Aggregator

新一代信息技术及网络应用不断创新，特别是人工智能、大数据等新技术的快速发展与成熟，使网络及网络应用深入国家和社会生活的各个领域。与之相伴，数据、虚拟身份、算法和信息系统都成为具有高价值的目标。

Hunters International has deployed a novel C# malware dubbed SharpRhino as an initial infection vector and persistent Remote Access Trojan (RAT).  Delivered through a typosquatting domain that looks like an Angry IP Scanner, SharpRhino uses techniques that have never been seen before to increase privileges, let the group move laterally without any problems, and then […]

The post Network Admins Beware! SharpRhino Ransomware Attacking Mimic As Angry IP Scanner appeared first on Cyber Security News.

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs. Both the libraries did not attract

Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.  The challenge for many is detecting those threats before they lead to full

Scalable package scanning within PyPi and npm using GuardDog software identified two malicious packages linked to a DPRK-aligned threat actor cluster dubbed “Stressed Pungsan.”  The cluster strongly aligns with Microsoft’s MOONSTONE SLEET, indicating a sophisticated supply chain attack vector. The packages are initial access points for malware distribution, enabling data exfiltration, credential theft, and lateral […]

The post North Korean Hackers Attacking Windows Users With Weaponized npm Files appeared first on Cyber Security News.

Hackers often target Window Smart App Control and SmartScreen security flaws to launch malicious code and applications for their illicit purposes. Threat actors aiming to undermine Windows security features can use these vulnerabilities to seize illicit access, steal sensitive data, and compromise system integrity. Cybersecurity researchers at Elastic Security Labs discovered Windows Smart App Control […]

The post Windows Smart App Control & SmartScreen Flaw Let Hackers Hijack Systems appeared first on Cyber Security News.

Google addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-severity flaw, tracked as CVE-2024-36971, impacting the Android kernel. The IT giant is aware that the vulnerability has been actively exploited in the wild. The company did not share details of the attacks exploiting this vulnerability. The vulnerability […]

Google warns of an actively exploited Android kernel flawGoogle addressed an actively exploite

SecurityScorecard claims almost all of the world’s biggest public companies are connected to a supply chain breach

汽车安全技术的又一次飞跃。

对于处于弱势地位的消费者而言，「仅退款」是电商维权的最后一道保障。

每日更新当天鲜活情报和热点漏洞

Спорные изменения вызвали незамедлительную реакцию юристов.

Four beginner-friendly website hacking techniques to try on your next pentest (with live “follow-along” examples)!

ISC.AI 2024安全大模型联合峰会在京举办，共探数字安全新机遇

360数据安全“北极星守护”全系列产品正式发布

中国安全浪潮席卷世界舞台，360亮相Black Hat USA 2024

文章转载自云数智观察大模型虽然不是万能的，但是没有大模型又是万万不能的。以AI大模型为动力引擎，AI正在重塑

速修复

抓住致命弱点，反败为胜