Aggregator

当地时间8月28日，Mandiant和Google Cloud发布研究报告，称一个伊朗黑客组织通过社交媒体平台散布虚假的招聘网站和工作机会，以此作为诱饵内容，目的是识别可能与以色列等外国对手合作的伊朗人。

Submit #396298 / VDB-276075

Submit #396297 / VDB-276074

Submit #396294 / VDB-276073

雷神众测2023年度Top白帽榜单公、新人榜单公布！现金奖励&游学奖励他全有啦！！

1雷神众测2023年度Top白帽榜单在信息时代的浪潮中，网络安全成为了我们生活中不可或缺的一部分。为了确保我们的个人隐私、企业数据和国家安全，安全专家们不断努力着，保护着我们的数字世界。今天，我们将为

In my previous diary[1], I explained why Python became popular for attackers. One of the given reas

Технология TENG бросает вызов солнечным батареям.

Бывшие агенты ЦРУ рассказали, как Северная Корея нашла источники дохода на Западе.

The Wireshark Foundation has announced the release of Wireshark 4.4.0, marking a significant update to the popular open-source network protocol analyzer. This latest version introduces a range of new features, improvements, and bug fixes, enhancing the tool’s capabilities in network analysis. Enhanced Graphing Capabilities One of the standout features of Wireshark 4.4.0 is the comprehensive […]

The post Wireshark 4.4.0 Released – What’s New! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

为了应对日益复杂的网络威胁，网络安全领域公司CrowdStrike近日宣布与全球领先的图形处理器制造商英伟达展开合作。

In light of recent cybersecurity events, a critical SolarWinds Web Help Desk vulnerability has been revealed. Although SolarWinds patches pertaining to the vulnerability have been released, if it were to be exploited, it could lead to the execution of arbitrary code on certain instances. In this article, we’ll dive into the details of the vulnerability […]

The post SolarWinds Patches: Severe Web Help Desk Vulnerability Fixed appeared first on TuxCare.

The post SolarWinds Patches: Severe Web Help Desk Vulnerability Fixed appeared first on Security Boulevard.

TIBER (Threat Intelligence-Based Ethical Red Teaming) is a framework introduced by the European Cent

Как украденные личности позволили хакерам безнаказанно действовать на протяжении долгого времени.

Как смена ОС повлияет на работу сервиса?

韩国黑客组织 APT-C-60 利用了 Windows 版 WPS Office 的一个 0day 在目标设备上安装后门 SpyGlace。WPS 是金山开发的办公软件，在全球有逾 5 亿活跃用户。黑客利用的 0day 被称为 CVE-2024-7262，影响版本从 12.2.0.13110（2023 年 8 月）到 12.1.0.16412（2024 年 3 月）。金山在 3 月悄悄修复了漏洞，但没有向客户披露该漏洞正被活跃利用，促使安全公司 ESET 就该漏洞公布了一份详细报告。CVE-2024-7262 与软件如何处理自定义协议处理器的方式相关，其中 ksoqing:// 允许文档中嵌入的特制 URL 执行外部应用。APT-C-60 创建了 MHTML 文件，嵌入了隐藏在诱饵图像下的恶意超链接，引诱受害者点击图像触发漏洞。金山修复 CVE-2024-7262 的补丁并不完整，ESET 研究人员发现了第二个任意代码执行的高危漏洞 CVE-2024-7263。金山在 5 月修复了新的漏洞。为修复这两个漏洞 WPS 用户需要尽可能快的升级到 v12.2.0.17119 及以上版本。

A critical vulnerability has been identified in App::cpanminus (cpanm), a widely used tool for downloading and installing Perl modules. This vulnerability, CVE-2024-45321, exposes users to potential cyber threats. It allows attackers to intercept and manipulate traffic during module installation. CVE-2024-45321 – Vulnerability Details App::cpanminus, known for its lightweight and efficient handling of Perl module installations, […]

The post Critical Vulnerability in Perl Module Installer Let Attackers Intercept Traffic appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

本文以三个示例从易到难地演示一种名为JS RPC的技术