Aggregator

已发生多起！恶意软件仿冒DeepSeek进行传播

已发生多起！恶意软件仿冒DeepSeek进行传播

已发生多起！恶意软件仿冒DeepSeek进行传播

已发生多起！恶意软件仿冒DeepSeek进行传播

已发生多起！恶意软件仿冒DeepSeek进行传播

已发生多起！恶意软件仿冒DeepSeek进行传播

已发生多起！恶意软件仿冒DeepSeek进行传播

已发生多起！恶意软件仿冒DeepSeek进行传播

众筹平台 Kickstarter 将开始就项目面临重大履行失败违反平台规则时通知其支持者，通知还提供它的应对之策，包括限制发起人发起未来的项目。此次更新是 Kickstarter 计划今年推行的一系列变革的一部分，旨在增强支持者的体验和构建社区信任。Kickstarter 一直面临着欺骗和项目在筹集数千美元或数百万美元后关闭的问题，这一改变为支持者提供更多的透明度。但很多人指出项目失败难以清晰的定义，比如《Star Citizen》项目的交付时间早就过了，但仍然在开发，而发布日期未知，它属于失败的众筹项目吗？

未经验证的威胁分子可以利用它们进行远程代码执行（以PSV-2023-0039的内部跟踪）和身份验证（PSV-2021-0117）在不需要用户交互的低复杂性攻击中。

使用自定义RDP包装器的主要优点是规避检测，因为RDP连接通常被视为合法的，允许Kimsuky在雷达下停留更长时间。

Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy

Tumblr 母公司 Automattic 去年宣布将该轻博客平台的后端迁移到 WordPress。Automattic 强调 Tumblr 不会变成 WordPress，它只是运行在 WordPress 之上，用户不会有体验上的差异。此举允许公司构建适用于两种服务的工具和功能，允许 Tumblr 利用 WordPress.org 的开源开发成果。Automattic 没有披露后端迁移何时完成迁移，但该公司披露一旦完成 Tumblr 将能通过 ActivityPub 协议加入联邦宇宙平台。支持 ActivityPub 协议的平台包括了 Mastodon、Threads、Flipboard 等。通过支持 ActivityPub 不同平台之间能实现互操作。

Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization of the cloud has only exacerbated this challenge. Companies are rapidly increasing the number of cloud-based services they rely upon, often without fully understanding how they connect to their broader network. How regulations are piling on … More →

The post It’s time to secure the extended digital supply chain appeared first on Help Net Security.

Intelから各製品向けのアップデートが公開されました。

More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.

SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your workflow by simplifying, automating, and personalizing your reports. “SysReptor is an easy-to-use tool for pentesters and simplifies pentest reporting. Reports are designed as HTML/CSS and rendered to PDFs. Pentesters can write their reports in markdown format. We actively maintain it and release new features continuously (from note-taking to encrypted archiving, concurrent editing, version histories, … More →

The post SysReptor: Open-source penetration testing reporting platform appeared first on Help Net Security.

エクストライノベーション株式会社が提供するacmailerには、クロスサイトスクリプティングの脆弱性が存在します。