Aggregator

日前，Gartner 发布了最新的安全运营成熟度曲线报告（Gartner Hype Cycle for Security Operations, 2024），报告将与安全运营相关的 23 项热点技术按照新技术通往成熟必经的过程进行划分，为技术萌芽期、期望膨胀期、泡沫破裂低谷期、稳步爬升复苏期、生产成熟期五个阶段。 此次报告出现了像对抗性暴露面验证，暴露面评估平台这些新的技术热点，也有过去被认为大热的技术比如 SOAR，在达到成熟大面积应用之前就已过时。 Gartner Hype Cycle for Security Operations, 2024： 面对不断变化的威胁态势，企业率先采用新兴技术可能获得巨大收益，另一方面也可能承担更大的风险，因此识别技术投入的优先级变得尤为重要。 Gartner 根据对企业产生的价值以及技术的目标市场覆盖度，对这些技术进行了应用优先级评估，从而帮助企业安全或信息负责人制定安全战略路线，在恰当时间做出更明智的投资决策。 Gartner Hype Cycle for Security Operations, 2024： 优先级矩阵 新出的这份报告，有几点关键洞察值得关注： TEM、CPS 安全、CAASM 进入期望膨胀期（Peak of Inflated Expectations），需谨慎 Gartner 认为全球企业对于攻击面的关注达到了顶峰，企业利用威胁暴露面管理（TEM）、网络资产攻击面管理（CAASM）、网络物理系统安全（CPS），以及渗透测试即服务（Penetration Testing as a Service）等不同的技术，来提升对于不断扩大的攻击面的可见性，或者验证网络的弹性。 但是，对于这些正处在期望膨胀期的安全技术，Gartner 的建议是企业内部需要提前考虑清楚自身的需求，再开始寻找供应商，或向安全厂商提具体的需求，不然最后很可能受到对当前技术过高的期待影响，而产生一些不切实际的期待。 MDR、NDR、TI 及 CO-MMS 市场价值显著，稳步爬升 对于托管检测和响应服务（MDR）、网络检测和响应（NDR）、威胁情报（Threat Intelligence）以及共管监控服务（Co-Managed Monitoring Services）这几项技术，早期的采用者已经克服了此前的各种障碍，2024年开始为企业带来显著的价值和收益，焕发了新的生机。 例如，像威胁情报技术对企业属于高收益，目标用户市场渗透率已达到20%-50%，当前已进入成熟主流阶段。对于处在该阶段的安全技术，Gartner建议重点进行评估及应用，弥补企业自身在威胁检测以及情报应用上成熟度的不足。 XDR、SOAR 等进入泡沫破裂低谷期（Trough of Disillusionment），需重新评估 2024 年，安全负责人需要对这几项技术进行重新评估，例如数字取证与事件响应（Digital Forensics and Incident Response)，应用过这些技术的大多数企业都出现过被过度承诺结果的情况。 再比如外部攻击面管理（External Attack Surface Management)，身份威胁检测和响应（Identity Threat Detection and Response），在实际应用的过程中，甲方企业对这些技术进行消费和运营业务输出时，准备不足。 对于安全编排自动化响应（SOAR）以扩展检测和响应 (XDR)，面临的问题主要是采用的这些技术跟不上持续变化的需求。 Gartner 建议，企业既需要重新评估这些技术，也需要提升对预算分配与规划的合理性。 EDR、SIEM 进入生产成熟期（Plateau of Productivity） 报告指出，终端检测与响应（EDR）、安全信息与事件管理（SIEM)两项技术目前均已达到成熟阶段，其中 EDR 对于企业而言收益高，且目标用户市场渗透率达到了 50%；而SIEM目前的目标用户市场渗透率达到 20%-50%。 Gartner 认为处于这个阶段的技术已得到广泛应用，而且技术价值和优势也得到了充分证明，建议安全风险部门负责人充分利用该阶段技术降低风险，并将其功能整合应用到更大范围的安全运用生态体系中。 尽管这份报告可以看作是全球安全运营技术的风向标，但国内外在技术成熟度和实践上无疑仍存在一定“时间差”和“实践差”，并不完全同频。 例如国内终端安全管理平台更多以杀软、桌管包装成 EDR，真正的 EDR 技术在国内尚处于起步阶段，只有少数厂商聚焦在高精准度的 EDR 能力上；国内安全服务市场，更多以 MSS 安全托管服务为主，MDR 发展相对较为早期，企业需要更加务实地看待当前网络安全运营中不同技术市场的发展。   转自Freebuf，原文链接：https://www.freebuf.com/news/407888.html 封面来源于网络，如有侵权请联系删除

随着 Windows 10 即将于 2025 年 10 月终止支持，越来越多的用户开始转向 Windows 11，其市场份额终于突破了三成。根据 Statcounter 的统计，2024 年 7 月的 Windows 桌面操作系统中，Windows 11 的比例达到了 30.82%，一个月内增长了 1.08%，比去年 7 月增长 7.17%。 Windows 10 的份额仍然高举第一占 65%，上个月下降 1.06%，比去年同期下降 11.15%。在其它停止支持的 Windows 版本中，Win7 3.04%，Win8.1 0.42%，WinXP 0.38%，Win8 0.24%。

在这个信息爆炸的时代，开源情报已成为一种潮流和趋势。越来越多的人开始关注开源，参与到开源情报的行列中来。

德米特里·米罗诺夫（Dmitry Mironov）是一个在俄罗斯政治舞台上相对低调但影响力日增的人物。

A vulnerability was found in Ernest Marcinko Ajax Search Lite Plugin up to 4.12.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-7084. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Easy Table of Contents Plugin up to 2.0.67 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7082. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WP-FeedStats shortcodes-ultimate-pro Plugin up to 7.2.0 on WordPress. This affects an unknown part of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6766. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in File Upload Plugin up to 4.24.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-6651. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Halo Service Solutions HaloITSM up to 2.146.0. Affected by this vulnerability is an unknown functionality of the component Password Reset Token Handler. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2024-6203. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Halo Service Solutions HaloITSM up to 2.146.0. Affected is an unknown function of the component SAML XML Signature Wrapping. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2024-6202. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Halo Service Solutions HaloITSM up to 2.146.0. It has been rated as problematic. This issue affects some unknown processing of the component Template Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-6201. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

“Shadow IT” isn’t just a catchy term; it goes beyond official procedures. It also shows unmet employee tech needs and perceived problems in company processes. What’s worse is that shadow IT can make your system more vulnerable to attacks, put compliance at risk, and lead to scattered and poor IT operations. The risk isn’t just […]

The post How to Secure Your Organization from Shadow IT? appeared first on Kratikal Blogs.

The post How to Secure Your Organization from Shadow IT? appeared first on Security Boulevard.

戳我立即查看

我们在山石CTF夏令营等你！！！

Nvidia тайно собирала миллионы видео с YouTube для обучения ИИ.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A critical zero-day vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system, has been discovered that could allow unauthenticated attackers to execute arbitrary code remotely. The flaw, tracked as CVE-2024-38856 with a CVSS score of 9.8, affects all versions of Apache OFBiz up to and including 18.12.14. The vulnerability was uncovered by researchers […]

The post Apache OFBiz Zero-Day Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.