Aggregator

FCIS 2024面向广大的业内专业人士征集大会议题，无论是行业大咖，亦或是行业新人，我们都期待您的加入。

Midjourney, Stability AI и другие теперь вынуждены будут раскрыть свои тайны.

A vulnerability classified as critical was found in SECOM Dr.ID Attendance System up to 3.6.2. This vulnerability affects unknown code. The manipulation of the argument page leads to sql injection. This vulnerability was named CVE-2024-7732. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Researchers studied the infrastructure behind clickbait PDF attacks by analyzing a large dataset of real-world PDFs to identify clickbait ones and their linked infrastructure and found that attackers use various hosting types, including object storage, website hosting, and CDNs.  The attackers exploit vulnerabilities in outdated software components to upload malicious PDFs, while researchers also investigated […]

The post Clickbait PDFs, An Entry point For Multiple Web Based Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

SAP has released its August 2024 security patch update, addressing 17 new vulnerabilities, including two critical flaws that could allow attackers to bypass authentication and fully compromise affected systems. The most severe vulnerability, CVE-2024-41730, affects SAP BusinessObjects Business Intelligence Platform versions 430 and 440. With a CVSS score of 9.8, this “missing authentication check” flaw […]

The post Critical SAP Flaw Let Hackers to Bypass Authentication & Compromise Systems appeared first on Cyber Security News.

Hackers always keep updating their tools and add new ones to adapt to evolving security measures, bypass defenses, and exploit newly discovered vulnerabilities.  Staying ahead of the cybersecurity advancements is completely important for them as doing so helps them maintain their ability to carry out successful cyber attacks. Cybersecurity researchers at The DFIR Report recently […]

The post Hackers Toolkit Unveiled, Comprehensive Tools For Various Cyber Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

SSLoad is a complex malware loader that mainly intrudes into desired systems via phishing emails. Once inside, it performs reconnaissance, and then transfers the collected intelligence to its handlers. SSLoad later uses any available means to get past detection as it installs different forms of harmful code into the system. This program is also designed […]

The post New SSLoad Loader Malware Attacking Users to Infiltrate Login Details appeared first on Cyber Security News.

马斯克（Elon Musk）在收购 Twitter 后向员工发送了一封最后通牒式的邮件，要求他们在 24 小时内点击 Yes 否则就被视为自愿离职。马斯克在这封标题为“A Fork in the Road”的邮件中表示，打造 Twitter 2.0 需要高强度的工作，表现出色才被视为合格。他要求员工在 24 小时做出回应，没有及时点击 Yes 的员工将给予三个月的遣散费。遭到解雇的爱尔兰高管 Gary Rooney 提起了诉讼，他辩称其合同条款明确声明，解雇需要以书面形式提出，而不是拒绝填写表格。爱尔兰劳工法庭裁决 Twitter 未给员工提供足够的通知时间，且未点击 Yes 并不能构成合法的辞职行为。它要求 Twitter（现更名为 X）向 Rooney 赔偿 60 万美元。它基本同意 Rooney 被不公平的解雇。Twitter 可以对这一裁决提起上诉。据 X 高级人力总监 Lauren Wegman 作证，270 名收到邮件的爱尔兰员工中只有 35 人没有点击 Yes。

本周，互联网网络安全态势整体评价为良。

Cryptocurrency scams have changed along with digital currencies and they now employ technological advancements like AI and deepfakes in their sophisticated frauds. The CryptoCore group is an example of these methods where celebrity images are used, major events are exploited, and hijacked social media accounts are taken across platforms such as YouTube, Twitter, and TikTok. […]

The post CryptoCore, Sophisticated Cryptocurrency Scam Attacking Users To Drain Wallets appeared first on Cyber Security News.

Злоумышленники атакуют сервера компаний, воруют данные, шифруют важную информацию и требуют выкуп.

“两高一弱”问题一直是网络安全领域的重要关注点，即高危漏洞、高危端口和弱口令。特别是在网络安全防护已进入实战化 […]

周一，乌克兰计算机应急响应小组 (CERT-UA) 披露，攻击者冒充乌克兰安全局 (SSU) 使用恶意垃圾邮件来攻击并破坏该国政府机构的系统，成功使用 AnonVNC 恶意软件感染了 100 多台计算机。 “下午好，为了对一些组织进行全面检查，我要求您在 2024 年 8 月 15 日之前向位于 01601, Kyiv 1, str. Malopodvalna, 16 的 SBU 总局提交所需文件清单。请下载官方请求：Dokumenty.zip。”恶意电子邮件写道，并链接到一个假装是 SSU 所需文件清单的附件。 这些攻击开始于一个多月前，电子邮件中推送指向 Documents.zip 存档的超链接，而该存档会从 gbshost[.]net 下载用于部署恶意软件的 Windows 安装程序 MSI 文件。 尽管 CERT-UA 没有对该恶意软件功能进行具体描述，但它表示，该恶意软件使被跟踪为 UAC-0198 的威胁组织能够秘密访问受感染的计算机。 攻击流程（CERT-UA） “CERT-UA 已发现超过 100 台受影响的计算机，尤其是中央和地方政府机构的计算机。 ”CERT-UA表示，“请注意，相关的网络攻击至少自 2024 年 7 月就开始了，而且可能涉及更广泛的地域。”   消息来源：BleepingCompute，译者：YY；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

直播 | 数安三人行：一次聊透“工业互联网接入安全”

尽管无法完全计算成本，但有70%的遭受数据泄露的企业报告称其业务受到了重大影响。

Учёные создали первую в мире стандартизированную базу данных для тестирования детекторов ИИ.

LoanDepot通过SEC报告披露称，今年1月曝光的勒索软件攻击相关的费用总计超1.92亿元。

近日，FreeBSD 项目的维护者针对OpenSSH 高危漏洞发布了紧急补丁。

在近日举行的2024年度Defcon黑客大会上，安全公司IOActive的研究员披露了AMD处理器的一个名为“Sinkclose”的难以修复的严重漏洞。

全球数据跨境流动合规 半月观察（第三十三期）