Aggregator

九月榜单终于来啦

全业务通用漏洞四倍11.25~12.1 科技业务专项双倍11.25~12.6

实现优秀的网络覆盖性能和实时防御能力

A vulnerability, which was classified as problematic, has been found in Linux Kernel 2.4.x. This issue affects the function sendmsg. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2004-1016. Attacking locally is a requirement. Furthermore, there is an exploit available.

Растущая популярность соцсети вызвала волну преступных действий по краже криптовалюты пользователей.

Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security. In

Новый способ сохранить порядок там, где он обычно отсутствует.

Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and

Security Operations Purchase Brings Cloud-Native XDR, MDR to IT Management Platform
With Adlumin’s cloud-native XDR and MDR services, N-able consolidates its position as a leader in IT management. Buying the Washington D.C.-based security operations vendor for up to $266 million drives value through AI-powered threat detection and compliance solutions tailored for MSPs.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability
• CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
• CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released seven Industrial Control Systems (ICS) advisories on November 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-326-01 Automated Logic WebCTRL Premium Server
• ICSA-24-326-02 OSCAT Basic Library
• ICSA-24-326-03 Schneider Electric Modicon M340, MC80, and Momentum Unity M1E
• ICSA-24-326-04 Schneider Electric Modicon M340, MC80, and Momentum Unity M1E
• ICSA-24-326-05 Schneider Electric EcoStruxure IT Gateway
• ICSA-24-326-06 Schneider Electric PowerLogic PM5300 Series
• ICSA-24-326-07 mySCADA myPRO Manager

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity.

This advisory provides comprehensive technical details of the Red Team’s cyber threat activity, including their attack path to compromise a domain controller and human machine interface (HMI), which serves as a dashboard for operational technology (OT).

CISA encourages all critical infrastructure organizations, network defenders, and software manufacturers to review and implement the recommendations and practices to mitigate the threat posed by malicious cyber actors and to improve their cybersecurity posture.

For more information on the most common and impactful threats, tactics, techniques, and procedures, see CISA’s Cross-Sector Cybersecurity Performance Goals. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.

The National Construction Safety Team has reached an important milestone in its investigation into the 2021 partial collapse of Champlain Towers South.

In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published

Основной канал поставок — маркетплейсы с минимальным контролем.

Пятеро хакеров-невидимок стали фигурантами дела скандальной группировки.

Ubuntu Linux 默认使用的 needrestart 工具发现了 5 个本地提权漏洞，该漏洞是在 2014 年 4 月释出的 needrestart v0.8 中引入的，刚刚释出的 v3.8 修复了漏洞。漏洞允许本地访问的攻击者将权限提升到 root。五个漏洞分别编号为 CVE-2024-48990、CVE-2024-48991、CVE-2024-48992、CVE-2024-10224 和 CVE-2024-11003。Needrestart 被用于识别包更新后需要重新启动的服务，确保服务运行最新版本的共享库。