Aggregator

用户报告 Windows 11 最新可选更新 KB5043145 导致了大量问题，包括蓝屏死机、键盘和鼠标功能失效、USB 端口故障、WSL 2 和 Wi-Fi 问题等等。微软据报道已知道出问题了，但尚未发布任何官方补救措施的信息。键盘和鼠标功能失效会增加修复问题的难度，但部分用户反馈系统会自动进入恢复模式。受影响的硬件包括了华硕的 TUF A15 (2022) 和 ROG Strix G17 笔电、英特尔 NUC N6005 和 N5105、联想笔电和多种 AMD 系统。

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The

The prolific Chinese APT Mustang Panda is the likely culprit behind a sophisticated cyber-espionage attack that sets up persistent remote access to victim machines.

大家好，本文给大家介绍一个 Google 推出的实验性 AI 产品 - NotebookLM。作为一个 IT 狗，看到这种新玩意儿总是忍不住想上手试试。这次体

A vulnerability was found in XtendCU Mobile 1.0.28 and classified as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-7330. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Apple iTunes up to 12.12.2 on Windows. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to Local Privilege Escalation. This vulnerability is handled as CVE-2024-44193. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in miraheze DataDump. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-47612. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"

A vulnerability was found in Google Android. It has been classified as problematic. Affected is an unknown function of the component Server Certificate Parser. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2024-44097. It is possible to launch the attack remotely. There is no exploit available.

大学人文学科的教授们注意到，过去十年学生们似乎不能读书了。2022 年秋季学期，一位一年级学生告诉哥伦比亚大学教授 Nicholas Dames，称一两周内读完一本书太困难了，她们在高中里不再要求读完整本书了。二十年前，Dames 的学生会在一周内就《傲慢与偏见》展开深入讨论，然后下一周讨论《罪与罚》。如今的学生认为阅读负担难以承受，不仅仅是节奏太快，还因为在掌握整体剧情时难以关注小细节。普林斯顿大学历史学家 Anthony Grafton 表示其学生入学时词汇量比以前少，对语言的理解也比以前差。乔治城大学英语系主任 Daniel Shore 说，学生甚至难以集中注意力读完一首十四行诗。这一现象背后的原因被认为是智能手机和社交网络对注意力的干扰。1976 年约四成的高中毕业生表示过去一年至少读了六本书，只有 11.5% 的人表示一本没读。2022 年，两个百分比数字发生了反转。

A vulnerability was found in tukaani-project xz up to 5.6.2 and classified as critical. This issue affects some unknown processing. The manipulation leads to argument injection. The identification of this vulnerability is CVE-2024-47611. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. [...]

As per a recent Microsoft alert, a threat actor with malicious financial motives has been observed

Police arrested four new individuals linked to the LockBit ransomware operationAn internationa

Authors/Presenters:Jiaqi Gao, Jiamin Cao, Yifan Li, Mengqi Liu, Ming Tang, Dennis Cai, Ennan Zhai

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

The post USENIX NSDI ’24 – Sirius: Composing Network Function Chains into P4-Capable Edge Gateways appeared first on Security Boulevard.

Оборот в 112 миллиардов: как работали преступные криптосервисы.

A vulnerability was found in Prima Systems FlexAir. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to command injection. This vulnerability is handled as CVE-2019-7670. The attack may be launched remotely. Furthermore, there is an exploit available.

Угрозы и шантаж давно стали обычным делом в мире цифровых активов.

Правительственные хакеры Andariel игнорируют международное право, продолжая свои атаки на компании США.