Aggregator

一、境外厂商产品漏洞 1、PDF-XChange Editor栈缓冲区溢出漏洞（CNVD-2024-33502）

2024年07月22日-2023年07月28日 本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。

Onyx Sleet, a cyber espionage group also known as SILENT CHOLLIMA, Andariel, DarkSeoul, Stonefly, and TDrop2, mainly targets the military, defense sector, and technology in the United States, South Korea, and India. The group historically used spear-phishing, but they have now started using N-day vulnerabilities, such as in their October 2023 attack on TeamCity. To […]

The post North Korean Onyx Sleet Using Group Of Malware And Exploits to Gain Intelligence appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

文章讲述了利用Nginx WebUI的RCE漏洞进行渗透测试，通过Python脚本和NPS工具，成功获取内网服务和数据库访问权限的过程。

国内ai，注册几个使用，视频生成需要申请内测，现在申请大概率秒过。 可以设置不同氛围，运镜，风格。   卡通3d风格，怎么说呢，感觉有点一言难尽。。。 https://chatglm...

Cisco has issued patches for multiple products affected by a critical vulnerability in the RADIUS protocol. The vulnerability, identified as CVE-2024-3596, was disclosed by security researchers on July 7, 2024. This flaw allows an on-path attacker to forge responses using a chosen prefix collision attack against the MD5 Response Authenticator signature. Cisco has been actively […]

The post Cisco Patches the Products Impacted by RADIUS Protocol Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Последствия атаки на Selenium Grid приводит к разным последствиям - от потери ресурсов до утечки данных.

据纽约时报27日报道，韩国国防情报指挥部遭遇重大泄密事件，敏感情报流向朝鲜，包括海外特工的个人信息。这一事件对韩国情报收集能力构成严重威胁，可能削弱其对朝鲜的情报优势。韩国军方已启动调查，计划对泄密责任人采取严厉措施。

Linux 系统上广泛使用的 Ghostscript 文档转换工具包中存在一个远程代码执行漏洞，目前正在遭受攻击。

本期CNCERT国家工程研究中心安全资讯周报共收录安全资讯29篇。点击文章，快速阅读最新资讯。

Квантовая механика и фармацевтика – союз, который изменит будущее науки.

Группа вымогателей похитила 1,7 ТБ данных и угрожает их публикацией.

7月26日消息，英国皇家联合军种国防研究所（RUSI）发表了文章《俄罗斯网络战重心转向乌克兰前线》，作者为谷歌云旗下曼迪安特公司网络谍报分析经理Dan Black。

ESET Research在一个地下论坛上发现了一个针对Android Telegram的零日漏洞广告。

本期关键基础设施安全资讯周报共收录安全资讯29篇。点击文章，快速阅读最新资讯。

Атаки на цепочку поставок становятся всё более разрушительными…

抖音敏感数据专测第三期来啦！

尽管前路仍有诸多挑战，需要投入更多精力和资源去完善和提升，但不容置疑的是，从实施至今，CISA的“安全设计”倡议已经取得了显著的成效。

Корпорация обещает исправить баги в топовых CPU.

The French government has investigated a malware attack that compromised approximately 3,000 machines within the country. The attack, part of a more extensive botnet operation affecting millions globally, has raised serious concerns about cybersecurity as France prepares to host the upcoming Olympic Games. Discovery and Initial Response The investigation began following a report from Sekoia, […]

The post French Govt Investigating Recent Malware Attack that Compromised 3,000 Machines appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.