Aggregator

作为创业者，DeepSeek爆火给我的「七点启示」

超过 150 万人数据泄露：康涅狄格州和加利福尼亚州医疗系统遭遇网络攻击；纽约血液中心因勒索软件入侵而中断运营 | 牛览

新闻速览 2025年2月Android安全更新修复48个漏洞，包括一个已被利用的内核零日漏洞 微软宣布停止支持 […]

文章探讨了组织在安全运营中选择自建内部安全运营中心（SOC）或外包给管理安全服务提供商（MSSP）的优缺点。自建SOC提供全面控制和定制化解决方案，但成本高昂且依赖专业人才；外包MSSP则更具灵活性和经济性，但可能面临第三方风险和依赖性问题。混合模式结合两者优势，根据组织需求量身定制解决方案。最终选择需权衡资源、风险承受能力和长期战略目标。

对于一个组织来说，是自建内部安全运营中心(SOC)还是将安全运营外包给管理安全服务提供商(MSSP)，是最关键 […]

A vulnerability, which was classified as critical, has been found in Intel AMT. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2022-29893. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Support up to 21.07.40 on Android and classified as problematic. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2022-30691. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Support up to 21.07.40 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to permission issues. This vulnerability is known as CVE-2022-36367. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Intel NUC M15 Laptop Kit up to <=1.2. This issue affects some unknown processing of the component BIOS Firmware Handler. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2022-32569. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Intel NUC 11 EBTGL357.0065. Affected is an unknown function of the component BIOS Firmware. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2022-33176. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Intel NUC Board and NUC Kit and classified as critical. Affected by this vulnerability is an unknown functionality of the component BIOS Firmware Handler. The manipulation leads to improper input validation. This vulnerability is known as CVE-2022-34152. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Intel NUC 10. This affects an unknown part of the component BIOS Firmware Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2022-36789. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Intel DCM up to 4.x. Affected is an unknown function. The manipulation leads to protection mechanism failure. This vulnerability is traded as CVE-2022-33942. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Intel Glorp and classified as critical. This vulnerability affects unknown code. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2022-30548. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Intel EMA up to 1.7.x and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-30297. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Nickolas Grigoriadis Mini Web server 0.0.6 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2007-0919. The attack can be initiated remotely. Furthermore, there is an exploit available.

这篇文章介绍了SANS Internet Storm Center网站的功能和信息，包括网络监控、威胁检测培训课程以及实时网络安全数据。值班人员Xavier Mertens负责处理相关事务，当前威胁级别为绿色（较低）。

谷歌宣布Chrome 134.0版本将默认启用自动画中画模式，切换标签页时正在播放的音频或视频会自动进入小窗口继续播放。该功能需用户授权，并仅适用于符合特定条件的内容。建议在工作场合关闭此功能以防尴尬情况发生。

这篇文章介绍了错误代码521的含义及其常见原因。该错误通常与网络连接问题相关，可能由服务器配置错误或网络设备故障引起。文章还提供了排查和解决该问题的方法建议。

HackerNews 编译，转载请注明出处： 拉撒路集团被发现开展了一项积极活动，该活动利用加密货币和旅游行业的虚假领英工作机会提供恶意软件，该软件能够感染Windows、macOS和Linux操作系统。 据网络安全公司Bitdefender称，该骗局始于在专业社交媒体网络上发送的一条消息，以远程工作、兼职灵活性和高薪为诱饵。 罗马尼亚这家公司在与The Hacker News分享的一份报告中称：“一旦目标对象表现出兴趣，‘招聘流程’随即展开，骗子会要求提供简历，甚至要求提供个人GitHub仓库链接。” “尽管这些要求看似无害，但可能暗藏祸心，比如收集个人数据，或为互动披上合法的外衣。” 在获取所需信息后，攻击进入下一阶段。此时，攻击者伪装成招聘人员，分享一个GitHub或Bitbucket仓库链接，内含一个所谓的去中心化交易所（DEX）项目的最小可行性产品（MVP）版本，并指示受害者查看并给出反馈。 代码中包含一个模糊脚本，该脚本被配置为从api.npoint[.]io获取下一阶段的有效载荷，这是一个跨平台JavaScript信息窃取软件，能够从受害者浏览器上安装的各种加密货币钱包扩展中收集数据。 该窃取软件还充当加载程序，用于获取一个基于Python的后门程序，该程序负责监控剪贴板内容变化、保持持久远程访问，并投放其他恶意软件。 值得注意的是，Bitdefender记录的手法与已知攻击活动集群“传染性面试”（又称DeceptiveDevelopment和DEV#POPPER）存在重叠，该集群旨在投放名为BeaverTail的JavaScript窃取软件和名为InvisibleFerret的Python植入程序。 通过Python恶意软件部署的恶意软件是一个.NET二进制文件，可以下载并启动TOR代理服务器以与命令和控制（C2）服务器通信、渗出基本系统信息，并投放另一个有效载荷，进而窃取敏感数据、记录键盘输入和启动加密货币挖矿程序。 Bitdefender表示：“攻击者的感染链十分复杂，包含用多种编程语言编写的恶意软件，并使用多种技术，如递归解码并执行自身的多层Python脚本、首先收集浏览器数据再转向其他有效载荷的JavaScript窃取软件，以及能够禁用安全工具、配置Tor代理和启动加密货币挖矿程序的.NET级联加载程序。” 领英和Reddit上的报告显示，这些攻击活动相当普遍，且整体攻击链仅有小幅调整。在某些情况下，要求候选人克隆一个Web3仓库并在本地运行，作为面试流程的一部分；而在其他情况下，则指示他们修复代码中故意引入的错误。 其中一个有问题的Bitbucket仓库涉及一个名为“miketoken_v2”的项目，该项目现已无法在代码托管平台上访问。 就在前一天，SentinelOne披露称，“传染性面试”活动正被用于投放另一个代号为FlexibleFerret的恶意软件。   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文