Aggregator

目前「FreeBuf网安知识大陆」三大特色功能已经成熟，分别是播客、电台和帮会（私域）。

Mint-Stealer is a Malware-as-a-Service tool designed to exfiltrate sensitive data from compromised systems stealthily and targets a broad spectrum of data, including web credentials, cryptocurrency wallet details, gaming credentials, VPN configurations, messaging app data, and FTP client information.  Employing encryption and obfuscation, Mint-Stealer evades detection while actively stealing data. Distributed through dedicated websites and supported […]

The post Mint-stealer Targeting web browsers, VPN clients & messaging apps to Steal Logins appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

KCon大会培训日回归！课程人员有限，先到先得~

KCon大会议题巡展正式开启

Cisco Talos has unearthed a sophisticated cyber-espionage campaign targeting a Taiwanese government-affiliated research institute. The attack, attributed to the notorious Chinese hacking group APT41, involved the deployment of the ShadowPad malware and Cobalt Strike, among other customized tools. This article delves into the specifics of the attack, the methodologies employed by the hackers, and the […]

The post APT41 Hackers Attacking Research Institute with ShadowPad and Cobalt Strike appeared first on Cyber Security News.

The Exodus Market, a haven for exiled criminals, has grown to become a significant player in the black market economy. The user “ExodusMarket” originally announced Exodus Market for Logs on the Cracked forum on February 10, 2024, after it was formally launched at the end of January 2024. Twice, in March 2024 and July 16, […]

The post Exodus Underground Market Place Emerging As A Heaven For Cybercriminals appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

达美航空 CEO Ed Bastian 表示，CrowdStrike 事故导致该公司取消了多达 5000 个航班，包括给客户的赔偿金，该公司因此次事故损失了 5 亿美元，该公司要求 CrowdStrike 和微软赔偿其损失，已聘请律所准备提起诉讼。CrowdStrike 律师对此回应，称达美取消航班不应该怪罪于它。在事故发生后 CrowdStrike CEO George Kurtz 联系 Bastian 表示愿意提供现场协助，但没有收到回应。CrowdStrike 律师表示，根据合同协议该公司承担的责任上限是数百万美元。

【开奖】批量查询工具权限已开通

分享近期值得关注的IOC

A vulnerability was found in com.cascadialabs.who 15.0 on Android. It has been declared as problematic. This vulnerability affects unknown code of the file com.cascadialabs.who. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-40096. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

A vulnerability was found in Apache IoTDB Workbench 0.13.x. It has been classified as critical. This affects an unknown part. The manipulation leads to server-side request forgery. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-36448. Access to the local network is required for this attack. There is no exploit available.

Ученые нашли способ обойти защиту ядра Linux с 99% эффективностью.

Немецкая платформа с госфинансированием с каждым днём привлекает к себе всё больше внимания.

This post first appeared on blog.netwrix.com and was written by Ian Andersen.
Gartner listed identity threat detection and response (ITDR) among its top security and risk management trends for 2022 and beyond — and study after study keeps verifying the importance of an effective ITDR strategy. For example, the Identity Defined Security Alliance (IDSA) revealed that more than 90% of the organizations it surveyed suffered an identity-related attack … Continued

奇安信开源卫士20240805.709 版本已支持对Apache OFBiz 授权不当致代码执行漏洞(CVE-2024-38856)的检测。

防不胜防

每日更新当天鲜活情报和热点漏洞

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly. Challenges in incident

MySpace 诞生于 2003 年 7 月，2005 年联合创始人 Tom Anderson 和 Chris DeWolfe 以 5.8 亿美元将其出售给默多克（Rupert Murdoch）的新闻集团，2006 年它成为美国访问量最大的网站，超过了 Google 和 Yahoo Mail。但它很快走上了下坡路，2011 年被新闻集团以 3500 万美元出售给 Specific Media 和 Justin Timberlake，Specific Media 之后变成了 Viant， Viant 于 2016 年被 Time 收购，Time 在 2017 年底被 Meredith Corporation 收购，它随后将 MySpace 出售给目前的运营者 Viant Technology LLC。MySpace 在 Timberlake 领导下转型为音乐发现网站，它的用户数在减少，但仍然有一部分忠实用户。

Брэндон Ковакс продемонстрирует, как создаются цифровые двойники, в реальном времени.