Aggregator

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

The Foundation for Defense of Democracies has warned that Chinese-made LIDAR sensors could be weaponized for espionage

针对七大行业进行供需两端的市场及技术趋势分析。今天走进教育行业。

勒索防护新思路｜通过验证提升勒索防护能力

Группа специалистов становится на стражу целостности голосования.

Trying to hack Thermopro TP25

KDE 项目今年 8 月底宣布，从 Plasma 6.2 开始将在桌面环境中直接请求捐款。用户会在每年的 12 月看到一次系统通知，请求向非盈利组织 KDE e.V.捐款。开发者表示他们尽最大努力减少请求捐款的系统通知的恼人程度，通知很小且不显眼，容易关闭。关闭之后一年之后才会再次出现。用户也很容易永久关闭该通知。现在 12 月已经过去了一天，请求捐款的系统通知是否有效？开发者报告，非常有效，KDE e.V.在一天内收到的捐款两倍于之前一整个月收到的捐款。对社交网络上相关评论的跟踪显示，大部分用户对此都持正面态度，几乎没有差评。Kubuntu 和 Debian 等主流发行版尚未使用 Plasma 6.2 桌面，开发者猜测明年 12 月的情况可能会更好。

OpenAI正在考虑在ChatGPT中针对免费用户投放广告以平衡成本支出

A vulnerability was found in Netgear WGR614 V8/V9. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument "?") leads to improper input validation. This vulnerability is handled as CVE-2008-6122. The attack may be launched remotely. Furthermore, there is an exploit available.

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a full account takeover. The vulnerability, uncovered during a penetration testing exercise, hinges on misconfigurations within Salesforce Communities, particularly exploiting the Salesforce Lightning component framework. The implications of this vulnerability are severe, affecting both data security and privacy. Attackers could gain access […]

The post Salesforce Applications Vulnerability Could Allow Full Account Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

上周关注度较高的产品安全漏洞(20241125-20241201)

CNVD漏洞周报2024年第48期

官方紧急延长售油运营时间

A vulnerability has been found in Sun Solaris up to 7.0 and classified as critical. This vulnerability affects unknown code of the component profil. The manipulation leads to improper privilege management. This vulnerability was named CVE-1999-0674. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

亚马逊AWS开设线下门店专门提供高带宽数据上传 带着你的硬盘去门店就行

Our Favorite Word Is the One That Makes Us The Dumbest

Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives companies complete control over their data. Nextcloud Talk collaboration software delivers highly secure, GDPR-compliant communication while providing all the essential features modern teams require, from chat and video conferencing to webinars. Its open architecture enables integration with existing systems and allows for the customization of solutions tailored to specific needs. Nextcloud Talk highlights High-security … More →

The post Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams appeared first on Help Net Security.