Aggregator

PALO ALTO, Calif. – September 3, 2024 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it received a CMVP–validated certificate for the AlmaLinux 9.2 kernel and is now on the NIST Active list.    TuxCare’s  Extended Security Updates offering provides a complete set of FIPS-validated AlmaLinux packages required for regulated workloads, […]

The post TuxCare Completes FIPS 140-3 Certification for AlmaLinux 9.2 Kernel appeared first on TuxCare.

The post TuxCare Completes FIPS 140-3 Certification for AlmaLinux 9.2 Kernel appeared first on Security Boulevard.

一项脑成像研究表明，罹患2型糖尿病或处于糖尿病早期，会使患者的大脑加速衰老。而健康的生活方式可能有助预防这些疾病引起的神经系统变化。研究人员让 31000 多名 40—70 岁成年人接受了核磁共振成像脑部扫描。随后，他们利用机器学习技术来估算这些人的大脑年龄。结果显示，糖尿病早期患者大脑年龄平均比实际年龄衰老半岁；2 型糖尿病患者大脑年龄比实际年龄衰老 2.3 岁；糖尿病控制不佳患者大脑年龄比实际年龄衰老 4 岁。研究团队指出，这一现象表明患者偏离了正常的衰老过程，这可能是痴呆症的早期预警信号。不过有锻炼习惯且不大量吸烟或饮酒的参与者不太可能出现大脑加速衰老的情况。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

A vulnerability classified as critical was found in OneClick CMS up to 05.10. This vulnerability affects unknown code of the file main/forum/komentar.php. The manipulation of the argument site_path leads to file inclusion. This vulnerability was named CVE-2007-2347. The attack can be initiated remotely. Furthermore, there is an exploit available.

Google 高管 James Manyika 警告，尽管预测 AI 的经济潜力高达万亿美元，但它未必能提升生产力。Manyika 是 Google 负责研究、科技和社会的高级副总裁，他指出生成式 AI 对生产力的提升是难以保证的，需要大量的工作。AI 聊天机器人可能会变得随处可见，但它没有从根本上改变经济。用生成式 AI 起草代码是不够的，美国科技行业的工人只占总劳动力的 4%，即使他们所有人都用 AI，从生产力的角度看也是无关紧要的。要改变生产力需要劳动力密集的行业如如医疗保健和零售业普及 AI。而护士和医生等职业都不可能被 AI 取代，最多能提供协助。

Коварный троян маскируется под банковские приложения, похищая последние сбережения.

A vulnerability was found in thirdwire Strike Fighters Israel 1.2.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5845. The attack can only be initiated within the local network. There is no exploit available.

商业服务巨头 CBIZ 近日披露了一起数据泄露事件，攻击者通过利用公司某网页中的安全漏洞，于2024年6月2日至6月21日期间窃取了客户数据。2024年6月24日，网络安全专家参与协助调查，公司确认了这一入侵事件并识别了数据泄露情况。 CBIZ发布通知称： “2024 年 6 月 24 日，公司获悉未经授权的攻击者可能从某些数据库中提取了信息。 ” 调查显示，攻击者通过利用与公司网页相关的漏洞，在2024年6月2日至6月21日期间获取了部分数据库中的信息。 在此次事件中攻击者窃取了近 36,000 人的个人信息，其中包括： 姓名 联系方式 社会安全号码 出生或死亡日期 退休人员健康信息 福利计划信息 CBIZ是一家管理咨询公司，提供财务、福利及保险服务，是美国最大的专业服务公司之一。公司在全国拥有120个办事处，员工总数达6,700人。2023年，公司收入达到15.9亿美元。 受此次事件影响的CBIZ客户已于2024年8月28日开始收到通知。 尽管目前没有证据表明被盗数据已被滥用，CBIZ仍在披露指南中建议客户注册为期两年的信用监控和身份盗窃保护服务，以降低潜在风险。此外，建议受影响的客户考虑冻结信用记录及在其信用报告中添加欺诈警报。   消息来源：BleepingComputer，译者：YY；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is

A vulnerability classified as critical was found in XOOPS Rha7 Downloads Module 1.0. This vulnerability affects unknown code of the file visit.php. The manipulation of the argument lid leads to sql injection. This vulnerability was named CVE-2007-1960. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in phpBB mutant 0.9.2. This issue affects some unknown processing of the file mutant_functions.php. The manipulation of the argument phpbb_root_path leads to file inclusion. The identification of this vulnerability is CVE-2007-1961. The attack may be initiated remotely. Furthermore, there is an exploit available.

Молодые люди теперь ответят за создание аферы века в суде.

A vulnerability, which was classified as critical, was found in XOOPS WF-Snippets 1.02. Affected is an unknown function of the file index.php. The manipulation of the argument c leads to sql injection. This vulnerability is traded as CVE-2007-1962. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19), have pleaded guilty to operating OTP.Agency, an online platform that allowed crooks to bypass MFA used by customers of several banks and services. These […]

Вебинар Positive Technologies состоится 5 сентября в 14:00.

In the cyberthreat landscape, Qilin ransomware attack has recently been observed stealing credentials in Chrome browsers. Reports claim that these credentials are being acquired using a small set of compromised end points. In this article, we’ll cover how the attack plays  out and the complexities involved with deploying defense mechanisms. Let’s begin! Qilin Ransomware Attack […]

The post Qilin Ransomware Attack Used To Steal Chrome Browser Data appeared first on TuxCare.

The post Qilin Ransomware Attack Used To Steal Chrome Browser Data appeared first on Security Boulevard.