Aggregator

Ритейл на мушке: почти половина всех утечек — из магазинов.

如果美国反垄断机构强迫 Google 出售 Chrome，OpenAI ChatGPT 负责人 Nick Turley 表示该公司有意收购这款最流行的浏览器。Chrome 是目前市场份额最高的浏览器，很多第三方浏览器也是在 Chrome 开源版本 Chromium 基础上进行的二次开发。Nick Turley 在法庭上作证称，该公司目前与 Google 没有任何合作关系。去年 7 月 OpenAI 曾联络 Google 以在 ChatGPT 中集成 Google 搜索服务，但遭到拒绝，目前 ChatGPT 使用的是微软的 Bing 搜索服务。

俾路支解放军（BLA）曾是巴基斯坦西南部荒漠山地中的隐秘幽灵，依托峡谷与山隙，对基础设施展开零星袭扰。然而，

在2023年6月的一个夜晚，加拿大不列颠哥伦比亚省的一座锡克教寺庙外，锡克分离主义领袖哈迪普·辛格·尼贾尔倒

By connecting powerful language models like GPT-4o and Claude Sonnet 3.5 to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks: from fixing bugs in live GitHub repositories and solving cybersecurity challenges, to browsing the web or executing custom workflows. “SWE-agent was the first open source agent to ever demonstrate significant numbers on the SWE-bench benchmark, i.e., it was the first software engineering agent that showed promising results in solving GitHub … More →

The post SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories appeared first on Help Net Security.

Bethesda 与 Virtuos 合作使用虚幻引擎 5 开发了《上古卷轴IV：湮灭重制版》，游戏容量从 5 GB 暴增到了 125 GB。《重制版》包含了两部资料片：《战栗孤岛》和《九圣灵骑士》，但部分 DLC 如马匹护甲套装需要玩家额外付费购买，目前游戏不支持 MOD，中文汉化被认为质量较低。Bethesda 称，重制版的开发始于 2021 年，游戏的美术资源从零开始进行了重建，采用了先进的实时光照系统精确模拟光线与环境接触时的行为，所有角色的行走动作与模型都经过了彻底的重制，对游戏系统进行了改进以更符合当代玩家的口味，用户界面也重新进行了设计。Bethesda 表示重制版既保留了原作的风貌与魅力，又在视觉效果上得到了脱胎换骨般的新生，还在游戏系统上获得了更符合现代玩家习惯的细致调整。《重制版》同一天登陆 Xbox 版、PS5 以及 Steam，并加入了 XGP 订阅。根据 Steam 上的统计，同时在线玩家人数突破了 18 万。

Как преступники получают крипту, даже не добывая её.

Currently trending CVE - Hype Score: 20

Currently trending CVE - Hype Score: 22 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

HackerNews 编译，转载请注明出处： 联合国警告称，网络诈骗活动正以工业化规模在东南亚及更广区域扩张。 联合国毒品和犯罪问题办公室（UNODC）新报告《拐点：东南亚诈骗中心、地下银行与非法在线市场的全球影响》披露了相关发现。 报告指出，诈骗中心由“复杂的跨国集团与洗钱者、人口贩子、数据中介及日益增多的专业服务提供商组成的犯罪集团驱动”。 这些组织倾向聚集在缅甸与柬埔寨等“脆弱”边境地区，大型整合集团正取代分散诈骗团伙，建设“工业科技园区、赌场及酒店”。 UNODC表示，此类集团利用腐败官员“进一步渗透东南亚许多偏远、脆弱及防护薄弱的地区，并日益向其他区域扩张”，年获利达数百亿美元。 报告警告称：“当前越来越明显的是，东南亚已发生可能无法逆转的溢出效应，犯罪集团可自由选择司法管辖区、转移业务与资产，导致局势迅速超出政府管控能力。” 据称，数十万被贩运受害者与“谋划者”共同推动产业扩张，通过犯罪市场、赌博平台、无证支付处理商、加密通信平台、稳定币及区块链网络等在线服务牟利。UNODC指出，生成式人工智能（GenAI）被滥用于诈骗的案例正日益增多。 联合国补充声明，2023年这些亚洲犯罪集团在本土通过网络诈骗获利约370亿美元，同时将业务扩展至非洲、南美、南亚及太平洋岛屿等遥远地区。报告呼吁采取多管齐下应对措施，包括提高政治意识、强化监管框架、加强跨机构与区域合作、提升执法部门技术能力。 UNODC东南亚及太平洋地区代理代表Benedikt Hofmann认为，犯罪集团扩张旨在对冲未来风险与干扰。“它像癌症般扩散，”Hofmann强调，“当局在某区域打击，但其根源永不消失；它们只是转移。这导致该区域实质上成为由复杂集团自由利用漏洞的相关联组织，从而危及国家主权，扭曲政策制定流程及其他政府体系。”     消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

送给摄影师的一封情书。

「反垄断」为虚，想快速获取现成的巨量用户，才是 OpenAI 的真正用意。

Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy

With billions of users, YouTube has become a tempting target for cybercriminals. They post malicious links in video descriptions and comments. Some send phishing emails to creators, posing as sponsors but attaching malware. Others hijack popular channels to promote fake cryptocurrency giveaways. Deepfake videos have entered the mix, using AI to impersonate well-known public figures. This article looks at the most common scams found on YouTube and how they work. Malware in video descriptions and … More →

The post The dark side of YouTube: Malicious links, phishing, and deepfakes appeared first on Help Net Security.

Custom-Crafted, Qantas-Spoofing Emails Target Australian Victims

The post Custom-Crafted, Qantas-Spoofing Emails Target Australian Victims appeared first on Security Boulevard.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0. It has been classified as problematic. This affects an unknown part of the file avrc_pars_ct.cc of the component AVRC Response Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2022-20483. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Google Android 10.0/11.0/12.0. Affected by this issue is the function setEnabledSetting of the file PackageManager.java. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2022-20476. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Android 10.0/11.0/12.0/13.0. This affects the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2022-20478. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Android 10.0/11.0/12.0/13.0 and classified as problematic. This vulnerability affects the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. This vulnerability was named CVE-2022-20479. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0 and classified as problematic. This issue affects the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2022-20480. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.