Aggregator

华为透露了首款搭载 HarmonyOS 5 的笔记本电脑。它拥有的微软 Windows 许可证已在今年 3 月过期。新电脑尚未命名，它搭配了华为的 AI 助手小艺（Celia），能执行创建幻灯片、总结会议摘要以及检索本地文档信息等功能。HarmonyOS 5 提供了 MS Office 的替代 WPS，阿里巴巴旗下的企业协作平台钉钉，社交媒体小红书，视频分享网站哔哩哔哩，以及字节跳动旗下的飞书等流行娱乐和办公应用。《南方日报》报道称，到年底 PC 版 HarmonyOS 操作系统将支持逾 2000 款应用。

Глобальное потепление давно уже не загадка: у него конкретные имена, счета, самолёты и яхты.

OverFlame Targeted the Website of Rīgas starptautiskā autoosta

基于流量统计信息生成高保真数据包序列的网络流量生成模型ZoomSynth by ourren

基于对比学习的恶意加密流量鲁棒检测方法 by ourren

更多最新文章，请访问SecWiki

HexaForce Alliance Defaced the Website of Idealancy

Cyber incidents targeting OT in US critical infrastructure have prompted renewed federal action

比尔盖茨指责马斯克（Elon Musk）通过大幅削减美国国际援助而杀死了世界最贫困的儿童。盖茨宣布将在未来二十年加速慈善捐赠，到 2045 年关闭盖茨基金会。他在接受采访时表示马斯克此举是出于无知。盖茨举例说，马斯克终止了对莫桑比克加沙省一家医院的拨款，这笔拨款被用于防止妇女将艾滋病传染给婴儿。而马斯克以为这笔拨款是用于为巴勒斯坦加沙的哈马斯提供避孕套。盖茨基金会每年的预算将增至 100 亿美元，盖茨计划只给子女保留不到 1% 的财富。盖茨说，马斯克称美国国际开发署为“犯罪组织”，但他根本不了解该机构的职责和运作方式。

As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are trying to refine the two main elements: the lure and the “instruction” page. In the latest email campaigns documented by the Google Threat Intelligence Group, the suspected Russian threat actor tried to trick the targets into downloading malware by urging them to “solve” a fake CAPTCHA page and then press … More →

The post The many variants of the ClickFix social engineering tactic appeared first on Help Net Security.

In December, a senior Chinese cyber official offered what U.S. representatives took as tacit admission: China was behind a series of cyber intrusions targeting U.S. critical infrastructure. As reported by The Wall Street Journal, this extraordinary moment came during a closed-door meeting in Geneva—one that has since confirmed what many cybersecurity professionals have long suspected: the next stage of overt cyber action might be here.

The post How China’s Admission Reinforces the Urgency for AI-Powered, Preemptive Cybersecurity appeared first on Security Boulevard.

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io

A Threat Actor Claims to be Selling the Data of UnitedHealth Group

A vulnerability was found in Cellopoint Cellos 4.1.10 Build 20190922. It has been rated as critical. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2020-17384. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Cellopoint Cellos 4.1.10 Build 20190922. This affects an unknown part of the component URL Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2020-17385. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Cellopoint Cellos 4.1.10 Build 20190922. This vulnerability affects unknown code of the component URL Handler. The manipulation as part of Parameter leads to server-side request forgery. This vulnerability was named CVE-2020-17386. The attack can be initiated remotely. There is no exploit available.