即将举行的活动和其他信息
公共安全和网络安全教育中心(CPSCE)致力于为行业专业人士提供及时和相关的信息, 以及mg不朽情缘游戏网址所服务的社区. 除了全年举办各种特别活动外, 该中心还维护着一份广受好评的公共安全和网络安全资源清单.
Contact Us
CPSCE Blog
Association of Technology Professionals 2nd Annual Scholarship Recipient Announced >
Spotlight: Dr. Ned Pettus Jr., Director of Public Safety for the City of Columbus >
Aspect-Oriented Programming's Ironical Relation to Information Security >
Creek Technologies is Seeking Franklin and Urbana Students and Alumni for Open Positions >
News Feeds
从行业领导者那里获得最新的网络安全新闻和见解.
Schneier on Security
使用合法的GitHub url恶意软件
April 22, 2024 - 11:26am
Bruce Schneier
Interesting social-engineering attack vector:
McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.
The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.
What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.
As the file’s URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures...
新的点阵密码分析技术
April 20, 2024 - 8:50am
Bruce Schneier
A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems.
A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out not being correct or only worked for simple special cases.” I expect we’ll learn more about this particular algorithm with time. And, like many of these algorithms, there will be improvements down the road...
星期五鱿鱼博客:鱿鱼追踪者
April 19, 2024 - 10:57am
Bruce Schneier
A new bioadhesive makes it easier to attach trackers to squid.
Note: the article does not discuss squid privacy rights.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
接管开源项目的其他尝试
April 17, 2024 - 10:40pm
Bruce Schneier
After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique:
The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor...
把黄金伪装成机器零件走私
April 16, 2024 - 3:08pm
Bruce Schneier
Someone got caught trying to smuggle 322 pounds of gold (that’s about a quarter of a cubic foot) out of Hong Kong. It was disguised as machine parts:
On March 27, customs officials x-rayed two air compressors and discovered that they contained gold that had been “concealed in the integral parts” of the compressors. Those gold parts had also been painted silver to match the other components in an attempt to throw customs off the trail.
Krebson Security
Who Stole 3.来自南卡罗莱纳的600万份税务记录?
April 16, 2024 - 7:26am
BrianKrebs
For nearly a dozen years, 南卡罗来纳州的居民一直被州和联邦调查人员蒙住了脸,不知道是谁在2012年入侵了该州的税务部门,并窃取了3年的税务和银行账户信息.6 million people. 答案可能不再是一个谜:KrebsOnSecurity发现了令人信服的线索,表明这次入侵是由俄罗斯黑客团队实施的,这些黑客团队在随后的几年里从家得宝(Home Depot)和塔吉特(Target)等大型零售商那里窃取了数百万张支付款卡记录.
蟋蟀啁啾系统在智能锁钥匙泄漏
April 15, 2024 - 10:51am
BrianKrebs
The U.S. 政府警告说,智能锁保护了大约50个,全国有5000个住宅包含可用于远程打开任何锁的硬编码凭证. 该锁具的制造商Chirp Systems仍然没有回应, 尽管它在2021年3月首次被告知存在严重缺陷. 与此同时,Chirp的母公司RealPage, Inc.该公司被多名美国律师起诉.S. 他被指控与房东勾结非法提高租金.
为什么CISA警告ciso关于Sisense的漏洞
April 11, 2024 - 4:48pm
BrianKrebs
The U.S. 网络安全和基础设施安全局(CISA)今天表示,正在调查商业智能公司Sisense的一次入侵事件, 谁的产品被设计成允许公司在一个仪表板中查看多个第三方在线服务的状态. 中钢协敦促所有Sisense客户重置可能与该公司共享的任何凭据和机密, 这也是Sisense周三晚上给顾客的建议吗.
推特笨拙地转向X.com Is a Gift to Phishers
April 10, 2024 - 10:28am
BrianKrebs
4月9日,Twitter/X开始自动修改提到“Twitter”的链接.com" to redirect to "x.com" instead. 但在过去的48小时里, 数十个新注册的域名表明,这种变化可以用来制作令人信服的网络钓鱼链接——比如fedettwitter。.]com,目前呈现为fedex.com in tweets.
四月的补丁星期二带来了创纪录的补丁数量
April 9, 2024 - 4:28pm
BrianKrebs
如果补丁星期二不经常出现就好了——就像日全食一样罕见——而不是像《mg不朽情缘试玩》那样每个月都悄悄出现. Although to be fair, 微软很难超过本月补丁修复的漏洞数量——Windows及相关软件的漏洞达到创纪录的147个.
FBI Cyber Crime Stories
Threat Post
InfoSec Island
Resources
- 哥伦布市公共安全部门
- Ohio Attorney General
- 俄亥俄州总检察长网络安全
- 俄亥俄州监察长办公室
- Ohio Homeland Security
- 俄亥俄州商务部
- 俄亥俄州消防队长协会和俄亥俄州消防和紧急服务基金会
- 国家安全局和中央安全局
- 国土安全部
- 联邦调查局
- InfraGard保护伙伴关系
- Dark Reading
- Security Weekly
- TaoSecurity Blog
- Liquidmatrix Bot
- Infosecurity Mag
- Columbus Collaboratory
- 国家网络监视中心
- Security Magazine
- Threatpost
- Ohio Auditor
- 开放软件安全社区
- WOSU公共媒体NovaLabs
Franklin University
201 S Grant Ave.
Columbus, OH 43215
Local: (614) 797-4700
Toll Free: (877) 341-6300
admissions@danielaamolini.com
mg不朽情缘游戏网址版权所有
mg不朽情缘游戏网址是由高等教育委员会(hlcommission)认证的.org/800.621.7440)并由俄亥俄州高等教育部授权.
mg不朽情缘游戏网址致力于成为一个没有任何形式歧视和骚扰的包容性社区.