Aggregator

比尔盖茨指责马斯克（Elon Musk）通过大幅削减美国国际援助而杀死了世界最贫困的儿童。盖茨宣布将在未来二十年加速慈善捐赠，到 2045 年关闭盖茨基金会。他在接受采访时表示马斯克此举是出于无知。盖茨举例说，马斯克终止了对莫桑比克加沙省一家医院的拨款，这笔拨款被用于防止妇女将艾滋病传染给婴儿。而马斯克以为这笔拨款是用于为巴勒斯坦加沙的哈马斯提供避孕套。盖茨基金会每年的预算将增至 100 亿美元，盖茨计划只给子女保留不到 1% 的财富。盖茨说，马斯克称美国国际开发署为“犯罪组织”，但他根本不了解该机构的职责和运作方式。

As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are trying to refine the two main elements: the lure and the “instruction” page. In the latest email campaigns documented by the Google Threat Intelligence Group, the suspected Russian threat actor tried to trick the targets into downloading malware by urging them to “solve” a fake CAPTCHA page and then press … More →

The post The many variants of the ClickFix social engineering tactic appeared first on Help Net Security.

In December, a senior Chinese cyber official offered what U.S. representatives took as tacit admission: China was behind a series of cyber intrusions targeting U.S. critical infrastructure. As reported by The Wall Street Journal, this extraordinary moment came during a closed-door meeting in Geneva—one that has since confirmed what many cybersecurity professionals have long suspected: the next stage of overt cyber action might be here.

The post How China’s Admission Reinforces the Urgency for AI-Powered, Preemptive Cybersecurity appeared first on Security Boulevard.

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io

A Threat Actor Claims to be Selling the Data of UnitedHealth Group

A vulnerability was found in Cellopoint Cellos 4.1.10 Build 20190922. It has been rated as critical. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2020-17384. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Cellopoint Cellos 4.1.10 Build 20190922. This affects an unknown part of the component URL Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2020-17385. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Cellopoint Cellos 4.1.10 Build 20190922. This vulnerability affects unknown code of the component URL Handler. The manipulation as part of Parameter leads to server-side request forgery. This vulnerability was named CVE-2020-17386. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Bleve. It has been classified as critical. This affects an unknown part of the component http Package. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2022-31022. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Simple Exam Reviewer Management System 1.0. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2022-42201. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Tenda 11N 5.07.33_cn. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2022-42233. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Autodesk AutoCAD and classified as critical. Affected by this issue is some unknown functionality of the file DesignReview.exe of the component DWF File Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2022-42942. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in AdminPad Plugin up to 2.1 on WordPress. Affected by this issue is some unknown functionality of the component Note Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-2762. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Terminalfour up to 7.4.0004/8.3.19. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-22220. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Ecomiz Survey TMA Module up to 2.0.0 on PrestaShop. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-24309. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability has been found in JoomUnited WP Media Folder Plugin up to 5.7.2 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-25909. The attack can be initiated remotely. There is no exploit available.