Aggregator

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

8 months 1 week ago

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. South Korea’s national security and intelligence agencies, including the National Intelligence Service, the Prosecutor’s Office, the Police Agency, the Military Intelligence Command, and the Cyber Operations Command, have issued a joint cybersecurity advisory to warn that […]

Pierluigi Paganini

XCon2024议题：LLM Infra Security：大模型供应链的阿喀琉斯之踵

嘶吼

8 months 1 week ago

循万变·见未来——技术前瞻

未来，大模型供应链的发展将呈现两大趋势：

1、越发错综复杂，利用基础设施漏洞开展的高级可持续威胁将对企业安全形成严峻挑战。

2、大模型应用场景遍地开花，带来更多用户端侧的安全和隐私问题。

——腾讯朱雀实验室高级安全研究员杨瑾

在当前百模大战的时代背景下，机器学习平台、大数据平台和算力集群等关键大模型基础设施（LLM Infra）已成为推动大模型快速升级和迭代的核心动力。然而，由于大模型基础设施整合了众多开源组件，其带来的供应链风险也逐渐成为大模型行业面临的一大挑战。

目前，大模型行业的安全研究主要集中在模型与算法安全方面，而针对大模型基础设施及其相关供应链安全的研究相对较少。

XCon2024会议中，来自腾讯朱雀实验室的高级安全研究员杨瑾将带来议题《LLM Infra Security：大模型供应链的阿喀琉斯之踵》，该议题将重点分享腾讯朱雀实验室在大模型基础设施安全方面的研究成果，包括但不限于以下几点：对大模型生态系统的安全分析；安全开发生命周期的研究分析；基础设施攻击面分析成果；大模型训练与部署关键阶段面临的安全威胁；大模型应用场景中的风险点。议题还将总结并分享大模型基础设施安全的实践经验，以期为行业提供有益的借鉴和启示。

议题简介

《LLM Infra Security：大模型供应链的阿喀琉斯之踵》

议题将对大模型基础设施的攻击面进行概要分析，探讨大模型软件供应链生态、开发生命周期以及系统基础设施，进而综合评估大模型基础设施的攻击面。通过这一综合分析，揭示潜在的安全隐患，为后续的安全防护工作提供有力支持。

同时，对大模型训练与部署阶段的安全风险进行系统的剖析，通过具体漏洞案例，深入剖析大模型在训练与部署等关键环节所面临的安全风险。重点关注当前行业内热点的大模型平台和框架漏洞，如huggingface、pytorch、ray等，以期提高开发者和使用者在实际操作中的安全防范意识。

最后，重点分析大模型应用场景中的安全挑战并为用户提出防护性建议。充分结合实际应用场景，如智能体开发应用和终端模型使用等，分析漏洞如何影响大模型基础设施的安全，通过分析langchain、chatrtx等框架应用的漏洞案例，揭示潜在的数据泄露风险，为相关机构和用户提供有针对性的安全建议。

演讲人及团队介绍

杨瑾——腾讯朱雀实验室高级安全研究员

杨瑾——腾讯朱雀实验室大模型红队成员。聚焦大模型安全研究和企业安全建设，有多年红蓝对抗和漏洞挖掘经验，发现过多个英伟达/微软/甲骨文等企业产品和服务的安全漏洞并获得厂商致谢。

腾讯朱雀实验室

成立于2019年1月，目前专注AI大模型领域前沿安全攻防技术研究，负责腾讯大模型业务的AI Red Team建设。通过大模型原生安全攻击手法跟踪和检测，红蓝对抗演习、供应链风险排雷、前沿攻击手法预研等视角进行实战演练与安全研究面向行业发布了业内首个AI安全威胁风险矩阵、LLM安全性测评基准、Secbench网络安全大模型测评，发现Nvidia、Meta、HuggingFace等多个知名厂商AI产品的高危漏洞，并获得官方致谢。议题入选CVPR、NeurIPS、ICLR、ACL、BlackHat、DEFCON、CanSecWest、HITB等国内外顶级会议。

XCon2024售票通道现已全面开启

【XCon&KCon，3日联票】¥2069元，仅限30张

【循变者】¥2090元，XCon2024全场通——含聚焦场演讲+HackingGroup“未来之锋·智创奇迹”技术论坛+展商空间+极客市集

【聚焦者】¥2790元，XCon2024全场通——仅限会议当日现场购买，不支持票券折扣

【“未来之锋·智创奇迹”技术论坛】¥0元，XCon&HackingGroup “未来之锋·智创奇迹”技术论坛+展商空间+极客市集

XCon组委会

CVE-2024-7552 | DataGear up to 5.0.0 Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection (IAF3H7)

VulDB Recent Entries

8 months 1 week ago

A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. This vulnerability is known as CVE-2024-7552. The attack can be launched remotely. Furthermore, there is an exploit available.

vuldb.com

Селфи вместо пропуска: как изменится доступ на стадионы НФЛ

Securitylab.ru

8 months 1 week ago

Что скрывается за улыбкой болельщика на матче?

Authorities have Uncovered USD 40 Million from Hackers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

8 months 1 week ago

Singapore authorities have successfully intercepted and reclaimed over USD 40 million defrauded in a sophisticated business email compromise (BEC) scam. The operation, facilitated by INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism, marks the largest-ever recovery of fraudulently obtained funds in Singapore’s history. The Scam Unveiled On 23 July 2024, a commodity firm based in […]

The post Authorities have Uncovered USD 40 Million from Hackers appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Divya

FreeBuf早报 | secureserver.net域被滥用；朝鲜黑客攻击韩国建筑和机械行业

FreeBuf互联网安全新媒体平台

8 months 1 week ago

该活动的初始访问载体是托管在secureserver[.]net上的恶意URL，该域名以提供域名注册和网站托管服务而闻名。

攻击者是如何绕过EDR/XDR的——对此我们又该怎么做？

数世咨询

8 months 1 week ago

攻击者要想攻击成功，一定会想办法绕过EDR/XDR且不被发现。他们是如何做到的呢？本文将讲到三个关键点。

CVE-2024-7551 | juzaweb CMS up to 3.4.2 Theme Editor default path traversal

VulDB Recent Entries

8 months 1 week ago

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-7551. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Gartner 安全运营成熟度曲线：XDR、SOAR 泡沫破裂；EDR、SIEM 进入生产成熟期

HackerNews

8 months 1 week ago

日前，Gartner 发布了最新的安全运营成熟度曲线报告（Gartner Hype Cycle for Security Operations, 2024），报告将与安全运营相关的 23 项热点技术按照新技术通往成熟必经的过程进行划分，为技术萌芽期、期望膨胀期、泡沫破裂低谷期、稳步爬升复苏期、生产成熟期五个阶段。此次报告出现了像对抗性暴露面验证，暴露面评估平台这些新的技术热点，也有过去被认为大热的技术比如 SOAR，在达到成熟大面积应用之前就已过时。 Gartner Hype Cycle for Security Operations, 2024：面对不断变化的威胁态势，企业率先采用新兴技术可能获得巨大收益，另一方面也可能承担更大的风险，因此识别技术投入的优先级变得尤为重要。 Gartner 根据对企业产生的价值以及技术的目标市场覆盖度，对这些技术进行了应用优先级评估，从而帮助企业安全或信息负责人制定安全战略路线，在恰当时间做出更明智的投资决策。 Gartner Hype Cycle for Security Operations, 2024：优先级矩阵新出的这份报告，有几点关键洞察值得关注： TEM、CPS 安全、CAASM 进入期望膨胀期（Peak of Inflated Expectations），需谨慎 Gartner 认为全球企业对于攻击面的关注达到了顶峰，企业利用威胁暴露面管理（TEM）、网络资产攻击面管理（CAASM）、网络物理系统安全（CPS），以及渗透测试即服务（Penetration Testing as a Service）等不同的技术，来提升对于不断扩大的攻击面的可见性，或者验证网络的弹性。但是，对于这些正处在期望膨胀期的安全技术，Gartner 的建议是企业内部需要提前考虑清楚自身的需求，再开始寻找供应商，或向安全厂商提具体的需求，不然最后很可能受到对当前技术过高的期待影响，而产生一些不切实际的期待。 MDR、NDR、TI 及 CO-MMS 市场价值显著，稳步爬升对于托管检测和响应服务（MDR）、网络检测和响应（NDR）、威胁情报（Threat Intelligence）以及共管监控服务（Co-Managed Monitoring Services）这几项技术，早期的采用者已经克服了此前的各种障碍，2024年开始为企业带来显著的价值和收益，焕发了新的生机。例如，像威胁情报技术对企业属于高收益，目标用户市场渗透率已达到20%-50%，当前已进入成熟主流阶段。对于处在该阶段的安全技术，Gartner建议重点进行评估及应用，弥补企业自身在威胁检测以及情报应用上成熟度的不足。 XDR、SOAR 等进入泡沫破裂低谷期（Trough of Disillusionment），需重新评估 2024 年，安全负责人需要对这几项技术进行重新评估，例如数字取证与事件响应（Digital Forensics and Incident Response)，应用过这些技术的大多数企业都出现过被过度承诺结果的情况。再比如外部攻击面管理（External Attack Surface Management)，身份威胁检测和响应（Identity Threat Detection and Response），在实际应用的过程中，甲方企业对这些技术进行消费和运营业务输出时，准备不足。对于安全编排自动化响应（SOAR）以扩展检测和响应 (XDR)，面临的问题主要是采用的这些技术跟不上持续变化的需求。 Gartner 建议，企业既需要重新评估这些技术，也需要提升对预算分配与规划的合理性。 EDR、SIEM 进入生产成熟期（Plateau of Productivity）报告指出，终端检测与响应（EDR）、安全信息与事件管理（SIEM)两项技术目前均已达到成熟阶段，其中 EDR 对于企业而言收益高，且目标用户市场渗透率达到了 50%；而SIEM目前的目标用户市场渗透率达到 20%-50%。 Gartner 认为处于这个阶段的技术已得到广泛应用，而且技术价值和优势也得到了充分证明，建议安全风险部门负责人充分利用该阶段技术降低风险，并将其功能整合应用到更大范围的安全运用生态体系中。尽管这份报告可以看作是全球安全运营技术的风向标，但国内外在技术成熟度和实践上无疑仍存在一定“时间差”和“实践差”，并不完全同频。例如国内终端安全管理平台更多以杀软、桌管包装成 EDR，真正的 EDR 技术在国内尚处于起步阶段，只有少数厂商聚焦在高精准度的 EDR 能力上；国内安全服务市场，更多以 MSS 安全托管服务为主，MDR 发展相对较为早期，企业需要更加务实地看待当前网络安全运营中不同技术市场的发展。转自Freebuf，原文链接：https://www.freebuf.com/news/407888.html 封面来源于网络，如有侵权请联系删除

内容转载

Windows 11 市场份额突破三成

Solidot

8 months 1 week ago

随着 Windows 10 即将于 2025 年 10 月终止支持，越来越多的用户开始转向 Windows 11，其市场份额终于突破了三成。根据 Statcounter 的统计，2024 年 7 月的 Windows 桌面操作系统中，Windows 11 的比例达到了 30.82%，一个月内增长了 1.08%，比去年 7 月增长 7.17%。 Windows 10 的份额仍然高举第一占 65%，上个月下降 1.06%，比去年同期下降 11.15%。在其它停止支持的 Windows 版本中，Win7 3.04%，Win8.1 0.42%，WinXP 0.38%，Win8 0.24%。

《每日开源》获取每日开源信息！

情报分析师

8 months 1 week ago

在这个信息爆炸的时代，开源情报已成为一种潮流和趋势。越来越多的人开始关注开源，参与到开源情报的行列中来。

【人物调研】克里姆林宫的关键人物：德米特里·米罗诺夫

情报分析师

8 months 1 week ago

德米特里·米罗诺夫（Dmitry Mironov）是一个在俄罗斯政治舞台上相对低调但影响力日增的人物。

CVE-2024-7084 | Ernest Marcinko Ajax Search Lite Plugin up to 4.12.0 on WordPress cross site scripting

VulDB Recent Entries

8 months 1 week ago

A vulnerability was found in Ernest Marcinko Ajax Search Lite Plugin up to 4.12.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-7084. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-7082 | Easy Table of Contents Plugin up to 2.0.67 on WordPress cross site scripting

VulDB Recent Entries

8 months 1 week ago

A vulnerability has been found in Easy Table of Contents Plugin up to 2.0.67 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7082. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-6766 | WP-FeedStats shortcodes-ultimate-pro Plugin up to 7.2.0 on WordPress Shortcode Attribute cross site scripting

VulDB Recent Entries

8 months 1 week ago

A vulnerability, which was classified as problematic, was found in WP-FeedStats shortcodes-ultimate-pro Plugin up to 7.2.0 on WordPress. This affects an unknown part of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6766. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-6651 | File Upload Plugin up to 4.24.7 on WordPress cross site scripting

VulDB Recent Entries

8 months 1 week ago

A vulnerability, which was classified as problematic, has been found in File Upload Plugin up to 4.24.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-6651. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-6203 | Halo Service Solutions HaloITSM up to 2.146.0 Password Reset Token password recovery

VulDB Recent Entries

8 months 1 week ago

A vulnerability classified as problematic was found in Halo Service Solutions HaloITSM up to 2.146.0. Affected by this vulnerability is an unknown functionality of the component Password Reset Token Handler. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2024-6203. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-6202 | Halo Service Solutions HaloITSM up to 2.146.0 SAML XML Signature Wrapping authorization

VulDB Recent Entries

8 months 1 week ago

A vulnerability classified as problematic has been found in Halo Service Solutions HaloITSM up to 2.146.0. Affected is an unknown function of the component SAML XML Signature Wrapping. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2024-6202. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-6201 | Halo Service Solutions HaloITSM up to 2.146.0 Template information disclosure

VulDB Recent Entries

8 months 1 week ago

A vulnerability was found in Halo Service Solutions HaloITSM up to 2.146.0. It has been rated as problematic. This issue affects some unknown processing of the component Template Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-6201. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

How to Secure Your Organization from Shadow IT?

Security Boulevard

8 months 1 week ago

“Shadow IT” isn’t just a catchy term; it goes beyond official procedures. It also shows unmet employee tech needs and perceived problems in company processes. What’s worse is that shadow IT can make your system more vulnerable to attacks, put compliance at risk, and lead to scattered and poor IT operations. The risk isn’t just […]

The post How to Secure Your Organization from Shadow IT? appeared first on Kratikal Blogs.

The post How to Secure Your Organization from Shadow IT? appeared first on Security Boulevard.

Shikha Dhingra

Aggregator

Managed ad