Aggregator

KCon培训课有奖调研，诚邀您的宝贵意见与创意火花！

KCon培训课有奖调研，诚邀您的宝贵意见与创意火花！

KCon培训课有奖调研，诚邀您的宝贵意见与创意火花！

Authorities have successfully dismantled “Ghost,” an encrypted communication platform allegedly used by cybercriminals worldwide. The operation, led by the Australian Federal Police (AFP) and involving international law enforcement agencies, marks a major victory in the ongoing battle against transnational crime networks. Operation Kraken The takedown of Ghost was part of “Operation Kraken,” a meticulously planned […]

The post Authorities Seized Ghost Communication Platform Used by Cyber Criminals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in KDE Konqueror 4.7.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file khtml/rendering/render_replaced.cpp of the component Iframe Context Menu Widget Renderer. The manipulation with the input document.body.innerHTML = "<iframe src=about:konqueror></iframe>" leads to improper resource management. This vulnerability is handled as CVE-2012-4515. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Small and medium-sized enterprises (SMEs) are a frequent target for cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to what they might believe, small and medium-sized enterprises (SMEs) are a favorite target for cybercriminals. Research from the Identity Theft Resource Center (ITRC) recently found that 73% of US small business owners experienced a […]

Group-IB claims to have found evidence of a new TeamTNT cryptojacking campaign

A vulnerability classified as critical was found in TP-Link Tapo C210. Affected by this vulnerability is an unknown functionality of the component ActiveCells Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2023-41184. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Kofax Power PDF and classified as critical. This issue affects some unknown processing of the component File Parser. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2023-42039. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Ashlar-Vellum Cobalt. Affected by this issue is some unknown functionality of the component AR File Parser. The manipulation leads to use after free. This vulnerability is handled as CVE-2023-42103. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability has been found in Ashlar-Vellum Cobalt and classified as critical. This vulnerability affects unknown code of the component AR File Parser. The manipulation leads to type confusion. This vulnerability was named CVE-2023-42102. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Ashlar-Vellum Cobalt and classified as critical. This issue affects some unknown processing of the component AR File Parser. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2023-42101. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in D-Link DAP-2622 47.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component DDP Service. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2023-41215. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

FBI 局长 Christopher Wray 周三披露该机构上周接管了一个中国黑客组织控制的僵尸网络，该僵尸网络由数十万台联网设备如摄像头、录像机、NAS 存储设备和路由器构成。该组织被称为 Flax Typhoon，瞄准了美国及海外的关键基础设施，针对了美国企业和媒体机构到大学和政府机构。该僵尸网络利用了恶意程序 Mirai 感染容易入侵的联网设备。FBI 发现了一个包含愈 120 万条被感染设备记录的数据库，其中美国设备数量超过 38.5 万台。

Tenable launched Tenable Enclave Security, a solution that supports the needs of customers operating in highly secure environments, such as those that are classified or otherwise air-gapped. Backed by Tenable Security Center, Tenable Enclave Security protects IT assets and modern workloads with risk assessment and contextual insight so organizations can identify exposures before they cause damage. Federal agencies face unique security and compliance regulations when deploying cloud solutions, and Tenable Enclave Security is key to … More →

The post Tenable Enclave Security enables discovery, assessment and analysis of IT assets appeared first on Help Net Security.

Recently, two memory-related flaws were discovered in QEMU, a popular open-source machine emulator and virtualizer. The vulnerabilities, identified as CVE-2024-26327 and CVE-2024-26328, affect QEMU versions 7.1.0 through 8.2.1. Both vulnerabilities stem from mishandling of memory operations within the QEMU codebase. An attacker could exploit these issues to trigger a buffer overflow or out-of-bounds memory access, […]

The post Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS appeared first on TuxCare.

The post Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS appeared first on Security Boulevard.

How do analyst relations professionals sort through the noise to help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out.

近日，Discord 推出了 DAVE 协议，这是一个定制的端到端加密 (E2EE) 协议，旨在保护平台上的音频和视频通话免遭未经授权的拦截。 DAVE 是在 Trail of Bits 网络安全专家的帮助下创建的，该专家还对 E2EE 系统的代码和实施进行了审核。 新系统将涵盖用户在私人频道中的一对一音频和视频通话、小型群组聊天中的音频和视频通话、用于大型群组对话的基于服务器的语音频道以及实时流媒体。 Discord 在公告中写道： 他们将开始将 DM、群组 DM、语音频道和 Go Live 流中的语音和视频迁移至使用 E2EE。用户将能够确认通话何时进行了端到端加密，并对这些通话中的其他成员进行验证。 Discord 最初是为游戏玩家在游戏过程中进行交流而建立的，现在已发展成为世界上最流行的交流平台之一，满足了具有共同兴趣爱好的群体、创作者、企业和各种社区的需求。 DAVE 的推出是该平台加强数据安全和隐私保护的重要举措，该平台的使用人数已超过 2 亿。 最重要的是，Discord 决定将协议及其支持库开源，以便安全研究人员进行审查。此外，还发布了一份包含完整技术信息的白皮书，以确保对社区的透明度。 DAVE 技术概述 DAVE 使用 WebRTC 编码转换 API，允许在媒体帧（音频和视频）编码后和打包传输前对其进行加密。接收端对帧进行解密，然后解码。 只有特殊的编解码器元数据（如标题和保留序列）未加密。 DAVE 的运行概况 在密钥管理方面，信息层安全（MLS）协议用于安全和可扩展的群组密钥交换，每个参与者都有一个按发送者计算的对称媒体加密密钥。椭圆曲线数字签名算法（ECDSA）则用于生成身份密钥对。 当一个群组的组成发生变化时，比如一个成员离开或一个新成员加入，这时候群组的加密状态会通过生成新密钥，这个过程应该在不会对参与者造成明显干扰的情况下完成。 Discord 表示，MLS 会增加密钥交换的延迟，但 DAVE 的设计能将延迟控制在几百毫秒以内，即使在大型群组通话中也是如此。 最后，在用户验证方面，有一些带外方法，如比较从群组的 MLS 时序状态得出的验证码（称为 “语音隐私码”）。 由于每次通话都会为用户分配一个新的密钥，因此通过使用短暂的身份密钥可以防止持续跟踪。 语音隐私代码屏幕 分阶段推出 Discord 现已开始将所有符合条件的频道迁移到 DAVE，用户可以通过查看界面上的相应指示器来确认他们的通话是否经过端到端加密。 预计还需要一段时间，所有用户才能在所有设备和频道上完全访问新的 E2EE 系统。 用户除了升级到最新的客户端应用程序外无需做任何其他操作，老版本的客户端将仅限于传输加密。最初推出的版本将涵盖 Discord 的桌面和移动应用程序，网络客户端后续也将面世。   转自Freebuf，原文链接：https://www.freebuf.com/news/411234.html 封面来源于网络，如有侵权请联系删除

继9月17日黎巴嫩发生针对真主党的寻呼机爆炸事件后，首都贝鲁特等地于当地时间9月18日傍晚又发生了无线电对讲机爆炸。 以色列新闻媒体称，贝鲁特的一家移动维修店和葬礼游行现场发生了爆炸。据黎巴嫩官方通讯社报道，贝鲁特和该国南部多个地区的房屋中还发生了太阳能系统爆炸，造成至少一名女孩受伤。 据CNN报道，黎巴嫩卫生部称，此次对讲机爆炸目前已造成至少20人死亡，其中包括一名16岁男孩，另有450多人受伤。 黎巴嫩通信部称，发生爆炸的ICOM V82型对讲机由日本公司ICOM生产，且该产品不是由公认的代理商提供，没有官方许可，也没有经过安全部门的审查。对此，ICOM表示目前正在调查有关此事的事实。该公司网站称 IC-V82 已停产，目前流通的几乎所有型号都是假冒的。   爆炸的对讲机型号 根据《纽约时报》对现有视觉证据的分析，此次爆炸的对讲机比前一天在全国各地爆炸的寻呼机更大、更重，虽然爆炸发生地没有之前那么广泛，但在某些情况下还会引发更大的火灾，表明其中可能包含更多的爆炸物。 关于寻呼机、对讲机如何被引爆，目前说法不一。据央视新闻报道，有说法认为爆炸部件在制造或供应过程中被植入设备，也有人称操控者通过网络攻击导致设备电池过热爆炸。 英国南安普敦大学安全电子学副教授巴塞尔·豪拉克表示，约几厘米的小型爆炸雷管理论上可以放置于寻呼机等无线通信设备之中。 据悉，黎巴嫩真主党所使用的寻呼机和对讲机采购于海外企业。黎巴嫩安全部门官员表示，以色列有关部门在这批寻呼机的“生产层面”实施改装，其中植入的炸药用扫描仪或其他设备“非常难以探测”。另一名消息人士称，新购寻呼机内藏炸药至多3克，真主党人员几个月来毫无察觉。 曾在以军从事情报工作的以色列分析人士表示，黎巴嫩的寻呼机爆炸事件严重阻碍了黎巴嫩真主党武装的通讯，并可能破坏其在黎巴嫩南部针对以色列的行动。 联合国安理会将在当地时间20日就近期黎巴嫩多地发生的通信设备爆炸事件举行紧急会议，此前，联合国秘书长古特雷斯发表声明，对9月18日黎巴嫩多地发生的大量通信设备爆炸事件深感震惊，呼吁各方保持最大克制，以避免事态进一步升级。   转自Freebuf，原文链接：https://www.freebuf.com/news/411247.html 封面来源于网络，如有侵权请联系删除