Aggregator

安全行动，只为中国（五）—— APT捕获分析溯源篇 by ourren

open-eBackup:开源备份软件 by ourren

Fuzzer开发4：快照、代码覆盖率与模糊测试 by ourren

ITRC《2024年上半年数据泄露分析》报告解读 by ourren

一次解决Go编译问题的经过 by 洞源实验室

更多最新文章，请访问SecWiki

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. [...]

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined user experience. Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today announced a partnership with CyberArk and the public release of its integration in the CyberArk Marketplace. According to the CyberArk website: The Badge CyberArk Identity integration allows specified […]

The post Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

在 Epic Games 提起的反垄断诉讼中，加州法官 James Donato 裁决 Google 必须向竞争对手开放其 Google Play Store，允许第三方应用商店通过 Play Store 下载它们没有的应用。Google 官方博客发表声明表示提起上诉，要求暂停实施相关要求，理由是要为用户和开发商保持一致且安全的体验。法官的裁决要求 Google 在三年内允许第三方 Android 应用商店访问 Google Play Store 的应用目录；对于仅通过 Google Play Store 提供的应用，Google 将允许用户通过 Google Play Store 完成应用下载，Google 可保留此类下载相关的所有收入；Google 将为开发商提供一种机制，选择不将其应用包含在任何特定第三方 Android 应用商店访问的目录中。

Tenable’s latest report reveals 38% of organizations face risks from a “toxic cloud triad” of security gaps

A vulnerability, which was classified as critical, has been found in Microsoft Windows Vista SP2 up to Server 2012 R2. This issue affects some unknown processing of the component Group Policy Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2016-3223. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Center for Digital Democracy(CDD)发布了一份 48 页的报告《How TV Watches Us: Commercial Surveillance in the Streaming Era》，称智能电视和流媒体播放器制造商，以及流媒体服务提供商等业内企业开发了一种监控系统，将会在长期破坏隐私和消费者的保护。CDD 同时致函 FTC、FCC、加州总检察长和加州隐私保护局 (CPPA) ，对此状况表达了担忧，它认为智能电视变成了家庭中的数字木马，呼吁加强监管。

A vulnerability, which was classified as critical, was found in LogosQuest Beginnings 1.0. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-7495. Access to the local network is required for this attack to succeed. There is no exploit available.

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm, creating a hidden administrative share and executing a malicious batch file named p.bat.  This batch file performed various malicious actions like creating and executing malicious executables, opening firewall ports, setting up port forwarding, and scheduling tasks for persistence.  It also included […]

The post LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本周，互联网网络安全态势整体评价为良。

Роскомнадзор закрыл доступ к Discord.

Authors/Presenters:Shawn Shuoshuo Chen, Keqiang He, Rui Wang, Srinivasan Seshan, Peter Steenkiste

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Precise Data Center Traffic Engineering with Constrained Hardware Resources appeared first on Security Boulevard.

Zr.Ms. Holland heeft afgelopen maand meer dan 7.750 kilo drugs in beslag genomen en 5 vangsten op zijn naam gezet. Zo’n 2 weken geleden was het opnieuw raak. Het marineschip onderschepte 2.285 kilo drugs en hield 5 smokkelaars aan. De vangst was al op 24 september, maar is pas vandaag bekendgemaakt.

A vulnerability, which was classified as critical, has been found in Getscoop Kontan Kiosk. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-7494. Access to the local network is required for this attack. There is no exploit available.