Aggregator

国家计算机病毒应急处理中心依据《网络安全法》《个人信息保护法》《App违法违规收集使用个人信息行为认定方法》等法律法规及相关国家标准要求，近期通过互联网监测发现14款移动应用存在隐私不合规行为。

近年来，电信网络诈骗已成为全球性问题，严重威胁着社会安全与经济发展。中国与东盟国家作为地理相邻、经济互联的伙伴，面对电诈犯罪的跨境蔓延，中国与东盟在打击电诈领域达成了一系列重要合作。

近日，国家计算机病毒应急处理中心和计算机病毒防治技术国家工程实验室依托国家计算机病毒协同分析平台在我国境内捕获发现针对我国用户的仿冒我国国产人工智能大模型“DeepSeek”官方APP的安卓平台手机木马病毒。

个人信息保护事关广大人民群众的切身利益，事关国家数据安全。党的二十届三中全会通过的《中共中央关于进一步全面深化改革、推进中国式现代化的决定》要求“提升数据安全治理监管能力”。

点击文章，了解最前沿的国际网安资讯！

A vulnerability classified as critical has been found in Autonomy Ultraseek. This affects an unknown part of the file cs.html of the component Search Engine. The manipulation leads to link following. This vulnerability is uniquely identified as CVE-2009-0347. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Chunghwa Telecom topm-client up to 0.3.17 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component API. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-12645. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Chunghwa Telecom tbm-client up to 0.3.20 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-12644. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12664. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12665. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Animated Counters Plugin up to 2.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11905. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Slope Widgets Plugin up to 4.2.11 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-11902. It is possible to launch the attack remotely. There is no exploit available.

人类的大脑日益受到现代技术的冲击。注意力经济专家 Dan Nixon 说，我们的精神生活比以往任何时候更支离破碎和更分散，“APP 和通知在不断争夺注意力，将我们的注意力货币化。”据估计，数字宇宙规模每两年翻一番，每天产生 2.5 quintillion 字节的数据。大部分数据都在我们的指尖。人们每天在 PC、笔电、平板、手机、电视和游戏机等设备上的屏幕时间从 2012 年的 9 小时增加到 2019 年的 11 小时，其中花在手机上的时间增加了约两个小时。对注意力不断增长的需求受到了注意力供应有限的限制。试图吸收太多内容会对我们的认知能力产生负面影响。在刺激之间切换会缩短注意力，超出大脑负荷会导致精神疲劳、记忆力受损和压力增加。数字干扰会阻碍创造性思维，信息过载带来的压力和焦虑会削弱恢复能力。

A security researcher recently uncovered a high-risk Insecure Direct Object Reference (IDOR) vulnerability in ExHub, a cloud hosting and collaboration platform used by over 2 million developers. The flaw enabled attackers to manipulate web hosting configurations for any project hosted on the platform without authorization, potentially disrupting critical services or enabling further exploits. The discovery […]

The post IDOR Vulnerability in ExHub Allows Attackers to Alter Hosting Configurations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […]

The post 17th February – Threat Intelligence Report appeared first on Check Point Research.

Исчезнет ли цензура на федеральном уровне после выполнения требований Дональда Трампа?

A vulnerability classified as critical has been found in Google Go up to 1.2.3. This affects an unknown part. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2024-45339. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NEC WX1500HP and WX3600HP. It has been classified as critical. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-0356. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in NEC WG2600HS, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP and WX4200D5. It has been declared as problematic. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-0354. The attack can be initiated remotely. There is no exploit available.