随着网络技术的不断发展,安全厂商也如雨后春笋般涌现出来。从云主机、电子邮件服务器和终端设备的安全,到恶意软件、网络威胁、网络钓鱼以及DDoS攻击保护,几乎各种与互联网以及计算机有关的行业内都有数百家相关的安全厂商正在为他们各自所处的领域而战斗着。 虽然现在针对不同的服务和设备都有着大量的安全解决方案,但问题就在于这些方案并不具备广泛的适用性。也就是说,这个方案可能在你的身上可以完美发挥其功效,但在我身上则毫无实用性,这也给各个安全团队的工作带来了非常大的麻烦。与此同时,网络技术无时无刻都处于不断发展的状态,再加上某…
E安全2月11日讯 近日,一款复杂的“无文件”恶意软件感染了40个国家100多家银行和金融机构,这种恶意软件几乎检测不到。 卡巴斯基实验室的安全专家发现了该威胁,攻击者以许多行业的组织机构为目标。40个国家的银行、电信公司和政府机构被一种“无文件”恶意软件感染,该恶意软件寄居在受感染计算机的内存,不将任何文件或文件复制到硬盘。 研究人员发现,这款恶意软件已经感染了140个企业网络,大多数受害对象位于美国、法国、厄瓜多尔、肯尼亚、英国和俄罗斯。 研究人员认为,受害者可能更多,因为这种威胁几乎检测不到。恶意代码直接注入…
E安全2月11日讯 黑客正在黑市售卖UPI.com数据库,其包含83000个UPI.com的账户信息。UPI.com为美国合众国际社(United Press International,UPI)的网站。UPI是美国第二大通讯社,总部设在纽约,被誉为世界四大通讯社之一,为世界范围内的媒体,企业,政府和研究者提供重要信息。 UPI周二通知了电子邮件订阅用户,并撤下登录页面。 这名黑客在暗网上出售UPI数据库,售价0.09比特币,包含电子邮箱、姓名和密码。密码为MD5哈希密码。MD5密码目前被公认已过时,其存在重大的漏…
在刚刚过去的2016年,勒索敲诈类型的恶意攻击越来越频繁和复杂,因为网络犯罪份子从中看到了赚钱的机会。位于英国的技术服务集团今天发布了一张信息图,洞察了勒索软件的肆虐情况。根据数据显示,2016年勒索类型的攻击增长了3500%,在2015年12月至2016年4月勒索软件的数量增加了600%。 全球41%的企业遭受勒索软件的攻击,不过在英国地区这个数据更高,为54%。勒索软件占企业攻击的四分之一,而更令人担忧的是37%的受害者都选择支付了赎款。 电子邮件依然是最常见的分发方法,占比为59%,其次是网站、社交媒体和受感…
不明IP成功黑入台湾数十个驻外馆处领务信箱,可能使1.5万人次的个人资料被窃取。台湾外事部门为此道歉。 台湾人出境登录系统须填写中英文姓名、身份证号码、“护照”号码和手机及紧急联络人等信息。据台湾《联合报》9日报道,台外事部门日前进行安全查核时,发现外馆领务电子信箱设定的密码被破解,不明人士直接登入服务器,进入数十个外馆领务电子信箱近3个月,1万多人次的个人资料可能遭窃取。“行政院”资安处处长简宏伟称,目前尚无法断定是有计划或特定目的的黑客攻击事件,还是单一个案。官员坦承,外馆单位的密码设定安全等级不够高,导致密码…
E安全2月12日讯 美国信息安全咨询公司IANS Research开发出一套模型,旨在帮助首席信息安全官维持其职业发展前景:具体而言,即“跨越时间与空间实现关键性资产保护。” 这套名为CISO Impact的模型基于两项基础性能力:技术卓越性与组织参与性。前者涉及从访问控制到事件响应的八个领域; 而后者则包括从业务信息安全到控制业务部门可承担风险的七项因素。 这套模型结合有来自1200多位高水平CISO与信息安全团队的洞察结论,IANS对相关信息加以整理并汇总出这份《高水平CISO获得成功的五个秘密》报告。 IA…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for spice-server to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities will allow buffer overflows and denial of service attack…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for spice to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation of the vulnerabilities will allow buffer overflows and denial of service attacks. 解决方案…
漏洞类别:Local 漏洞等级: 漏洞信息 HPE ArcSight Data Platform (formerly ArcSight Logger) is a SIEM platform that unifies data collection and log management of machine data for security. An authorization bypass vulnerability exists that allows an authenticated, remote attac…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for svgsalamander to fix the vulnerabilities. 漏洞危害 Successful exploitation will allow server side request forgery. 解决方案 Refer to Debian security advisory DSA 3781-1 to address this issue and obtain fur…
漏洞类别:AIX 漏洞等级: 漏洞信息 IBM AIX is prone to the following vulnerabilities: OpenSSH is vulnerable to a denial of service, caused by an error in the kex_input_kexinit() function. By sending specially crafted data during the key exchange process, a remote attacker co…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that Subversion's mod_dontdothat module and Subversion clients using http(s):// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. An authenticated remote attacker can cause d…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supply…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network nam…
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. WordPress versions prior to 4.7.2 contain the following unauthorize…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for mysql to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complet…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for spice to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for guile to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for spice to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complet…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for guile to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 Malicious users could use this vulnerability to chang…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for spice to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxml2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabi…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gcc48 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libcap-ng to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain com…