即将举行的活动和其他信息
公共安全和网络安全教育中心(CPSCE)致力于为行业专业人士提供及时和相关的信息, 以及mg不朽情缘游戏网址所服务的社区. 除了全年举办各种特别活动外, 该中心还维护着一份广受好评的公共安全和网络安全资源清单.
Contact Us
CPSCE Blog
Association of Technology Professionals 2nd Annual Scholarship Recipient Announced >
Spotlight: Dr. Ned Pettus Jr., Director of Public Safety for the City of Columbus >
Aspect-Oriented Programming's Ironical Relation to Information Security >
Creek Technologies is Seeking Franklin and Urbana Students and Alumni for Open Positions >
News Feeds
从行业领导者那里获得最新的网络安全新闻和见解.
Schneier on Security
llm的数据控制路径不安全性
May 15, 2024 - 4:13am
B. Schneier
Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls.
There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment. AT&T could sometimes change the signaling tones, make them more complicated, or try to keep them secret. But the general class of exploit was impossible to fix because the problem was general: Data and control used the same channel. That is, the commands that told the phone switch what to do were sent along the same path as voices...
New Attack on VPNs
May 14, 2024 - 7:55am
Bruce Schneier
This attack has been feasible for over two decades:
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user’s VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then...
另一个Chrome漏洞
May 14, 2024 - 6:39am
Bruce Schneier
Google has patched another Chrome zero-day:
On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.
Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for...
即将到来的演讲活动
May 14, 2024 - 6:36am
Bruce Schneier
This is a current list of where and when I am scheduled to speak:
- I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “Should the USG Establish a Publicly Funded AI Option?“
The list is maintained on this page.
针对自动驾驶汽车AI的新攻击
2024年5月10日-下午12:01
Bruce Schneier
This is another attack that convinces the AI to ignore road signs:
Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the diode flash and the line capture.
The result is the camera capturing an image full of lines that don’t quite match each other. The information is cropped and sent to the classifier, usually based on deep neural networks, for interpretation. Because it’s full of lines that don’t match, the classifier doesn’t recognize the image as a traffic sign...
Krebson Security
补丁星期二,2024年5月版
May 14, 2024 - 4:19pm
BrianKrebs
微软今天发布了更新,修复了Windows电脑和支持软件中的60多个安全漏洞, 包括Windows中的两个“零日”漏洞,这些漏洞已经被主动攻击所利用. macOS和Adobe用户也可以使用重要的安全补丁, 以及Chrome网络浏览器, 刚刚修补了自己的零日漏洞.
当局如何确定所谓的锁头老板?
May 13, 2024 - 7:26am
BrianKrebs
上周,美国加入了联合国气候变化框架公约.K. 美国和澳大利亚制裁并指控俄罗斯男子德米特里·尤里耶维奇·霍罗什夫(Dmitry Yuryevich Khoroshev)是臭名昭著的LockBit勒索软件组织的头目. LockBit的领导者“LockBitSupp”声称,联邦调查局找错了人, 称这些指控并不能解释他们如何将他与霍罗什夫联系起来. 这篇文章检视了Khoroshev在网路犯罪论坛上的各种活动, 并追踪了一个天才恶意软件作者的职业生涯,他在过去的14年里编写并销售了恶意代码.
U.S. 指控俄罗斯男子为LockBit勒索软件集团的老板
May 7, 2024 - 1:36pm
BrianKrebs
今天,美国加入了英国和澳大利亚的行列,制裁了31岁的俄罗斯公民德米特里·尤里耶维奇·霍罗什夫,称他是臭名昭著的勒索软件组织LockBit的头目. The U.S. 美国司法部还指控霍罗什夫是该团伙的头目“LockbitSupp”,并指控他使用Lockbit攻击了超过2人,并勒索至少1亿美元的赎金.
为什么你的VPN可能不像它声称的那样安全
May 6, 2024 - 10:24am
BrianKrebs
虚拟专用网络(VPN)公司将他们的服务推销为防止任何人窥探你的互联网使用情况的一种方式. 但新的研究表明,当通过不受信任的网络连接到VPN时,这是一个危险的假设, 因为同一网络上的攻击者可以强迫目标的流量脱离其VPN提供的保护,而不会向用户触发任何警报.
大规模勒索心理治疗患者的男子被判六年
2024年4月30日-上午9:34
BrianKrebs
今天,一名26岁的芬兰男子因入侵一家在线心理治疗诊所被判6年多监禁, 泄露了成千上万的病人治疗记录, 还试图勒索诊所和病人.
联邦调查局网络犯罪故事
Threat Post
InfoSec Island
Resources
- 哥伦布市公共安全部门
- Ohio Attorney General
- 俄亥俄州总检察长网络安全
- 俄亥俄州监察长办公室
- Ohio Homeland Security
- 俄亥俄州商务部
- 俄亥俄州消防队长协会和俄亥俄州消防和紧急服务基金会
- 国家安全局和中央安全局
- 国土安全部
- 联邦调查局
- InfraGard保护伙伴关系
- Dark Reading
- Security Weekly
- TaoSecurity Blog
- Liquidmatrix Bot
- Infosecurity Mag
- 哥伦布合作实验室
- 国家网络监视中心
- Security Magazine
- Threatpost
- Ohio Auditor
- 开放软件安全社区
- WOSU公共媒体NovaLabs
Franklin University
201 S Grant Ave.
Columbus, OH 43215
Local: (614) 797-4700
免费电话:(877)341-6300
admissions@bikinganteng.com
mg不朽情缘游戏网址版权所有
mg不朽情缘游戏网址是由高等教育委员会(hlcommission)认证的.org/800.621.7440)并由俄亥俄州高等教育部授权.
mg不朽情缘游戏网址致力于成为一个没有任何形式歧视和骚扰的包容性社区.