Aggregator

关键词Skype你当年用过Skype和家人朋友聊天吗？据央视新闻消息，美国微软公司旗下即时通信软件Skype正式停止运营。

Maine-Based Firm Already Facing Several Proposed Class Action Lawsuits in Breach
A Maine-based software supplier to medication infusion centers is notifying more than 118,000 individuals that their information was potentially stolen in a hack discovered in February. The firm is already facing at least five proposed federal class action lawsuits involving the data theft.

Hackers Bypass MFA to Steal Australians' Banking Credentials
Melbourne-based ANZ Bank will introduce passwordless authentication for digital banking services amid news that hackers have stolen the banking credentials of tens of thousands of Australians. Cybercriminals used infostealer malware to steal the credentials of more than 30,000 Australians.

Critics Say Public Benefit Corporation Model May Undermine AI Safety and Oversight
OpenAI’s nonprofit parent will retain control as its for-profit subsidiary becomes a public benefit corporation. While the company frames the change as mission-driven, critics fear it may strip the nonprofit of meaningful control and expose AGI development to uncontrolled commercial interests.

Hacker Breaches Government-Approved Messaging App Used by Top Trump Officials
A Signal clone messaging app apparently being used by top advisers to U.S. President Donald Trump abruptly went dark Monday following a reported hacking incident. TeleMessage said it temporarily suspended messaging services "out of an abundance of caution."

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also

阿联酋公立学校将开设 AI 课程，它正努力成为该地区的 AI 强国。AI 课程将于 2025-2026 学年面向幼儿园至 12 年级学生开设。课程内容包括道德意识、基础概念以及实际应用。阿联酋加入了越来越多将 AI 纳入学校教育的国家行列。中国上个月宣布了类似的举措，将向中小学生推出 AI 课程。阿联酋已向训练 AI 模型的数据中心进行大量投资，并设立了一支 AI 投资基金，基金规模据报道将在几年内增长到 1000 亿美元以上。

录播+直播 动手实践，实现从0到1的跨越

微软 Telnet 服务器 0Click 漏洞可使攻击者绕过身份验证获管理员权限

看雪论坛作者ID：OrionisLi

An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers. Exploit attempts have been flagged by the SANS Internet Storm Center and Arctic Wolf researchers: the attackers are using the vulnerability to upload and execute a script that contains a downloader for a Mirai bot. About CVE-2024-7399 Samsung MagicINFO is a digital signage management platform that is used to create, schedule, … More →

The post Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) appeared first on Help Net Security.

A vulnerability was found in Netgear WAC120, WAC505, WAC510, WNAP320, WNAP210v2, WNDAP350, WNDAP360, WNDAP660, WNDAP620, WND930 and WN604 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2018-21096. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear WAC505, WAC510, WAC120, WN604, WNAP320, WNAP210v2, WNDAP350, WNDAP360, WNDAP660, WNDAP620 and WND930. It has been classified as critical. Affected is an unknown function. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2018-21097. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear D7800, DM200, R6100, R7500, R7500v2, R7800, R8900, R9000, WNDR4300, WNDR4300v2, WNDR4500v3 and WNR2000v5 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Stored). This vulnerability is handled as CVE-2018-21155. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in SolarWinds WebHelpDesk 12.7.1. Affected by this vulnerability is an unknown functionality of the file TicketActions/view?tab=group of the component TSV Export Handler. The manipulation as part of Request leads to code injection. This vulnerability is known as CVE-2019-20002. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Rukovoditel 2.5.2. This issue affects some unknown processing of the component User Access Groups Page. The manipulation leads to cross site scripting (Stored). The identification of this vulnerability is CVE-2020-11822. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Huawei Honor V10 9.0.0.125(C00E125R2P14T8)/9.0.0.156(C00E156R2P14T8)/10.0.0.146(C432E4R1P4). It has been classified as critical. Affected is an unknown function of the component Driver. The manipulation as part of Parameter leads to out-of-bounds read. This vulnerability is traded as CVE-2020-1804. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Hackers are leveraging a sophisticated social engineering technique dubbed “ClickFix” to trick Windows users into executing malicious scripts on their systems. This method capitalizes on fake error pages and notifications that mimic legitimate alerts, often resembling Chrome browser errors or system warnings. These deceptive pop-ups prompt users to “fix” an alleged issue by copying and […]

The post Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

美国政府网络安全合规执法日益严格