Aggregator

CVE-2017-5571 | Flexera FlexNet Publisher up to 11.14.1 redirect (ID 370304 / BID-96028)

5 months 1 week ago

A vulnerability was found in Flexera FlexNet Publisher up to 11.14.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2017-5571. The attack may be initiated remotely. There is no exploit available.

vuldb.com

山石网科安研院第一季度原创技术文章合辑

山石网科安全技术研究院

5 months 1 week ago

合辑中都是我们优中选优的精华成果，2024第一季度山石网科安研院原创技术文章合辑。

[漏洞挖掘与防护] 03.漏洞利用之WinRAR安全缺陷复现（CVE-2018-20250）及软件自启动分析

娜璋AI安全之家

5 months 1 week ago

漏洞挖掘与防护第3篇介绍CVE-2018-20250漏洞及防御方法，希望您喜欢！

SekaiCTF 2024 圆满落幕，Nu1L战队夺冠！

XCTF联赛

5 months 1 week ago

2024年8月26日00:00，SekaiCTF 2024正式落幕。

Linux malware sedexp uses udev rules for persistence and evasion

Security Affairs

5 months 1 week ago

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts […]

Pierluigi Paganini

CVE-2007-1404 | ProSysInfo TFTP Server TFTPDWIN 0.4.2 tftpd.exe denial of service (EDB-3432 / XFDB-32886)

Vuldb Updates

5 months 1 week ago

A vulnerability was found in ProSysInfo TFTP Server TFTPDWIN 0.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file tftpd.exe. The manipulation leads to denial of service. This vulnerability is known as CVE-2007-1404. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

vuldb.com

北京市国家网络安全宣传周网络安全作品征集活动开始石油巨头Halliburton遭受网络攻击导致系统关闭

嘶吼专业版

5 months 1 week ago

快速浏览！2024.8.19—8.25安全动态周回顾。

数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为

嘶吼专业版

5 months 1 week ago

安全研究人员指出，在 AnyDesk 连接请求之前，它没有看到 Mad Liberator 与目标互动，也没有记录任何支持攻击的网络钓鱼尝试。

审计发现 FBI 的数据存储管理存在重大漏洞

FreeBuf互联网安全新媒体平台

5 months 1 week ago

据The Hacker News消息，美国司法部监察长办公室（OIG）的一项审计发现， FBI 在库存管理和处置涉及机密信息的电子存储媒体方面存在“重大漏洞”。OIG 的审计显示，FBI 对包含敏感但未分类（SBU）、存储机密国家安全信息（NSI）的电子介质库存管理存在三大主要问题：一旦电子存储介质（例如内部硬盘驱动器和 U 盘）从较大的设备中提取出来，FBI 就无法充分进行追踪，增加

IBM 关闭中国研发部门

Solidot

5 months 1 week ago

IBM 将彻底关闭中国研发部门，涉及员工逾千人。IBM 中国在一份声明中称：“IBM 会根据需要调整运营，为客户提供最佳服务，这些变化不会影响我们为大中华区客户提供支持的能力。”声明还提到，中国企业，尤其是民营企业，越来越重视抓住混合云和人工智能技术带来的机遇，而 IBM 在中国的本地战略重点则是利用我们在技术和咨询方面的丰富经验，组建具备相应技能的团队，帮助中国客户共创符合他们需求的解决方案。 IBM 强调未来将转向服务中国的民营企业以及部分在中国的跨国企业，但金融、能源等关键领域的大型国企才是 IBM 过去最重要的大客户。此次研发部门关闭涉及的业务线主要有两条，一个是 IBM 中国开发中心（CDL），另一个是 IBM 中国系统中心（CSL），主要负责研发和测试。IBM 将为相关员工提供 N+3 的赔偿。

Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0

Security Boulevard

5 months 1 week ago

The NIST Cybersecurity Framework (CSF) has long served as a cybersecurity cornerstone, offering a structured approach to managing and improving cybersecurity risk. With the release of NIST CSF 2.0, organizations are poised to benefit from updated guidelines that reflect the latest cybersecurity practices and challenges. Understanding NIST CSF 2.0 The NIST CSF 2.0 release date, […]

The post Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0 appeared first on Centraleyes.

The post Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0 appeared first on Security Boulevard.

Rebecca Kappel

小鼠研究显示通用流感候选疫苗引发强免疫反应

Solidot

5 months 1 week ago

美国克利夫兰诊所勒纳研究所科学家报告称，在小鼠身上开展的测试结果显示，他们开发的通用流感候选疫苗引发了强烈的免疫反应，且能在动物接触病毒后保护其免受严重感染。论文发表于最新一期《病毒学杂志》。研究人员表示，他们计划在 1-3 年内启动该候选疫苗的人体临床试验，最终研制出一款能跨越不同季节，并应对所有流感菌株的通用疫苗。流感病毒不断演变，现在每年可用的流感疫苗都是为抵御预计当年会流行的特定毒株而定制的。科学家希望开发出通用流感疫苗。研究人员使用“计算优化的广泛反应性抗原”（COBRA）方法，设计出了这款候选疫苗。他们首先从在线数据库下载了数千个跨越多个季节的致病性流感毒株的基因序列，然后对这些序列进行了数字分析，以确定哪些氨基酸（蛋白的组成部分）跨越不同季节，并出现在每种病毒中。这款候选疫苗的使用方式为鼻内给药。血液测试显示，4 周后小鼠已经产生了针对病毒的抗体，接触病原体后不会感染。

安全动态回顾|北京市国家网络安全宣传周网络安全作品征集活动开始石油巨头Halliburton遭受网络攻击导致系统关闭

嘶吼

5 months 1 week ago

往期回顾：

2024.8.12—2024.8.18安全动态周回顾

2024.8.5—2024.8.11安全动态周回顾

2024.7.29—2024.8.4安全动态周回顾

2024.7.22—2024.7.28安全动态周回顾

2024.7.15—2024.7.21安全动态周回顾

2024.7.8—2024.7.14安全动态周回顾

2024.7.1—2024.7.7安全动态周回顾

胡金鱼

CVE-2014-5624 | Fungames-forfree Sniper Shooter Free - Fun Game 2.8 X.509 Certificate cryptographic issues (VU#582497)

Vuldb Updates

5 months 1 week ago

A vulnerability was found in Fungames-forfree Sniper Shooter Free - Fun Game 2.8. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5624. The attack needs to be done within the local network. There is no exploit available.

vuldb.com

Telegram 首席执行官 Pavel Durov在法国因涉嫌内容监管不力被捕

安全客

5 months 1 week ago

安全客

美国 CISA 将 Versa Director 漏洞添加到其已知利用漏洞目录中

安全客

5 months 1 week ago

安全客

新型 Linux 恶意软件 ”sedexp” 利用 udev 规则隐藏信用卡盗刷器

安全客

5 months 1 week ago

安全客

CVE-2024-6879 | Quiz and Survey Master Plugin up to 9.1.0 on WordPress cross site scripting

VulDB Recent Entries

5 months 1 week ago

A vulnerability has been found in Quiz and Survey Master Plugin up to 9.1.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6879. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

黑客可以接管 Ecovacs 家用机器人来监视它们的主人

安全客

5 months 1 week ago

安全客

CVE-2024-7313 | Shield Security Plugin up to 20.0.5 on WordPress cross-site request forgery

VulDB Recent Entries

5 months 1 week ago

A vulnerability, which was classified as problematic, was found in Shield Security Plugin up to 20.0.5 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-7313. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Aggregator

Managed ad