Aggregator

本文回顾了《密码法》颁布五周年以来的重大事件，总结发展成就，分析难点问题，研判形势变化，并思考如何以全球视野和战略眼光推动密码软法和硬法的研究，为《密码法》的下一步创新发展提供有益参考。

HP announced HP Enterprise Security Edition, a suite of security capabilities designed to enhance the physical security of HP business class PCs. HP Enterprise Security Edition includes multilayered safeguards to protect PC hardware and firmware from targeted physical attacks, while giving IT admins unparalleled visibility to help detect unauthorized firmware, and component tampering throughout a device’s lifecycle. The rise of hybrid work and Work from Anywhere (WFA) has increased the risk of PCs being compromised … More →

The post HP Enterprise Security Edition protects PC hardware and firmware from physical attacks appeared first on Help Net Security.

Over a fifth of large UK businesses aren’t sure of their compliance responsibilities under the new NIS2 directive

最新排名公布

Как американские компании стали яблоком раздора двух держав и причем тут Илон Маск?

这些漏洞允许攻击者在本地访问有漏洞的Linux系统时，在无需用户交互的情况下将权限提升至root。

看雪论坛作者ID：SleepAlone

系统学习IOT安全

A vulnerability, which was classified as problematic, has been found in Wireshark up to 4.2.8/4.4.1. This issue affects some unknown processing of the component ECMP Dissector. The manipulation leads to buffer over-read. The identification of this vulnerability is CVE-2024-11596. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Wireshark up to 4.2.8/4.4.1. This vulnerability affects unknown code of the component FiveCo RAP Dissector. The manipulation leads to infinite loop. This vulnerability was named CVE-2024-11595. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in getwpfunnels Easiest Funnel Builder for WordPress & WooCommerce Plugin up to 3.5.4 on WordPress. This affects an unknown part. The manipulation of the argument post_id leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10792. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

11月26日，作者大咖深度对话，直播现场福利不停~

针对七大行业进行供需两端的市场及技术趋势分析。今天，我们走进工业行业。

HiddenLayer launched Automated Red Teaming solution for artificial intelligence, a transformative tool that enables security teams to rapidly and thoroughly assess generative AI system vulnerabilities. The addition of this new product extends HiddenLayer’s AISec platform capabilities to include Automated Red Teaming, Model Scanning, and GenAI Detection & Response – all under one platform. This innovative solution provides fast, reliable protection for AI deployments, helping businesses safeguard sensitive data and intellectual property, and prevent malicious manipulation … More →

The post HiddenLayer Automated Red Teaming prevents malicious manipulation of AI models appeared first on Help Net Security.

Security Operations Purchase Brings Cloud-Native XDR, MDR to IT Management Platform
With Adlumin’s cloud-native XDR and MDR services, N-able consolidates its position as a leader in IT management. Buying the Washington D.C.-based security operations vendor for up to $266 million drives value through AI-powered threat detection and compliance solutions tailored for MSPs.

We’re excited to announce the latest update to Threat Intelligence (TI) Lookup. The enhanced home screen now integrates all techniques and tactics of the MITRE ATT&CK matrix, along with relevant malware samples and signatures.  Let’s dive into how these updates can transform your workflow and help you tackle threats with greater confidence.  Redesigned Threat Intelligence […]

The post Explore MITRE ATT&CK Techniques in Real-World Samples with TI Lookup appeared first on ANY.RUN's Cybersecurity Blog.

ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These tools are designed to maintain persistent access and execute commands stealthily, enabling prolonged intelligence gathering while evading detection. WolfsBane execution chain (Source: ESET) WolfsBane Researchers discovered the WolfsBane samples at VirusTotal, uploaded from Taiwan, … More →

The post Researchers unearth two previously unknown Linux backdoors appeared first on Help Net Security.

Морские гады научили медиков вводить лекарства по-новому.

Обновлённые механизмы защиты делают невозможное нашей новой реальностью.

发表在《Journal of University Teaching & Learning Practice》期刊上的一项研究分析了两个特殊的群体：r/Zlibrary 上的 Reddit 用户和逾百名中国研究生。两个群体在为什么使用盗版电子书库 Z-Library 上有着相似的观点。很多 Reddit 用户都是因为贫困而使用 Z-Library：一位生活在第三世界的用户称，一本书的价格相当于其日薪的 50%-80；他们多数认为 Z-Library 是必要之恶；期刊出版商获取了巨额利润，但作者和审稿人没什么补偿，盗版论文和图书只影响出版商。第二部分研究调查了 103 名中国研究生，他们参加了一个研讨会，讨论了 Z-Library 及对其的打压行动。不是所有研究生都使用 Z-Library，有 41% 的研究生认为 Z-Library 的短暂关闭影响到了他们的学习和寻找学术资源的能力。71% 的学生承认使用过 Z-Library 或类似网站。根据社会主义价值观，大多数学生同意知识的获取应对所有人免费开放。虽然学生们知道版权法，但他们认为获取知识的需要比版权所有者的担忧更重要。