Aggregator

涵盖.NET Remoting新技巧、VEH绕过EDR、AppLocker漏洞、Python SMB 445端口接管、红蓝队攻防策略之AS_REP Roasting等

Fighting Ursa, a Russian APT, has employed a car sales phishing lure to distribute the HeadLace backdoor malware targeting diplomats since March 2024. This strategy mirrors previous campaigns by the group and other Russian threat actors.  The attack leveraged public, free infrastructure services and exploited user clicks on malicious content within the car advertisement.  Hackers […]

The post Hackers Infect Windows With Backdoor Malware Via “Car For Sale” Ad appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

360携手共青团发布数字安全科技人才激励计划

全国信息安全行业产教融合共同体2024年年会圆满召开

共话企业数字化转型之路 ISC.AI 2024为企业数转智改保驾护航

The notorious Mirai botnet has been observed exploiting a recently disclosed directory traversal vulnerability in Apache OFBiz. This Java-based framework, supported by the Apache Foundation, is used for creating ERP (Enterprise Resource Planning) applications, which are critical for managing sensitive business data despite being less prevalent than commercial alternatives. Vulnerability Details and Exploitation According to […]

The post Mirai Botnet Attacking Apache OFBiz Directory Traversal Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Attackers uploaded malicious Python packages targeting Raydium and Solana users to PyPI, leveraging a StackExchange post to distribute the malware.  The multi-stage malware stole sensitive data, drained cryptocurrency wallets, and established persistent backdoor access, bypassing Windows security protections, underscoring the vulnerability of software supply chains and the ineffectiveness of traditional endpoint security solutions against modern […]

The post Hackers Abused StackExchange Platform To Deliuver Malicious Python Package appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Решение Meta вызывает опасения относительно будущего сетевой прозрачности.

在希腊神话中，当阿芙罗狄蒂的脚被一根刺刺破，鲜血洒在白玫瑰上时，红玫瑰首次出现。玫瑰并非唯一带刺的植物。根据发表在《科学》期刊上的研究，冷泉港实验室(CSHL)发现，尽管数百万年的进化分离，同一个古老的基因家族对许多植物的刺负责。研究人员找到了一个名为 LONELY GUY(LOG)的基因家族。LOG 基因通常负责产生一种导致细胞分裂和扩张的激素。研究小组在大约 2 0个物种中发现了刺与 log 相关的基因。

2024年7月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1904.1万件，环比下降4.4%、同比增长7.1%。

近日，中国互联网联合辟谣平台对7月网络谣言进行了梳理分析。网上数据监测和网民举报显示，当月网络谣言主要集中在编造涉汛谣言、杜撰民生政策、虚构社会事件等方面。

发布不实信息诋毁企业形象、以负面信息要挟企业开展商业合作……前不久，国家网信办公布了一批破坏营商网络环境的典型案例，查处了一批涉企违法违规账号，为优化营商网络环境助力。

8月1日，欧盟《人工智能法案》正式生效。该法案是全球首部全面监管人工智能的法规，标志着欧盟在规范人工智能应用方面迈出重要一步。

近日，公安部、国家互联网信息办公室等部门联合发布了《国家网络身份认证公共服务管理办法（征求意见稿）》，旨在通过建设网络身份认证公共服务基础设施，统一签发“网号”“网证”，以加强网络身份管理，保护个人隐私，并推进网络可信身份战略。

目前，我国在针对智能网联汽车网络攻击事件的分析溯源手段上存在不足，亟需完善相关管理体系和技术能力建设，以促进提升智能网联汽车安全保障水平，推动车联网产业高质量发展。

点击文章，了解最前沿的国际网安资讯！

目前「FreeBuf网安知识大陆」三大特色功能已经成熟，分别是播客、电台和帮会（私域）。

Mint-Stealer is a Malware-as-a-Service tool designed to exfiltrate sensitive data from compromised systems stealthily and targets a broad spectrum of data, including web credentials, cryptocurrency wallet details, gaming credentials, VPN configurations, messaging app data, and FTP client information.  Employing encryption and obfuscation, Mint-Stealer evades detection while actively stealing data. Distributed through dedicated websites and supported […]

The post Mint-stealer Targeting web browsers, VPN clients & messaging apps to Steal Logins appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

KCon大会培训日回归！课程人员有限，先到先得~

KCon大会议题巡展正式开启