Aggregator

区域医疗中心安全防护建设能给客户带来哪些价值？

以律师函和员工私生活信息为诱饵，大规模投递恶意文件。

Новая модель призвана преобразить соцсети и взаимодействие людей с ИИ.

根据发表在《Nature Aging》上的一项研究，衰老不是渐进发生的，而是到了某个年龄之后会突然加速。研究人员跟踪了 108 名志愿者，他们的年龄在 25-75 岁之间，每隔几个月递交一次血液和粪便样本，以及皮肤、口腔和鼻拭子，持续时间从 1 年到 7 年不等。研究人员评估了 135,000 种分子（RNA、蛋白质和代谢物）和微生物（生活在志愿者肠道和皮肤上的细菌、病毒和真菌）。绝大多数分子和微生物的丰度不是渐进的、按时间顺序发生转变。研究人员发现，重大的转变通常发生在 44 岁和 60 岁左右。44 岁的衰老高峰出乎意料，研究人员最初以为是女性围绝经期（perimenopausal）变化导致的，但发现 40 多岁的男性也产生了类似的变化。第一波变化与心血管疾病相关的分子以及代谢咖啡因、酒精和脂质的能力有关。第二波变化与免疫调节、碳水化合物代谢和肾功能的分子有关。与皮肤和肌肉衰老有关的分子在两个时间点都发生了变化。44 岁的人突然加速衰老可能是因为这是人生中压力最大的时期。

The research identifies a critical security vulnerability in GitHub Actions artifacts, enabling unauthorized access to tokens and secrets within CI/CD pipelines.  Misconfigured workflows in major organizations’ public repositories exposed sensitive information, potentially compromising cloud environments and allowing attackers to inject malicious code into production systems.  By exploiting leaked GitHub tokens, adversaries could manipulate repositories and […]

The post GitHub Vulnerability “ArtiPACKED” Trigger RCE Exploit to Hack Repositories appeared first on Cyber Security News.

一个大模型应用成功的标志是什么？ 首先，这个大模型应用要能完整的解决用户真实的问题。 其次，你要能PK掉New Bing和GPT4。

A vulnerability classified as critical has been found in Dovecot. Affected is an unknown function of the component Message Parser. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-23185. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dovecot. It has been rated as critical. This issue affects some unknown processing of the component Address Header Handler. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2024-23184. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Когда безопасность не приоритет: история одной биотехкомпании.

The recent Federal Communications Commission (FCC) settlement with TracFone Wireless, Inc. (TracFone) for $16 million highlights a critical vulnerability within the mobile telecommunications industry: API security. The investigation revealed unauthorized access to customer data through weaknesses in TracFone's mobile carrier APIs. This incident reminds mobile carriers to prioritize robust API security measures to safeguard customer data and ensure network integrity.

Mobile Carrier APIs: Essential Tools with Potential Risks

Mobile networks rely heavily on APIs to connect with partners, enable customer self-service features, and integrate with third-party applications. While these APIs offer valuable functionalities, they also introduce security risks. Here's a deeper dive into the factors contributing to API vulnerabilities within the mobile landscape:

• Complex Network Ecosystems: Mobile networks are intricate environments with numerous interconnected systems and APIs. Managing and securing these APIs effectively presents a significant challenge for security teams.
• Legacy Infrastructure: Some mobile operators may still utilize older infrastructure not designed with API security as a primary focus. These legacy systems might have inherent vulnerabilities that attackers can exploit.
• Third-Party Integration Landscape: Integrations with third-party applications, while offering additional features and functionality, add complexity to the security landscape. If those third parties have inadequate API security practices, it creates potential entry points for attackers.
• Evolving Threat Landscape: Cybercriminals constantly develop new methods to exploit API vulnerabilities. Traditional security solutions might struggle to keep pace with these ever-evolving threats.

Beyond Financial Penalties: The Devastating Impact of a Data Breach

A data breach involving mobile APIs can cascade, impacting the carrier and its customers. Here's a breakdown of the potential consequences:

• Compromised Customer Identity: Exposed customer information like names, addresses, Social Security numbers, and phone numbers can be used for fraudulent activities like identity theft. This can create significant hardship for customers and damage their financial standing.
• Financial Losses for Customers: Stolen account details can lead to financial fraud and direct customer losses. This can erode trust in the mobile carrier and cause customer churn.
• Regulatory Fines and Compliance Issues: Non-compliance with data security regulations like the FCC's safeguards rule can result in hefty fines. These fines can significantly impact a carrier's profitability.
• Reputational Damage: Data breaches can severely erode customer trust and damage the mobile carrier's reputation. Building trust can be long and arduous, potentially impacting customer acquisition and retention.

Salt Security: Proactive Defense for Mobile Network Security

Salt Security offers a comprehensive API security platform explicitly designed to address the unique challenges mobile carriers face. Our solution leverages advanced AI and machine learning to identify and prevent real-time API attacks. Here's how Salt Security empowers mobile carriers to fortify their networks:

• Comprehensive API Discovery and Inventory: Our platform goes beyond traditional methods to discover all APIs within your network, including potentially hidden "shadow APIs" that might be overlooked by manual processes. This complete visibility allows for a more holistic security approach.
• Real-Time API Attack Detection & Automated Threat Prevention: Salt Security's AI-powered platform continuously analyzes API traffic to identify real-time suspicious activity and potential breaches. This rapid detection lets you immediately act and prevent unauthorized access or data exfiltration attempts.
• Compliance Assurance: Salt Security helps ensure continuous compliance with industry regulations and security standards like the FCC's safeguards rule. This reduces the risk of regulatory fines and allows you to demonstrate your commitment to data security.

Prioritizing API Security: A Strategic Imperative for Mobile Carriers

The TracFone case illustrates the critical need for robust API security in the mobile telecommunications industry. By implementing a comprehensive API security solution like Salt Security, Tracfone would have been protected from and notified of the attacks that lead to PII exposure and unauthorized access to their APIs. In today's digital age, prioritizing API security is not just an option but a strategic imperative for mobile carriers.

If you would like to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post TracFone Breach Underscores Critical Need for Mobile Carrier API Security appeared first on Security Boulevard.

The new approach involves two breath tests separated by a specified time interval.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released eleven Industrial Control Systems (ICS) advisories on August 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-228-01 Siemens SCALANCE M-800, RUGGEDCOM RM1224
• ICSA-24-228-02 Siemens INTRALOG WMS
• ICSA-24-228-03 Siemens Teamcenter Visualization and JT2Go
• ICSA-24-228-04 Siemens SINEC Traffic Analyzer
• ICSA-24-228-05 Siemens LOGO! V8.3 BM Devices
• ICSA-24-228-06 Siemens SINEC NMS
• ICSA-24-228-07 Siemens Location Intelligence
• ICSA-24-228-08 Siemens COMOS
• ICSA-24-228-09 Siemens NX
• ICSA-24-228-10 AVEVA Historian Web Server
• ICSA-24-228-11 PTC Kepware ThingWorx Kepware Server

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

In collaboration with Access Now and other civil society organizations, Citizen Lab exposed a sophisticated attack dubbed as “Rivers of Phishing,” a new phishing campaign that attacks Russia’s enemies globally. The fact-finding efforts revealed that their coordinated spear-phishing targeted particular individuals across multiple countries and sectors of civil society. The threat actor adopted advanced digital […]

The post Rivers Of Phish – New Phishing Campaign Attacks Russia Enemies Globally appeared first on Cyber Security News.

Did you know that 75% of people are already using Generative AI (GenAI) at work? GenAI tools are defined as any artificial intelligence that can generate content such as text, images, videos, code, and other data using generative models, often in response to prompts. Examples include Open AI’s ChatGPT, GitHub’s Copilot, Claude, Dall-E, Gemini, and […]

The post Your Employees are Already Using GenAI. How Will You Communicate the Security Risks? appeared first on CybeReady.

The post Your Employees are Already Using GenAI. How Will You Communicate the Security Risks? appeared first on Security Boulevard.

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an

Ученые разработали способ эффективного формирования терагерцовых лучей.

Data breaches and privacy concerns are all too common today. That’s why the Australian Health Records and Information Privacy Act 2002 (HRIPA) is highly relevant. This legislation ensures that your privacy is rigorously protected when you share your medical history or undergo a procedure. HRIPA mandates strict protocols for healthcare providers, requiring them to handle […]

The post The Key Components of HRIPA Compliance appeared first on Centraleyes.

The post The Key Components of HRIPA Compliance appeared first on Security Boulevard.

Инструмент  поддерживает API различных платформ, что упрощает интеграцию в существующие системы безопасности.