Aggregator

A vulnerability was found in Microsoft Windows and classified as critical. This issue affects some unknown processing of the component Graphics. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-43534. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

MongoDB Queryable Encryption allows customers to securely encrypt sensitive application data and store it in an encrypted format within the MongoDB database. It also enables direct equality and range queries on the encrypted data without the need for cryptographic expertise. Adding range query support expands data retrieval options, allowing for more powerful search capabilities. You can configure Queryable Encryption using the following methods: Automatic encryption: Allows encrypted read and write operations to be performed seamlessly, … More →

The post MongoDB Queryable Encryption now supports range queries on encrypted data appeared first on Help Net Security.

加拿大多伦多大学公民实验室分析了腾讯微信的加密协议。微信早期使用了被称为“业务层加密”的自制协议，后来在业务层加密之上又加入了一层 MMTLS 加密，今天的微信同时使用了业务层加密和 MMTLS。MMTLS 是基于 TLS 1.3，微信开发者修改了 TLS 1.3 的密码学机制，在部分修改当中引入了弱点。研究人员指出，中国的应用广泛地使用自制加密法。一般状况下，选择不使用业界标竿的 TLS，并且发展自制非标准加密法，与业界公认安全的最佳做法背道而驰。MMTLS 的情况与之类似，研究人员对此表达担忧。

A vulnerability, which was classified as critical, was found in Garip Ve Ilginc Olaylar 0.1. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-7748. The attack can only be initiated within the local network. There is no exploit available.

Битва за раскопки может привести к крупной судебной тяжбе.

面对攻击者不断加码的攻击量级和手段，企业必须积极采取策略，守卫云上网络环境。

A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2024-10068. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

error code: 1106

Submit #419684 / VDB-280716

世事变化无常。在科技行业，今天你拿着高薪，但明天你可能就被解雇了。如果你在薪水最高房价最高的时间点贷款买了豪宅，那么降薪失业房价下跌会对你的精神造成巨大的冲击。美国国家经济研究局（National Bureau of Economic Research，NBER）的研究显示，高收入通常是短暂的，而低收入则是永久性的。美国皮尤研究中心的一项研究显示，过去几十年高收入人群就业流动性显著下降，收入最高的五分之一人中每年只有 7.2% 更换工作，而收入最低的五分之一人中换工作的比例为 13.3%。虽然高收入人群在被解雇后更有可能找到新工作，但新工作也更有可能降薪。富有是一种被动收入高于消费的状况，而高薪者的生活依靠的主动收入，主动收入是有风险是无法一直持续的，你需要控制收入，让收入多元化，这都需要规划。

A company has fallen victim to a cyberattack after unknowingly hiring a North Korean cybercriminal as a remote IT worker. The unidentified firm, based in the UK, US, or Australia, discovered the breach after the hacker downloaded sensitive data and issued a ransom demand. The incident highlights the growing threat of North Korean operatives infiltrating […]

The post Organization Hacked Following Accidental Hiring of North Korean Remote IT Worker appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

error code: 1106

Authors:(1) Haleh Hayati, Department of Mechanical Engineering, Dynamics and Control Group, Eindho

By collecting, analyzing, and leveraging data from security events, security analytics empowers teams to proactively detect anomalies and pinpoint vulnerabilities to mitigate targeted attacks, insider threats, and advanced persistent threats (APTs).

Security Teams Need Support, Mental Health Resources and a Focus on Resilience
Managing the aftermath of a cybersecurity incident can be grueling, and the intense pressure placed on these individuals can take a toll. Stress in the cybersecurity field, particularly post-incident, is a well-documented issue that many professionals quietly struggle with.

Most IT Restored, But UHG Is Still Catching Up and Aiming to Win Back Clients
UnitedHealth Group has raised its estimates to nearly $2.9 billion for the total costs this fiscal year of the cyberattack on its Change Healthcare IT services unit. UHG said it is also working to catch up with claims processing and to win back clients disenfranchised by the attack.

Advisory Warns Iranian Threat Actors Use 'Push Bombing' to Target Critical Sectors
Iranian cyber actors are increasingly using brute force techniques, such as password spraying and multifactor authentication push bombing, to target critical infrastructure sectors, according to a cybersecurity advisory released Wednesday by the Cybersecurity and Infrastructure Security Agency.

New NCSC Chief Also Warns of Threefold Increase in Severe Cyberattacks
The U.K. experienced a 50% spike in cybersecurity incidents posing national security risks this year, according to NCSC CEO Richard Horne. Growing advancements in emerging tech are widening the gap between offensive and defensive cyber capabilities, he warned.