How data sharing, innovation, and regulatory standardization can make it easier for organizations to both...
State-sponsored threat groups targeted emails accounts of Trump and Biden campaign staffers State-backed hackers from...
|漏洞详情 Foxit PhantomPDF Mac和Foxit Reader for Mac都是中国福昕(Foxit)公司的一款基于macOS平台的PDF文档阅读器。 Foxit PhantomPDF Mac 3.4.0.1012及之前版本(macOS)和Foxit Reader 3.4.0.1012及之前版本(macOS)中存在安全漏洞。攻击者可借助特制文件利用该漏洞绕过签名验证。 |参考资料 来源:CONFIRM...
Security firm Lookout has published a report detailing the current state of phishing email attacks...
Credit: cwales / shutterstock Amid the constant stream of news on the coronavirus pandemic, one...
Credit: CC0 Public Domain One’s signature, or autograph if one is famous, is a unique...

RSS Trending Cyber News

  • Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russia's hacking the Bundestag. CISA has a new cybersecurity resource. - The CyberWire
    Nuisance-level hacktivism continues to surround US protests. The Higaisa APT is active in Southeast Asia. Goblin Panda is back, with USB-borne malware. A new strain of ransomware is described: “Tycoon.” The EU considers whether to sanction Russia over the GRU’s hack of Germany’s Bundestag. CISA launches a new public resource for cybersecurity.
  • State-sponsored threat groups targeted email accounts of Trump and Biden campaign staff: Google - www.computing.co.uk
    This webinar will explore the key questions that organisations face when deciding how to manage customer identities – Including those around data management, encryption, password policies, multi-factor authentication, risk management, scaling, and compliance.
  • Fortinet FortiAnalyzer 跨站脚本漏洞
    Fortinet FortiAnalyzer是美国飞塔(Fortinet)公司的一套集中式网络安全报告解决方案。该产品主要用于收集网络日志数据,并通过报告套件对日志中的安全事件、网络流量、Web内容等进行分析、报告、归档操作。 Fortinet FortiAnalyzer 6.2.3及之前版本中的管理员配置文件存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。 来源:MISC 链接:https://fortiguard.com/advisory/FG-IR-20-003 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-6640 来源:www.
  • Warning: Smartphones under Siege
    Security firm Lookout has published a detailing the current state of phishing email attacks targeting smartphones. In the campaigns witnessed by researchers, many of them have the specific aim of infiltrating company networks. According to the report, researchers experienced a rise in such attacks....
  • Mitron app back on Google Play store; safe to download?
    Mitron app is now back on Play Store.(Express photo: Sneha Saha) Mitro app, the so-called Made in India alternative of TikTok is back on Play store after it was removed due to violating privacy policies . Google in its statement had mentioned that if developers at Mitron fix the issues, the app can be resubmitted […]
  • Cybercriminals are now targeting critical electricity infrastructure
    Credit: cwales / shutterstock. The Conversation Amid the constant stream of news on the coronavirus pandemic, one event passed relatively unnoticed. On the afternoon of May 14, a company named Elexon was hacked . You probably haven't heard of it, but Elexon plays a key role in the UK's electricity....
  • Quantum Here Today, Your Data Gone Tomorrow
    Photo: Getty. Active Cypher A good friend provided an excellent image of the present state of data protection; she showed a photo of her golden retriever standing at her yard gate and waiting for her to open the gate, even though the yard's fence is no longer standing. Her dog has learned the rules and […]
  • Google affirme que des hackers chinois et iraniens visent les campagnes de Trump et Biden
    La mémoire de l’ingérence russe plane sur l ‘élection présidentielle américaine de novembre 2020. Les entreprises de cybersécurité, comme les agences de renseignement, se préparent à contrer des tentatives de déstabilisation en provenance de l’étranger.
  • Parlons de racisme avant de parler de technologies
    Cet article est extrait de notre newsletter hebdomadaire Règle30. Nous publions exceptionnellement l’édition du 3 juin 2020 pour vous faire découvrir les sujets que Lucie Ronfaut aborde. Pour la recevoir tous les mercredis, abonnez-vous gratuitement J’ai longtemps travaillé dans un grand journal généraliste.
  • Five building blocks of a robust virtual office
    The first in the series of lockdowns in March this year didn’t offer much time to organisations and companies to work out a planned work-from-home shift of their operations. Though the lockdown norms have been relaxed now, businesses and organisations feel that a significant portion of their....

RSS Vulnerabilities

  • State-sponsored threat groups targeted email accounts of Trump and Biden campaign staff: Google - www.computing.co.uk
    This webinar will explore the key questions that organisations face when deciding how to manage customer identities – Including those around data management, encryption, password policies, multi-factor authentication, risk management, scaling, and compliance.
  • Fortinet FortiSIEM Windows Agent 安全漏洞
    . Fortinet FortiSIEM是美国飞塔(Fortinet)公司的一套安全信息和事件管理系统。该系统包括资产发现、工作流程自动化和统一管理等功能。 Fortinet FortiSIEM Windows Agent 3.1.2及之前版本中存在安全漏洞。攻击者可利用该漏洞提升权限。 来源:MISC 链接:https://fortiguard.com/advisory/FG-IR-20-021 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-9292 来源:www.auscert.org.au 链接:https://www.
  • Foxit Reader和PhantomPDF 资源管理错误漏洞
    Foxit Reader和Foxit PhantomPDF都是中国福昕(Foxit)公司的一款PDF文档阅读器。 Foxit Reader 9.7.1之前版本和PhantomPDF 9.7.1之前版本中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。 来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Foxit Studio Photo 安全漏洞
    来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-13812 Copyright © 360网络攻防实验室 All Rights Reserved 京ICP备08010314号-66 ....
  • Foxit Studio Photo 缓冲区错误漏洞
    Foxit Studio Photo是中国福昕(Foxit)公司的一套图像编辑软件。 Foxit Studio Photo 3.6.6.922之前版本中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。 来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Elliptic package 安全漏洞
    来源:MISC 链接:https://github.com/indutny/elliptic/issues/226 来源:MISC 链接:https://www.npmjs.com/package/elliptic 来源:MISC 链接:https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4 来源:MISC 链接:https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/ 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Cybele Thinfinity VirtualUI 路径遍历漏洞
    Cybele Thinfinity VirtualUI 2.5.17.2版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。 来源:labs.nettitude.com 链接:https://labs.nettitude.com/blog/cve-2019-16384-85-cyblesoft-thinfinity-virtualui-path-traversal-http-header-injection/ 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Fortinet FortiAnalyzer 跨站脚本漏洞
    Fortinet FortiAnalyzer是美国飞塔(Fortinet)公司的一套集中式网络安全报告解决方案。该产品主要用于收集网络日志数据,并通过报告套件对日志中的安全事件、网络流量、Web内容等进行分析、报告、归档操作。 Fortinet FortiAnalyzer 6.2.3及之前版本中的管理员配置文件存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。 来源:MISC 链接:https://fortiguard.com/advisory/FG-IR-20-003 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-6640 来源:www.
  • Foxit PhantomPDF Mac和Reader for Mac 安全漏洞
    . Foxit PhantomPDF Mac和Foxit Reader for Mac都是中国福昕(Foxit)公司的一款基于macOS平台的PDF文档阅读器。 Foxit PhantomPDF Mac 3.4.0.1012及之前版本(macOS)和Foxit Reader 3.4.0.1012及之前版本(macOS)中存在安全漏洞。攻击者可借助特制文件利用该漏洞绕过签名验证。 来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.
  • ZOHO ManageEngine OpManager 安全漏洞
    来源:MISC 链接:https://www.manageengine.com/network-monitoring/help/read-me-complete.html 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-13818 Copyright © 360网络攻防实验室 All Rights Reserved 京ICP备08010314号-66 ....

RSS Threats and Incidents

  • State-sponsored threat groups targeted email accounts of Trump and Biden campaign staff: Google - www.computing.co.uk
    This webinar will explore the key questions that organisations face when deciding how to manage customer identities – Including those around data management, encryption, password policies, multi-factor authentication, risk management, scaling, and compliance.
  • Fortinet FortiSIEM Windows Agent 安全漏洞
    . Fortinet FortiSIEM是美国飞塔(Fortinet)公司的一套安全信息和事件管理系统。该系统包括资产发现、工作流程自动化和统一管理等功能。 Fortinet FortiSIEM Windows Agent 3.1.2及之前版本中存在安全漏洞。攻击者可利用该漏洞提升权限。 来源:MISC 链接:https://fortiguard.com/advisory/FG-IR-20-021 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-9292 来源:www.auscert.org.au 链接:https://www.
  • Foxit Reader和PhantomPDF 资源管理错误漏洞
    Foxit Reader和Foxit PhantomPDF都是中国福昕(Foxit)公司的一款PDF文档阅读器。 Foxit Reader 9.7.1之前版本和PhantomPDF 9.7.1之前版本中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。 来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Foxit Studio Photo 安全漏洞
    来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-13812 Copyright © 360网络攻防实验室 All Rights Reserved 京ICP备08010314号-66 ....
  • Foxit Studio Photo 缓冲区错误漏洞
    Foxit Studio Photo是中国福昕(Foxit)公司的一套图像编辑软件。 Foxit Studio Photo 3.6.6.922之前版本中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。 来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Elliptic package 安全漏洞
    来源:MISC 链接:https://github.com/indutny/elliptic/issues/226 来源:MISC 链接:https://www.npmjs.com/package/elliptic 来源:MISC 链接:https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4 来源:MISC 链接:https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/ 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Cybele Thinfinity VirtualUI 路径遍历漏洞
    Cybele Thinfinity VirtualUI 2.5.17.2版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。 来源:labs.nettitude.com 链接:https://labs.nettitude.com/blog/cve-2019-16384-85-cyblesoft-thinfinity-virtualui-path-traversal-http-header-injection/ 来源:nvd.nist.gov 链接:https://nvd.nist.
  • Fortinet FortiAnalyzer 跨站脚本漏洞
    Fortinet FortiAnalyzer是美国飞塔(Fortinet)公司的一套集中式网络安全报告解决方案。该产品主要用于收集网络日志数据,并通过报告套件对日志中的安全事件、网络流量、Web内容等进行分析、报告、归档操作。 Fortinet FortiAnalyzer 6.2.3及之前版本中的管理员配置文件存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。 来源:MISC 链接:https://fortiguard.com/advisory/FG-IR-20-003 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-6640 来源:www.
  • Foxit PhantomPDF Mac和Reader for Mac 安全漏洞
    . Foxit PhantomPDF Mac和Foxit Reader for Mac都是中国福昕(Foxit)公司的一款基于macOS平台的PDF文档阅读器。 Foxit PhantomPDF Mac 3.4.0.1012及之前版本(macOS)和Foxit Reader 3.4.0.1012及之前版本(macOS)中存在安全漏洞。攻击者可借助特制文件利用该漏洞绕过签名验证。 来源:CONFIRM 链接:https://www.foxitsoftware.com/support/security-bulletins.php 来源:nvd.nist.gov 链接:https://nvd.nist.
  • ZOHO ManageEngine OpManager 安全漏洞
    来源:MISC 链接:https://www.manageengine.com/network-monitoring/help/read-me-complete.html 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-13818 Copyright © 360网络攻防实验室 All Rights Reserved 京ICP备08010314号-66 ....