审计发现 FBI 的数据存储管理存在重大漏洞
据The Hacker News消息,美国司法部监察长办公室 (OIG) 的一项审计发现, FBI 在库存管理和处置涉及机密信息的电子存储媒体方面存在“重大漏洞”。OIG 的审计显示,FBI 对包含敏感但未分类 (SBU) 、存储机密国家安全信息 (NSI) 的电子介质库存管理存在三大主要问题:一旦电子存储介质(例如内部硬盘驱动器和 U 盘)从较大的设备中提取出来,FBI 就无法充分进行追踪,增加
Aggregator
IBM 关闭中国研发部门
5 months 1 week ago
IBM 将彻底关闭中国研发部门,涉及员工逾千人。IBM 中国在一份声明中称:“IBM 会根据需要调整运营,为客户提供最佳服务,这些变化不会影响我们为大中华区客户提供支持的能力。”声明还提到,中国企业,尤其是民营企业,越来越重视抓住混合云和人工智能技术带来的机遇,而 IBM 在中国的本地战略重点则是利用我们在技术和咨询方面的丰富经验,组建具备相应技能的团队,帮助中国客户共创符合他们需求的解决方案。
IBM 强调未来将转向服务中国的民营企业以及部分在中国的跨国企业,但金融、能源等关键领域的大型国企才是 IBM 过去最重要的大客户。此次研发部门关闭涉及的业务线主要有两条,一个是 IBM 中国开发中心(CDL),另一个是 IBM 中国系统中心(CSL),主要负责研发和测试。IBM 将为相关员工提供 N+3 的赔偿。
Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0
5 months 1 week ago
The NIST Cybersecurity Framework (CSF) has long served as a cybersecurity cornerstone, offering a structured approach to managing and improving cybersecurity risk. With the release of NIST CSF 2.0, organizations are poised to benefit from updated guidelines that reflect the latest cybersecurity practices and challenges. Understanding NIST CSF 2.0 The NIST CSF 2.0 release date, […]
The post Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0 appeared first on Centraleyes.
The post Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0 appeared first on Security Boulevard.
Rebecca Kappel
小鼠研究显示通用流感候选疫苗引发强免疫反应
5 months 1 week ago
美国克利夫兰诊所勒纳研究所科学家报告称,在小鼠身上开展的测试结果显示,他们开发的通用流感候选疫苗引发了强烈的免疫反应,且能在动物接触病毒后保护其免受严重感染。论文发表于最新一期《病毒学杂志》。研究人员表示,他们计划在 1-3 年内启动该候选疫苗的人体临床试验,最终研制出一款能跨越不同季节,并应对所有流感菌株的通用疫苗。流感病毒不断演变,现在每年可用的流感疫苗都是为抵御预计当年会流行的特定毒株而定制的。科学家希望开发出通用流感疫苗。研究人员使用“计算优化的广泛反应性抗原”(COBRA)方法,设计出了这款候选疫苗。他们首先从在线数据库下载了数千个跨越多个季节的致病性流感毒株的基因序列,然后对这些序列进行了数字分析,以确定哪些氨基酸(蛋白的组成部分)跨越不同季节,并出现在每种病毒中。这款候选疫苗的使用方式为鼻内给药。血液测试显示,4 周后小鼠已经产生了针对病毒的抗体,接触病原体后不会感染。
安全动态回顾|北京市国家网络安全宣传周网络安全作品征集活动开始 石油巨头Halliburton遭受网络攻击导致系统关闭
5 months 1 week ago
往期回顾:
胡金鱼
CVE-2014-5624 | Fungames-forfree Sniper Shooter Free - Fun Game 2.8 X.509 Certificate cryptographic issues (VU#582497)
5 months 1 week ago
A vulnerability was found in Fungames-forfree Sniper Shooter Free - Fun Game 2.8. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues.
This vulnerability is known as CVE-2014-5624. The attack needs to be done within the local network. There is no exploit available.
vuldb.com
Telegram 首席执行官 Pavel Durov在法国因涉嫌内容监管不力被捕
5 months 1 week ago
安全客
美国 CISA 将 Versa Director 漏洞添加到其已知利用漏洞目录中
5 months 1 week ago
安全客
新型 Linux 恶意软件 ”sedexp” 利用 udev 规则隐藏信用卡盗刷器
5 months 1 week ago
安全客
CVE-2024-6879 | Quiz and Survey Master Plugin up to 9.1.0 on WordPress cross site scripting
5 months 1 week ago
A vulnerability has been found in Quiz and Survey Master Plugin up to 9.1.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-6879. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
黑客可以接管 Ecovacs 家用机器人来监视它们的主人
5 months 1 week ago
安全客
CVE-2024-7313 | Shield Security Plugin up to 20.0.5 on WordPress cross-site request forgery
5 months 1 week ago
A vulnerability, which was classified as problematic, was found in Shield Security Plugin up to 20.0.5 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2024-7313. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
网络犯罪分子部署新的恶意软件,通过 Android 的近场通信 (NFC) 窃取数据
5 months 1 week ago
安全客
CVE-2024-8073 | Hillstone Networks Web Application Firewall up to 5.5R6-2.8.13 command injection
5 months 1 week ago
A vulnerability, which was classified as very critical, has been found in Hillstone Networks Web Application Firewall up to 5.5R6-2.8.13. This issue affects some unknown processing. The manipulation leads to command injection.
The identification of this vulnerability is CVE-2024-8073. The attack may be initiated remotely. There is no exploit available.
vuldb.com
网络钓鱼攻击通过渐进式网页应用(PWA)针对移动用户
5 months 1 week ago
安全客
CVE-2024-45258 | req Package up to 3.43.3 on Go URL cleanHost missing initialization
5 months 1 week ago
A vulnerability classified as critical was found in req Package up to 3.43.3 on Go. This vulnerability affects the function cleanHost of the component URL Handler. The manipulation leads to missing initialization of a variable.
This vulnerability was named CVE-2024-45258. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8158 | 9front lib9p authorization
5 months 1 week ago
A vulnerability classified as critical has been found in 9front. This affects an unknown part of the component lib9p. The manipulation leads to authorization bypass.
This vulnerability is uniquely identified as CVE-2024-8158. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
新型投递器PEAKLIGHT Downloader 部署在针对 Windows 的恶意电影下载攻击中
5 months 1 week ago
安全客
新恶意软件 Cthulhu Stealer 以 Apple macOS 用户为目标
5 months 1 week ago
安全客
谷歌 Chrome 浏览器更新修复了被恶意利用的漏洞(CVE-2024-7971)
5 months 1 week ago
安全客