Aggregator

Even with the growing focus on innovation, fear, uncertainty, and doubt (FUD) continue to influence how some perceive AI advancements in cybersecurity. Often, the narrative focuses on how AI enables nefarious actors—think automated phishing campaigns, AI-enhanced deepfakes and sophisticated evasion techniques. This framing overshadows the potential positive role of AI, like in AI-augmented security operations centers (SOCs). Let’s delve into ... Read More

The post Is an AI-augmented SOC The Way Forward? appeared first on Nuspire.

The post Is an AI-augmented SOC The Way Forward? appeared first on Security Boulevard.

青藤，让云更安全

Стартап Aetherflux построит первую космическую электростанцию.

“黑猫”广撒网盗窃密币、挖矿，中招企业极多！

土耳其是较早开启数据保护立法趋势的国家之一。7月10日，土耳其个人数据保护局发布了《个人数据跨境传输程序及原则条例》，对《个人数据保护法》第9条个人数据跨境传输的细节和原则进行补充规定。

近日，国家安全部发文《隐秘的测绘 秘密的泄露》披露，某境外企业通过与我国具有测绘资质的公司合作，以开展汽车智能驾驶研究为掩护，在我国内非法开展地理信息测绘活动。消息一经发布，引发了网民关于“谁是间谍”的猜想。

9月12日，国家数据局城市全域数字化转型工作现场推进会在重庆召开，就下一步如何推进城市数字化做出了明确指引。会议进一步强调，要注重开放协作，优化发展生态，围绕城市全域数字化转型的规划咨询、建设实施、运营运维三大类经营主体，加强正向引导……

中国常驻联合国代表傅聪21日在安理会“科学发展对国际和平与安全的影响”公开会上发言表示，科技是把“双刃剑”，需要统筹发展和安全，既鼓励创新又管控风险，让科技发展真正造福各国和各国人民。

数据标准是国家标准体系的重要组成部分，在数据要素市场化配置改革中具有基础性、全局性和引领性作用，构建国家数据标准体系，已成为推动数据技术创新应用、促进数据产业高质量发展、建设和运营国家数据基础设施、加快建设全国统一数据市场的重要支撑。

此次征求意见的时间是2024年10月21日至11月20日。

欢迎订阅《中国信息安全》杂志！

快去一试身手

AI和硬件hacking都在增长

Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. [...]

A vulnerability has been found in Nioland Plugin up to 1.2.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument s leads to cross site scripting. This vulnerability is known as CVE-2024-10250. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Helakuru Desktop Application 1.1. Affected is an unknown function in the library wow64log.dll. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2024-48605. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Y Soft SAFEQ 6 Build 53. This issue affects some unknown processing of the component YSoft SafeQ Web Application. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-23861. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Collabtive 3.1. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. This vulnerability was named CVE-2024-46240. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Umbraco CMS up to 14.3.0. This affects an unknown part of the component Dictionary Section. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-47819. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.