affected vendor on: 2024-11-05, 94 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-25448: GStreamer
9 months 2 weeks ago
A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-11-05, 94 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-25549: Avast
9 months 2 weeks ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici' was reported to the affected vendor on: 2024-11-05, 94 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-25509: AVG
9 months 2 weeks ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici of Trend Micro Research' was reported to the affected vendor on: 2024-11-05, 94 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-25735: Apple
9 months 2 weeks ago
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-05, 94 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-25733: Microsoft
9 months 2 weeks ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Amol Dosanjh of Trend Micro' was reported to the affected vendor on: 2024-11-05, 42 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-25570: Symantec
9 months 2 weeks ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ' Vladislav Berghici of Trend Micro Research' was reported to the affected vendor on: 2024-11-05, 94 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-25736: Apple
9 months 2 weeks ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-05, 98 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.