Aggregator

青藤，让云更安全

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2024-06-27, 48 days ago. The vendor is given until 2024-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

招聘：打击涉网犯罪驻场

We explore the key capabilities of this Cuttlefish Malware through the lens of the MITRE ATT&CK framework.

让我看看

We've uncovered a path traversal vulnerability in the D-Link DIR-859 router that leads to information disclosure. This exploit allows extraction of account details and poses long-term risks since the product is End-of-Life and won't be patched.

本文精选了美团技术团队被SIGIR 2024收录的3篇论文进行解读，第一篇论文围绕如何利用深度学习，来整合广告拍卖和混排；第二篇论文扩展定义了全用户纵向联邦推荐范式，并首次提出基于检索增强的纵向联邦推荐框架ReFer，解决了跨域特征缺失问题；第三篇论文提出了一种新颖的框架——解耦对比超图学习，并应用于下一个兴趣点推荐任务中。

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.

polyfill.io, a popular JavaScript library service, can no longer be trusted and should be removed from websites

Not everyone invests in employee cybersecurity awareness training. Here's four experts' thoughts on why you should – and a way to save in the process!

CIS Benchmarks® volunteers dedicate their time and expertise to developing security standards for technology systems. Here's how Mack Bodie helps out.

Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. This new method has the potential to subvert either the built-in model safety or platform safety systems and produce any content. It works by learning and overriding the intent of the system message to change the expected behavior and achieve results outside of the intended use of the system.

The post Mitigating Skeleton Key, a new type of generative AI jailbreak technique appeared first on Microsoft Security Blog.

可能是地表最强网络安全防御演习的 Locked Shields 是如何组织评分的？

Everything you need to know about Scarlet Goldfinch, which uses fake browser updates to trick users into downloading NetSupport Manager.

by Douglas Berdeaux, Senior Security Consultant CTF redsiege.com/phoneswitch Getting Started Phone phreaking is the practice of exploring and hacking telephones, telephone switches, telephone test equipment, and physically exploring the telephone […]

A new DDoS rule resulted in an increase in error responses and latency for Cloudflare customers. Here’s how it went wrong, and what we’ve learned

In this Akamai FLAME Trailblazer blog post, Mie Elmkvist Schneider from Queue-it describes the differences between being a manager and being a leader.