网络资产隐患丛生 攻击面管理如何化解
从攻击者视角发现弱点,提升资产可见性,识别评估和响应潜在威胁。
Aggregator
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
1 year 5 months ago
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. [...]
Bill Toulas
Code Red: How KnowBe4 Exposed a North Korean IT Infiltration
1 year 5 months ago
Meta Tests Facial Recognition to Curb Deepfake Scams
1 year 5 months ago
Firm Won't Deploy Feature in the EU, UK Due to Data Collection Norms
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.
AI Industry Coalition Seeks to Codify US Safety Institute
1 year 5 months ago
Tech Giants, AI Firms, Academics Urge Congress to Take Action by Term-End
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.
Code Red: How KnowBe4 Exposed a North Korean IT Infiltration
1 year 5 months ago
Meta Tests Facial Recognition to Curb Deepfake Scams
1 year 5 months ago
Firm Won't Deploy Feature in the EU, UK Due to Data Collection Norms
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.
AI Industry Coalition Seeks to Codify US Safety Institute
1 year 5 months ago
Tech Giants, AI Firms, Academics Urge Congress to Take Action by Term-End
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.
我用一招「隐藏术」,PUA 了所有大模型
1 year 5 months ago
别担心AI控制人类了,PUA大模型是分分钟的事儿。
CVE-2024-9949 | Forescout SecureConnector up to 11.3.5 on Windows Configuration File insecure default initialization of resource
1 year 5 months ago
A vulnerability was found in Forescout SecureConnector up to 11.3.5 on Windows. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Configuration File Handler. The manipulation leads to insecure default initialization of resource.
This vulnerability is handled as CVE-2024-9949. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com
筑牢数字安全屏障,360中标中国移动终端安全软件产品集采项目
1 year 5 months ago
360中标中移动集采
在德华裔男子通过小红书寻找性侵猎物,法兰克福及周边发生四起连环性侵案,专门针对单身女房东
1 year 5 months ago
出门在外,善自珍重,女性更应保护自己。不合常理的紧急求租更要小心。
CVE-2024-49756 | AshPostgres up to 2.4.9 file access (GHSA-hf59-7rwq-785m)
1 year 5 months ago
A vulnerability was found in AshPostgres up to 2.4.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to files or directories accessible.
This vulnerability is known as CVE-2024-49756. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-9374 | Terms Descriptions Plugin up to 3.4.6 on WordPress cross site scripting
1 year 5 months ago
A vulnerability was found in Terms Descriptions Plugin up to 3.4.6 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2024-9374. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
默安科技攻击队勇夺湖北省“HW2024”网络攻防实战演习魁首!
1 year 5 months ago
实至名归!
CVE-2024-20388 | Cisco Firepower Management Center up to 7.4.1.1 cross site scripting (cisco-sa-fmc-xss-infodisc-RL4mJFer)
1 year 5 months ago
A vulnerability was found in Cisco Firepower Management Center and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-20388. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20387 | Cisco Firepower Management Center up to 7.4.1.1 cross site scripting (cisco-sa-fmc-xss-infodisc-RL4mJFer)
1 year 5 months ago
A vulnerability has been found in Cisco Firepower Management Center and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-20387. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20377 | Cisco Firepower Management Center up to 7.4.1.1 cross site scripting (cisco-sa-fmc-xss-infodisc-RL4mJFer)
1 year 5 months ago
A vulnerability, which was classified as problematic, was found in Cisco Firepower Management Center. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-20377. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20382 | Cisco ASA/Firepower Threat Defense VPN Web Client Services cross site scripting (cisco-sa-asaftd-xss-yjj7ZjVq)
1 year 5 months ago
A vulnerability, which was classified as problematic, has been found in Cisco ASA and Firepower Threat Defense. Affected by this issue is some unknown functionality of the component VPN Web Client Services. The manipulation leads to basic cross site scripting.
This vulnerability is handled as CVE-2024-20382. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20341 | Cisco ASA/Firepower Threat Defense VPN Web Client Services cross site scripting (cisco-sa-asaftd-xss-yjj7ZjVq)
1 year 5 months ago
A vulnerability classified as problematic was found in Cisco ASA and Firepower Threat Defense. Affected by this vulnerability is an unknown functionality of the component VPN Web Client Services. The manipulation leads to basic cross site scripting.
This vulnerability is known as CVE-2024-20341. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com