Aggregator

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs
5 months ago
Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the […]
Pierluigi Paganini

macOS Sequoia Update Breaks Multiple Security Tools

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months ago

Apple’s latest operating system update, macOS 15, also known as Sequoia, has disrupted the functionality of several prominent security tools. Users and developers have taken to social media and Mac-focused Slack channels to express their frustration over the issues caused by the update. Security tools from companies like CrowdStrike, SentinelOne, Microsoft, and others have reportedly […]

The post macOS Sequoia Update Breaks Multiple Security Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2024-8606 | Checkmk up to 2.2.0p33/2.3.0p15 Two Factor Authentication authorization

VulDB Recent Entries
5 months ago
A vulnerability was found in Checkmk up to 2.2.0p33/2.3.0p15. It has been rated as critical. This issue affects some unknown processing of the component Two Factor Authentication. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2024-8606. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-7846 | YITH WooCommerce Ajax Search Plugin up to 2.7.0 on WordPress Block Attribute cross site scripting

VulDB Recent Entries
5 months ago
A vulnerability was found in YITH WooCommerce Ajax Search Plugin up to 2.7.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Block Attribute Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7846. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-8758 | Quiz and Survey Master Plugin up to 9.1.2 on WordPress Setting cross site scripting

VulDB Recent Entries
5 months ago
A vulnerability was found in Quiz and Survey Master Plugin up to 9.1.2 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8758. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2016-7274 | Microsoft Windows Vista SP2 up to Server 2016 Uniscribe LoadUvsTable data processing (MS16-147 / MS16-147/MS17-013)

Vuldb Updates
5 months ago
A vulnerability classified as critical has been found in Microsoft Windows. This affects the function LoadUvsTable of the component Uniscribe. The manipulation leads to data processing error. This vulnerability is uniquely identified as CVE-2016-7274. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Bruce Schneier 认为以色列的袭击改变了世界

Solidot
5 months ago
安全专家 Bruce Schneier 认为以色列的袭击改变了世界。以色列通过引爆在传呼机和对讲机等个人使用的无线设备中植入的塑料炸弹而杀死了至少 37 人。这一行动令世界震惊,但以色列所使用的方法并不新颖,该国以前就通过渗透供应链在设备中植入塑料炸弹。此次行动的新颖之处在于其毁灭性和公开性,凸显了日益扩大的灰色地带。供应链很脆弱,我们更脆弱,计算机、汽车、冰箱、家用恒温器等等各种电子设备提供了无处不在的目标。国际供应链中的任何国家和个人都可能破坏设备。在以色列跨过界限之后,其它国家几乎肯定会认为这种策略是可接受的。它可以在战争期间对军队展开,也可以在战前对平民展开。发达国家将特别容易受到攻击,因为国民拥有太多容易遭到攻击的电子设备。

CVE-2016-7295 | Microsoft Windows 10/Server 2016 Log File System Driver information disclosure (MS16-153 / Nessus ID 95770)

Vuldb Updates
5 months ago
A vulnerability has been found in Microsoft Windows 10/Server 2016 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Log File System Driver. The manipulation leads to information disclosure. This vulnerability is known as CVE-2016-7295. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months ago

FreeBSD has disclosed a critical remote code execution (RCE) vulnerability affecting its bhyve hypervisor. This vulnerability, CVE-2024-41721, could allow attackers to execute malicious code on the host system. The advisory, which was announced on September 19, 2024, credits Synacktiv with discovering the flaw. CVE-2024-41721 – Vulnerability Details As per a report by FreeBSD, the vulnerability […]

The post FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

@所有人 邀请函已送达!等一个靓仔slay全场~| FCIS 2024「白帽大会」议题征集

FreeBuf互联网安全新媒体平台
5 months ago
没有时间怀念中秋假期啦,马上赶到现场的是——FCIS 2024 「白帽大会」议题征集!你是否身负高超技术,却苦于没有交流的舞台…你是否正在摸索前路,急需一颗指路的启明星…宝剑愈磨愈利,真理愈辩愈明十年磨剑,只待今朝期待你拿起话筒,slay全场!PART.01关于FCISFCIS 2024网络安全创新大会(2024 FreeBuf Cyber Security Innovation Summit,简

CVE-2016-7390 | NVIDIA Graphics Driver up to 341/369.58/375.62 on Quadro/NVS/GeForce Kernel Mode Layer nvlddmkm.sys DxgDdiEscape access control (EDB-40658 / Nessus ID 94576)

Vuldb Updates
5 months ago
A vulnerability was found in NVIDIA Graphics Driver up to 341/369.58/375.62 on Quadro/NVS/GeForce. It has been declared as critical. This vulnerability affects the function DxgDdiEscape in the library nvlddmkm.sys of the component Kernel Mode Layer. The manipulation leads to improper access controls. This vulnerability was named CVE-2016-7390. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

客户案例:CACTER硬件网关精准防护,助力互联网企业安全升级

嘶吼
5 months ago

一、客户背景

某互联网公司是一家银行IT解决方案提供商,专注于金融服务的互联网化和数字化转型,向以银行为主的金融机构提供包括移动银行、网络银行、开放银行、交易银行等一体化的整体解决方案,包括业务创新、架构设计、软件开发、测试及运行维护等,着力推动银行的业务以更高的效率、更好的深度和广度持续发展。

二、安全挑战与需求痛点

1、垃圾邮件泛滥

根据Coremail邮件安全人工智能实验室数据显示,2024年第二季度,国内企业邮箱用户共收到9.1亿封垃圾邮件,总量无论是环比还是同比均呈大幅度增长态势。

该互联网公司在使用CACTER邮件安全网关之前,经常遭受补贴诈骗邮件和内部钓鱼邮件的侵扰,这些安全问题不仅影响了内部沟通效率,也带来了潜在的安全隐患。

2、员工安全意识参差不齐

公司内部员工众多,安全意识参差不齐,难以统一管理。即使进行定期安全培训,但部分员工仍使用弱密码或长期不更换密码,增加了邮箱账号被盗的风险。

3、邮件系统安全维护压力

该互联网公司的IT团队承担着维护整个公司邮件系统安全的重任,但传统的邮件系统往往缺乏有效的安全防护措施,导致邮件安全存在严重的安全隐患,给IT团队带来了巨大的工作压力。

三、解决方案

作为Coremail的老客户,该互联网公司选择了CACTER邮件安全硬件网关V7作为邮件安全防护方案。CACTER邮件安全硬件网关V7以其高效的过滤机制和精准的识别能力,为该互联网公司的邮件系统提供了全方位的安全保障。

“选择邮件安全网关时,(我们)最注重的是产品的安全防护效果,尤其是关键字检测和对垃圾邮件和钓鱼邮件的拦截率。CACTER网关的拦截效果非常显著。”

——该互联网公司IT运维人员段老师

1、安全防护:高效过滤恶意邮件

CACTER邮件安全硬件网关具备强大的垃圾邮件过滤能力,反垃圾准确率高达99.8%。CACTER邮件安全硬件网关基于Coremail邮件安全大数据中心,对每封进出站的邮件进行层层过滤,多角度全方位检测,包括发信行为分析、恶意URL检测、邮件内容特征检测、附件检测等。

针对链接型钓鱼邮件,CACTER邮件安全硬件网关提供了恶意链接保护功能,对投往邮件系统的每一封邮件的链接进行检测保护,首次过滤+二次检测防护,事前拦截、事中提醒、事后追溯结合,为邮件系统的邮件安全进行全方位保护。

2、快速交付:硬件网关部署优势

CACTER邮件安全硬件网关事先预装了操作系统和网关系统,使得设备上架后只需配置好IP和域名等即可使用,无需安装。大大缩短了部署时间,提高了运维效率。

3、方便运维:数据统计与分析

此外,CACTER邮件安全秉承极简运维设计理念,致力于打造流畅、高效的管理体验。CACTER邮件安全硬件网关可对不同时间周期邮件流量进行统计分析,如邮件过滤结果统计分析,垃圾邮件类型统计分析,IP连接情况统计分析等,并提供直观的统计报告。

同时,CACTER邮件安全硬件网关还保留了全量邮件日志,便于管理员进行事后分析,并详细记录威胁邮件的特征信息,以便管理员快速定位威胁情况,制定相应防御措施。

四、客户评价

部署CACTER邮件安全硬件网关后,该互联网公司的邮件系统安全性得到了有效保障,垃圾邮件和钓鱼邮件的拦截率大幅提高。该互联网公司的IT运维人员段老师对CACTER邮件安全网关的安全防护性和高效性给予了高度评价,并给出了9分的高分好评。

“就我而言,CACTER网关中的过滤规则是很有用的。例如内容、发信人、IP频率限制等。”

——该互联网公司IT运维人员段老师

CACTER邮件安全网关将继续以客户的认可为动力,不断追求卓越,通过技术创新,为更多企业提供全面和有效的邮件安全防护解决方案,助力企业构建更加安全可靠的数字化环境。

Coremail邮件安全

Managed ad