Aggregator

时光飞逝，岁月如梭。又到了 2024 年底，今年你过得怎么样呢。一如往年，我们又给各位读者整理了各种数字服务与 App 的年度报告。今年的报告比前几年的丰富许多，新增了出行与轨迹方面的数据报告，一如既

A vulnerability was found in Remote Clinic 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file register-patient.php. The manipulation of the argument Full Name leads to cross site scripting. This vulnerability is handled as CVE-2021-30030. The attack may be launched remotely. Furthermore, there is an exploit available.

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vuln

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings

天文学家发现了迄今最遥远的蝎虎 BL型类星体（blazar），位于红移约 7.0 的宇宙时期，相当于宇宙年龄不到 8 亿年。蝎虎BL型类星体是一类活跃星系核，其特征是中心的超大质量黑洞驱动

天文学家发现了迄今最遥远的蝎虎 BL型类星体（blazar），位于红移约 7.0 的宇宙时期，相当于宇宙年龄不到 8 亿年。蝎虎BL型类星体是一类活跃星系核，其特征是中心的超大质量黑洞驱动高速相对论性喷流，且喷流方向几乎直接对准地球。此次发现的天体 VLASS J041009.05−013919.88（J0410−0139）其核心包含一颗质量约为太阳 7 亿倍的超大质量黑洞。其电波辐射的变化、致密结构与 X 射线特征证实，它是一颗喷流几乎直接对准地球的蝎虎BL型类星体。J0410−0139 的发现暗示，在早期宇宙中可能存在更多类似的喷流源。这些喷流可能促进黑洞快速增长，并显著影响其宿主星系的演化。

作者：Reborn, Lisa@慢雾安全团队 原文链接：https://mp.weixin.qq.com/s/bPGbEdTCKaM9uJhaRXlO6A 背景 近期，X 上多位用户报告了一种伪装成 Zoom 会议链接的钓鱼攻击手法，其中一受害者在点击恶意 Zoom 会议链接后安装了恶意软件，导致加密资产被盗，损失规模达百万美元。在此背景下，慢雾安全团队对这类钓鱼事件和攻击手法展开分析，并追...

error code: 521

2024 Marked the Government's Increasing Role Mandating Cybersecurity
Australia announced a flurry of cybersecurity legislation and regulations in 2024, spotlighting the government's intent to fortify the nation's cybersecurity in the wake of the Medibank and Optus incidents. The government vowed to transform the country into the world's "most cyber-secure."

Federal 'Rip-and-Replace' Program Gets Funding Boost in Defense Bill
The 2025 National Defense Authorization Act includes $3 billion to fund an FCC program aimed at replacing Chinese-made telecommunications equipment across the country amid heightened threats from Beijing following the discovery of the Salt Typhoon cyberespionage campaign.

The 'Eagle S' Forms Part of Sanctions-Busting Russian Shadow Fleet, Says EU
Finnish police boarded Thursday an oil tanker suspected of rupturing telecommunications and electricity cables running beneath the Baltic Sea in a Christmas Day incident. They escorted the tanker, the Eagle S, into Finnish waters as part of a criminal investigation into damage caused on Wednesday.

微软警告，使用 CD 或 U盘安装 Windows 11 v24H2 可能会导致系统无法获取未来的安全更新。如果安装媒介是基于 10 月 8 日-11 月 12 日之间发布的安全更新构建，

微软警告，使用 CD 或 U盘安装 Windows 11 v24H2 可能会导致系统无法获取未来的安全更新。如果安装媒介是基于 10 月 8 日-11 月 12 日之间发布的安全更新构建，就可能存在这一 bug。微软表示它正努力寻找永久性的解决方案，它建议通过安装媒介安装操作系统的用户使用 2024 年 12 月的安全更新构建 Windows 11 v24H2 安装媒介，以免遭遇后续更新问题。

Vulnerability / Software SecurityThe Apache Software Foundation (ASF) has released patches to addr

The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java's

Please help me my phone was hacked they had live camera access. I want to know how they h

而年轻人根本不care

速修复

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士英国信息专员办公室 (ICO) 提醒称，很多成年人不知道如何擦除老旧设备的数据，而不关心老旧设备数据的年轻人的数量之多也令人担忧。清除老旧设备中的个