Topic introduction Chief Security Officer - Your think tank of security experts How to become a chief security officer
-
How to Spot Attackers in the Early Stages of the Cyber Kill Chain
How to detect and stop suspicious activity before it evolves into a more serious threat. For example, by using OSINT (Open Source Intelligence) technology and network traffic monitoring, organizations can stay one step ahead of attackers and protect their networks and sensitive data from devastating cyberattacks.
-
Open Source Software Grafana Platform SQL Injection High Risk Vulnerability
An injection vulnerability exists in the open source software grafana, where an attacker can use a post request to the /api/ds/query api, and then they can modify the "rawSql" file to execute a malicious sql string, resulting in a blind time-based sql injection vulnerability that poses the threat of a database compromise.
-
Data Finance: Valuation Assessment of the Potential Scale of Data Assetization
The development of China's data factor market is on the road from resourceization to assetization, and the typical feature of data assetization is that data can play its role as a factor of production through circulation in a wider range outside the generating subject.
In terms of specific data asset valuation methods, the main ones elaborated in the existing literature are the cost method, the market method, the income method and the valuation technique method. For the cost method, although it has the characteristics of simple operation and easy landing, it also has the disadvantages of easy underestimation of value and difficult to accurately measure. For the market approach, although it can be more objective, truly reflect the value of data assets, and easy to be accepted by the market, but because of the need to have an open and active trading market, so it is difficult to practice on a wide scale in the short term. For the income approach, although it can better highlight the intrinsic value of the data, but due to the difficulty of reliable measurement of the future earnings of data assets, it is also difficult to land in the operation. For the valuation technique method, although it combines the advantages of fully reflecting the true value of data, not requiring an active market, and not having to accurately measure the future earnings of data assets, it is still in the exploratory stage because it requires a large amount of data on the value of data assets to be obtained in advance to train the model. -
Speed and "Hidden Dangers": The Hidden Crisis Behind the Instant Delivery Industry
State of the Industry Currently, residents' consumption is showing an online trend, and along with the change in the main force of consumption, the demand for instant delivery services is further growing. Data shows that nearly 25% of consumers use instant delivery service more than 10 times a month, and the consumers who use the service monthly...
-
Linux eBPF Attacks and Facing Security Challenges
eBPF (Extended Berkeley Packet Filter) is a powerful technology in the Linux kernel that can be used to execute efficient code and plays an important role in network monitoring, performance analysis, security auditing and other areas. However, this double-edged sword can also be utilized maliciously, bringing serious network security threats.
-
Up to 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered by open-source platforms
Up to 100 malicious artificial intelligence (AI)/machine learning (ML) models have been found in the Hugging Face platform.
-
AIGC Artificial Intelligence Safety Report 2024
Significant progress has been made in the field of AIGC (AI Generated Content). However, technological advances always come with new challenges, and security issues in the AIGC field have come to the fore. The report will deeply analyze the security risks of AIGC and propose solutions.
-
Safe operations from the perspective of Party A and Party B
Large Internet enterprises in the exploration of enterprise information security, and gradually put forward the concept of security operations. For the ultimate guarantee of enterprise security needs, but also as an important responsibility of security operations, it is necessary to close the loop on all aspects of enterprise security through security operations practitioners.
-
Cybersecurity certification "mapping"
There are a wide variety of cybersecurity-related certifications, and there are international cybersecurity experts who have conducted a detailed inventory. You may wonder if there is an inventory of the development and status of cybersecurity certifications. Please refer to the Security Certification Roadmap.
-
Malware Extortion Ring LockBit Riddle
The LockBit ransomware-as-a-service (RaaS) operation is the "leading" ransomware threat globally in 2022, with the highest number of targets.