Aggregator

文章介绍了网络威胁分析和安全建议，由值班处理员Johannes Ullrich负责，当前威胁级别为绿色。还提供了即将举行的网络应用安全课程信息及相关的网络安全资源链接。

Cybersecurity Awareness Programs Need Focus on Human Risk and Changing Behaviors
Thanks to Cybersecurity Awareness Month, everyone knows security is a priority, but what are we doing differently to change the culture? If our goal is to reduce risk - and not just to meet regulatory expectations - then we need to focus on behavior, not just boxes on a checklist.

23andMe's Ex-CEO Anne Wojcicki Made Privacy Pledge With Successful Bid of $305M
A bankruptcy court gave the green light for TTAM Research Institute - a firm launched by 23andMe's co-founder and former CEO Anne Wojcicki - to buy 23andMe for $305 million. TTAM has promised to uphold the consumer genetics testing firm's current privacy policies and implement more data safeguards.

Google’s Mandiant Warns About Remote Attacks Disrupting Grid Stability
Vulnerabilities in networked devices programmed to instantaneously trip power grid substation circuit breakers could be the means hackers use to cause the next blackout, warn researchers. There are "systemic patterns across substations, utilities and industrial sites worldwide," Mandiant warned.

Iranian-Linked Hackers Claim to Have 100GB of Emails From Trump's Inner Circle
An Iranian hacking group collectively using the pseudonym "Robert" claims to have 100 gigabytes of emails from President Donald Trump's inner circle as Tehran seemingly attempts to project strength in cyberspace in the wake of U.S.-led attacks on three of its key nuclear sites.

Hackers Targeted French Government Entities, ANSSI Said
A hacking campaign linked to Chinese threat actors chained zero-days in Ivanti server software to target French government, defense and media entities, the national cyber agency said. The hacker has similarities to a Chinese threat actor tracked as UNC5174.

Cybersecurity Awareness Programs Need Focus on Human Risk and Changing Behaviors
Thanks to Cybersecurity Awareness Month, everyone knows security is a priority, but what are we doing differently to change the culture? If our goal is to reduce risk - and not just to meet regulatory expectations - then we need to focus on behavior, not just boxes on a checklist.

23andMe's Ex-CEO Anne Wojcicki Made Privacy Pledge With Successful Bid of $305M
A bankruptcy court gave the green light for TTAM Research Institute - a firm launched by 23andMe's co-founder and former CEO Anne Wojcicki - to buy 23andMe for $305 million. TTAM has promised to uphold the consumer genetics testing firm's current privacy policies and implement more data safeguards.

Google’s Mandiant Warns About Remote Attacks Disrupting Grid Stability
Vulnerabilities in networked devices programmed to instantaneously trip power grid substation circuit breakers could be the means hackers use to cause the next blackout, researchers warn. There are "systemic patterns across substations, utilities and industrial sites worldwide," Mandiant warned.

Iranian-Linked Hackers Claim to Have 100GB of Emails From Trump's Inner Circle
An Iranian hacking group collectively using the pseudonym "Robert" claims to have 100 gigabytes of emails from President Donald Trump's inner circle as Tehran seemingly attempts to project strength in cyberspace in the wake of U.S.-led attacks on three of its key nuclear sites.

Hackers Targeted French Government Entities, ANSSI Said
A hacking campaign linked to Chinese threat actors chained zero-days in Ivanti server software to target French government, defense and media entities, the national cyber agency said. The hacker has similarities to a Chinese threat actor tracked as UNC5174.

腾讯云安全基于20余年攻防经验，打造覆盖情报共享、应用的全链路方案，发布《基于威胁情报原子能力的安全产品开发应用实践》，力图打破数据孤岛，释放情报价值，推动安全产品迭代与安全体系效能升级。

微软介绍最年轻安全研究员迪伦，13岁起向微软提交漏洞。为接纳他，微软修改漏洞赏金计划条款至最低13岁。迪伦多次提交漏洞报告，并在黑客活动中获奖。现为高三学生，未来或继续从事网络安全工作。

德国要求苹果和谷歌下架中国AI应用DeepSeek，因其涉嫌违反欧盟GDPR并将数据传输至中国。此事件被视为欧盟AI监管落地的首例，凸显中欧在数据主权、隐私保护和技术竞争上的深层博弈。

A vulnerability was found in Annuaire 1Two 2.2. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2006-4601. The attack can be initiated remotely. Furthermore, there is an exploit available.

0x01 前言前几天在团队群里看见现在可以通过AI使用一张照片制造视频来进行绕过人脸识别功能，于是开始进行思

A vulnerability classified as problematic was found in rizin up to 0.6.2. Affected by this vulnerability is the function meta_set of the file librz/analysis/meta. The manipulation leads to improper neutralization. This vulnerability is known as CVE-2024-31668. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Page Restriction Plugin up to 1.3.6 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-11297. It is possible to initiate the attack remotely. There is no exploit available.