Aggregator

2024年7月，Microsoft官方发布公告，披露 CVE-2024-38077 Windows Server 远程桌面授权服务(Remote Desktop Licensing Service，简称RDL) 远程代码执行漏洞。

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

At the recent Black Hat USA conference, security researcher Michael Bargury unveiled alarming vulnerabilities within Microsoft Copilot, demonstrating how hackers can potentially exploit this AI-powered tool for malicious purposes. This revelation underscores the urgent need for organizations to reassess their security measures when using AI technologies like Microsoft Copilot. Bargury’s presentation highlighted several methods through […]

The post Researchers Demonstrate How Hackers Can Exploit Microsoft Copilot appeared first on Cyber Security News.

腾讯云 DNSPod 官方8月9日发文，称监测到国内大量家用路由器的 DNS 解析配置被篡改，从而影响到了正常的网站和 App 访问。

Почему продолжают ужесточать контроль над онлайн-пространством.

Entrust, a once-trusted Certificate Authority (CA), has faced a significant setback as Google and Mozilla have announced they will no longer trust Entrust's SSL/TLS certificates due to security concerns. This move leaves current Entrust customers scrambling to find alternative CAs to ensure secure digital connections. The article emphasizes the urgency of transitioning to a new, reliable CA, such as Sectigo, to avoid potential cybersecurity risks and ensure continued protection. It also outlines steps for migrating certificates, stressing the importance of active management and automation in maintaining digital security.

The post Entrust distrust: How to move to a new Certificate Authority appeared first on Security Boulevard.

Such is the industry, that RISC-V, an open and extensible instruction set architecture (ISA) has now invaded the CPU market, opening up many opportunities for new entrants. It has gained a lot of traction through Linux kernel support as well as being adopted by consumer devices and cloud platforms. However, RISC-V’s flexible nature has led […]

The post GhostWrite Vulnerability Let Hackers Read And Write Any Part Of The Computer’s Memory appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Специалист предотвратил кибератаки на несколько крупных компаний.

在儿童游戏市场占据主导地位的美国游戏公司 Roblox 被土耳其封杀，理由是儿童剥削问题。Roblox 允许用户去设计自己的游戏、物品及衣服，以及游玩自己和其他开发者创建的各种不同类型的游戏，这些游戏均使用编程语言 Lua。Roblox 有逾 1.64 亿月活跃用户，美国 16 岁以下儿童半数以上在玩。由于 Roblox 平台的“开发者”主要是儿童，因此它也受到了利用童工的批评。现在土耳其政府认为 Roblox 通过非法行为剥削儿童，因此在全国范围内无限期禁止用户和创作者访问该平台。土耳其媒体称，其它原因包括宣传恋童癖的虚拟派对以及赌博问题。Roblox 发表声明表示将努力恢复在土耳其的访问。

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Every software and operating system vendor has been implementing security measures to protect their products. This is due to the fact that threat actors require a lot of time to find a zero-days but require less time to find a readily available exploit for a vulnerable software. This brought them to the thought where they […]

The post Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Мессенджер заблокирован по требованию ведомства.

意见反馈截止时间为2024年8月25日。

新的“重要场景漏洞计划（ISVP）”计划重点关注与任意代码执行、设备解锁、数据提取、任意应用程序安装和绕过设备保护相关的漏洞。

亚马逊为了提振电商业务，正在加快在中国争取卖家的步伐。在当地相继新设网点，还举行面向卖家的研讨会。此举是为了对抗以低价杂货等为优势不断增长的 Temu 等竞争对手，增加具有价格竞争力的商品。“推动中国品牌走向世界”，7 月底亚马逊在广东省深圳市举办了面向电商卖家的活动，发出了这样的呼吁。 亚马逊一直在中国削减面向普通消费者的业务。2019 年关闭了中国国内的电商服务，最近结束了电子书服务 kindle。销售海外商品的跨境电商(EC)继续面向中国消费者提供服务，但存在感较弱。另一方面，作为中国境外的电商的商品供应地，重新评估中国，正在开拓卖家。

您有一份周报待查收......

A sophisticated mobile attack vector involves a deceptive iOS update that masquerades as the legitimate iOS 18, tricking users into installing malicious code.  The persistence mechanism allows threat actors to maintain covert control over the compromised device, facilitating data exfiltration and continued device exploitation without user awareness.  Understanding the intricate workings of such attacks necessitates […]

The post Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

苹果即将于秋季释出的新桌面操作系统 macOS Sequoia 对屏幕录像类权限实施了更严格的控制。对于屏幕截图应用和屏幕录像应用，用户需要每周和每次重启计算机后授予应用明确的访问权限。苹果引入了一个新的系统提示，提​​醒用户应用何时有权访问其计算机的屏幕和音频。测试版用户已经注意到了这一现象，他们被反复提示是否允许应用访问屏幕，很多人认为这是 bug，但苹果应用开发者确认这是新特性。

漏洞原理就是HTTP/2协议有一个bug，它使得用户单方面可以取消通信，而服务器需要耗时来处理该响应，从而导致拒绝服务。