Aggregator

Welcome to ANY.RUN‘s monthly updates, where we share our team’s achievements over the past month.   In July, we introduced new features in Threat Intelligence Lookup, added Windows 10 for free users, reduced task startup time, implemented numerous YARA rules and signatures, and expanded our Suricata ruleset.   Let’s break down what’s new in ANY.RUN […]

The post Release Notes: New IOCs in TI Lookup, Network Threats Tab, Free Windows 10 VM, and More appeared first on ANY.RUN's Cybersecurity Blog.

Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network. This technology does so without relying on traditional cellular networks.  Besides this, doing so allows the users to enhance their call quality and reliability in areas with poor network quality. But, […]

The post Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

译者：知道创宇404实验室翻译组 原文链接：Guest vs Null session on Windows 在对 Active Directory 基础架构进行内部评估时，“空会话”、“访客会话”和“匿名会话”等术语是十分常见的。这些词描述了在 Windows 服务器上用于连接资源并获取计算机或 Active Directory 对象（如用户或 SMB 共享）信息的技术。尽管这些技术广为人...

В Минцифры рассказали, почему изменились условия льготной ипотеки.

KCon大会培训日回归！课程人员有限，先到先得~

经过精心筹备与多方努力KCon 2024 黑客大会敲定举办时间将于8月24日-25日举办本次大会涵盖了网安领域

Delta Air Lines has enlisted the legal expertise of David Boies, chairman of Boies Schiller Flexner, to seek damages from cybersecurity firm CrowdStrike and tech giant Microsoft. This follows a catastrophic system crash on July 19 that resulted in the cancellation of thousands of flights and left millions of computers offline. Delta has suffered significant […]

The post CrowdStrike & Microsoft to Face Lawsuit from Delta Air Lines Following System Crash appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

本周，互联网网络安全态势整体评价为良。

Endpoint management tools streamline the administration and security of an organization’s endpoint devices, such as desktops, laptops, and mobile devices. They provide centralized control over device configuration, software deployment, and policy enforcement, enhancing IT efficiency. These tools ensure compliance with security policies and help mitigate risks by monitoring and managing endpoints‘ health and security status. […]

The post Top 20 Best Endpoint Management Tools – 2024 appeared first on Cyber Security News.

A Vipre study reveals a 20% increase in business email compromise attacks

A vulnerability was found in Dell InsightIQ up to 5.0.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to risky cryptographic algorithm. This vulnerability was named CVE-2024-28972. The attack can be initiated remotely. There is no exploit available.

站在研发视角，去看待如何针对认证进行安全开发，或者说如何选取合适的认证场景来确保应用系统的安全认证。

Gentoo Linux 发行版创始人兼首席架构师 Daniel Robbins（aka drobbins）在 2004 年离开项目之后于 2008 年创建了一个衍生发行版 Funtoo Linux，16 年后的今天他宣布终止该项目。drobbins 表示，Funtoo 的理念是创建一个有意思的贡献者社区，共同创造伟大的东西。但现在对他而言不再是了，他将转向其他事务。Funtoo 没有继任 BDFL，他也不打算寻找，或者考虑将项目转交给其他人。Funtoo Linux 项目预计将在 8 月终止，Funtoo 容器预计会一直支持到 8 月底，用户如果有需求需要寻找其它托管方案。

A vulnerability was found in Dell iDRAC Service Module up to 5.3.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-38481. Attacking locally is a requirement. There is no exploit available.

Как мыслит музыкальный оракул и можно ли ему верить?

Een nieuwe radar in Nieuw Milligen bewaakt vanaf vandaag het luchtruim in Nederland. Het gaat om de Ground Master 400 Alpha (GM400a) van fabrikant Thales. Deze vervult de taken tot het nieuwe SMART-L-radarstation in Herwijnen operationeel is.

日前，国利网安成功签约某市水务集团二次供水泵站的工控网络安全防护项目，标志着在城市水务工控安全建设领域的创新与 […]

This Article Insider Risk Digest: July was first published on Signpost Six. | https://www.signpostsix.com/

Welcome to this month’s Insider Risk Digest. This month, we explore a range of insider threats affecting sectors from government to entertainment and pharmaceuticals. Highlights include potential espionage in critical infrastructure projects, a former CIA analyst’s espionage charges, and significant corporate breaches at Disney and Roche. We also examine ethical controversies at OpenAI and organized […]

This Article Insider Risk Digest: July was first published on Signpost Six. | https://www.signpostsix.com/

The post Insider Risk Digest: July appeared first on Security Boulevard.

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Since unarchiver apps are commonly used and trusted for extracting files, threat actors often abuse them to disseminate malware and other malicious files. Recently, security analysts uncovered macOS malware that disguises itself as an “Unarchiver” app, enabling threat actors to steal user data. During routine research, cybersecurity experts at Hunt.io discovered a phishing site masquerading […]

The post macOS Malware Disguise As Unarchiver App Steals User Data appeared first on Cyber Security News.