Aggregator

A vulnerability was found in Linux Kernel up to 6.6.36/6.9.7. It has been rated as critical. Affected by this issue is the function gfs2_jindex_free. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-42079. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

美国马里兰州信息技术部15日公布了其首个漏洞赏金计划的成果。参与该计划的黑客在州政府网站上共发现了40多个漏洞。 该漏洞赏金计划于7月30日正式启动，最初仅限于评估该州少数几个数字“资产”。随后，计划的范围扩大，涵盖了托管在Maryland.gov、md.gov以及state.md.us平台上的12个数字资产。在该计划运行期间（截至8月28日），通过州政府和网络安全公司HackerOne的共同审查，黑客们发现了40多个漏洞。这些漏洞在被威胁行为者利用之前，州政府已迅速完成修复。 州政府根据发现的漏洞严重程度向参与者支付了奖金，但未公开具体的支付金额。 官员们表示，此次计划帮助信息技术部与私营部门的网络安全领导者建立了重要合作关系，这将为未来的漏洞赏金计划及其他网络安全漏洞项目打下坚实基础。 许多联邦机构也已推出类似的漏洞赏金计划。根据州政府的新闻稿，马里兰州的漏洞赏金计划参考了美国国防部数字服务部门实施的一个项目，该项目专注于发现国防系统中的漏洞。在去年担任马里兰州首席信息官之前，Katie Savage曾负责领导国防数字服务部，该部门成功运行了“黑掉五角大楼”（Hack the Pentagon）等漏洞赏金计划。 Savage在新闻稿中表示：“漏洞赏金计划彻底改变了联邦政府识别和修复网络安全漏洞的方式。通过实施美国有史以来最广泛的州级漏洞赏金计划，马里兰州能够更快速地发现漏洞，建立与安全研究人员社区的强大长期联系，并确保我们的州更加安全。” 该计划得到了由州首席信息安全官Gregory Rogers领导的州安全管理办公室的全力支持。Rogers表示，该漏洞赏金计划是州级网络安全战略和信息安全计划的重要组成部分。 Rogers在新闻稿中提到：“州安全管理办公室正在通过采用最新的战略、创新和政策框架，来实现全州范围内的网络安全防御，并抵御威胁行为者的攻击。通过加强我们与美国国内蓬勃发展的安全研究人员社区的联系，我们正在建设一个不仅能自我保护，还能保护其公民的安全州，不论现在还是未来。” 参考资料：https://statescoop.com/maryland-state-bug-bounty-program-2024/     转自安全内参，原文链接：https://www.secrss.com/articles/71270 封面来源于网络，如有侵权请联系删除

“Wie zich het snelst aanpast en de kracht van innovatie het best benut, wint het gevecht. Het is de sleutel tot succes in een steeds gevaarlijkere wereld.” Met deze woorden richtte staatssecretaris Gijs Tuinman zich gisteren tot het meer dan 1.200-koppige publiek bij Innovation in Defence, het kennis- en innovatie-event van Defensie. Dat speelde zich af in de Werkspoorkathedraal in Utrecht.

Lookout announced new features for its Mobile Threat Defense (MTD) solution, Lookout Mobile Endpoint Security. These advancements provide comprehensive protection against two fast-growing advanced social engineering tactics: smishing (SMS phishing) and executive impersonation fraud texts. Lookout offers a defense-in-depth approach to cybersecurity that is designed to protect against the modern tactics used to breach an organization’s cloud infrastructure. Mobile devices are now the cornerstones of enterprise productivity, collaboration, communication and cloud identity verification. But as … More →

The post Lookout offers protection against social engineering and executive impersonation attacks appeared first on Help Net Security.

Cybersecurity threats have become increasingly prevalent and sophisticated in recent years, posing significant risks to businesses of all sizes. In 2023, there were 3,122 data breaches affecting approximately 349 million victims, highlighting the urgent need for robust network security solutions in our fast-paced, distributed work environments. NordLayer offers a sophisticated, scalable solution designed for businesses that require high-level protection without sacrificing flexibility. Developed using NordVPN’s world-class standards, NordLayer builds on a foundation of expertise to … More →

The post Product showcase: Secure and scale your network with NordLayer’s advanced security solutions appeared first on Help Net Security.

AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don't know how to use AI,” says Etay Maor, Chief Security

Discover the 7 top compliance audit software solutions for 2024, designed to streamline your compliance processes.

The post 7 Top Compliance Audit Software for 2024 appeared first on Scytale.

The post 7 Top Compliance Audit Software for 2024 appeared first on Security Boulevard.

还有不到三个月，2024年就结束了，FreeBuf知识大陆本年度帮主的福利活动即将结束。无论你是经验丰富的老帮主，还是刚刚加入新手帮主，相信你一定不愿意错过这些福利！

Видео без изменений получают специальную отметку

The new set of specifications could enable users to securely move passkeys and all other credentials across providers

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: An attacker could exploit the vulnerability CVE-2024-30088 to gain SYSTEM privileges. Successful exploitation of […]

Боевая птица открывает новую эру автономной авиации.

在这个信息爆炸的时代，开源情报已成为一种潮流和趋势。越来越多的人开始关注开源，参与到开源情报的行列中来。