Aggregator

这一漏洞存在于Windows远程桌面许可管理服务（RDL）中，该服务常被部署于开启Windows远程桌面的服务器，用于管理远程桌面连接许可。

喜报！我实验室杨哲慜老师获新耀东方风采人物数据安全保障奖

俄罗斯以防止被用于恐怖主义和极端主义目的的理由封禁了加密消息应用 Signal。Signal 对此回应称它内置了反审查功能，用户可通过 Settings > Privacy > Advan

俄罗斯以防止被用于恐怖主义和极端主义目的的理由封禁了加密消息应用 Signal。Signal 对此回应称它内置了反审查功能，用户可通过 Settings > Privacy > Advanced > Censorship circumvention，启动该功能。俄罗斯还在几乎同一时间限制了对 YouTube 的访问。YouTube 的访问速度过去几周在变慢，周四遭遇了大规模中断，这是俄罗斯对信息自由的最新打击。当局将访问速度变慢归咎于 Google 未能升级在俄罗斯的设备，但专家认为这是俄罗斯不想让民众看到反对观点。

The American Hospital Association and Health-ISAC issued a joint threat bulletin warning healthcare IT providers that their ransomware plans need to consider third-party risk.

X 同意暂停欧盟对训练 Grok 的数据处理；因财务状况不佳，英特尔原定 9 月举行的创新大会推迟至 2025 年；苹果 Vision Pro 头显目前已有超过 2500 个原生应用

反垄断重锤下，美国司法部正考虑强制将安卓从谷歌剥离8 月 9 日消息，The Information 称，美国司法部在赢得了针对谷歌的反垄断诉讼后，不仅会削弱该公司与苹果之间的联盟关系，还可能会寻求让

We’ve written extensively before about FedRAMP’s impact levels. As a brief refresher, there are fou

We’ve written extensively before about FedRAMP’s impact levels. As a brief refresher, there are four: Li-SaaS, the lowest of the low-security levels, is made for non-critical cloud applications that handle no tangible CUI. Low Impact, which can handle some CUI, but is largely focused solely on very basic and public information like the basic information […]

The post Move From FedRAMP to DoD with Impact Level Assessment appeared first on Security Boulevard.

Sonos smart speakers flaw allowed to eavesdrop on usersNCC Group discovered vulnerabilities in

NCC Group discovered vulnerabilities in Sonos smart speakers, including a flaw that could have allowed to eavesdrop on users. Researchers from NCC Group have discovered multiple vulnerabilities in Sonos smart speakers, including a flaw, tracked as CVE-2023-50809, that could have allowed eavesdropping on users. The researchers have disclosed the vulnerabilities during the BLACK HAT USA […]

A vulnerability, which was classified as problematic, was found in Christmasify Plugin up to 1.5.5 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-7574. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Opal Membership Plugin up to 1.2.4 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-7649. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Opal Membership Plugin up to 1.2.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-7648. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Havoc 0.7. Affected is an unknown function. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-41570. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in productinfoquick 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Ueditor. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-41577. The attack needs to be initiated within the local network. There is no exploit available.