Aggregator

Google has announced the removal of 5.5 billion malicious advertisements and the suspension of over 700,000 offending advertiser accounts in 2024, according to its recently released Ads Safety Report. This accomplishment underscores Google’s ongoing commitment to fighting digital ad fraud, abuse, and policy violations — and demonstrates the growing power of AI in protecting both […]

The post Google Removes 5.5 Billion Malicious Ads, Suspends 700,000+ Offending Advertisers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

视频会议服务 Zoom 在 4 月 16 日从 2:25 P.M. ET 到 4:12 P.M. ET 之间下线，根据官方公布的事故调查报告，原因是域名注册商 GoDaddy 不小心关闭了 zoom.us 域名。事故报告称，Zoom 的域名注册商 Markmonitor 与 GoDaddy Registry 之间出现沟通问题导致了 GoDaddy Registry 错误关闭了 zoom.us 域名。三家公司表示将会加强合作避免相同的事故再次发生。

A vulnerability was found in ABB ASPECT-Enterprise, NEXUS and MATRIX up to 3.08.01. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-6516. The attack can be initiated remotely. Furthermore, there is an exploit available.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Project Management Skills Can Be Your Career Force Multiplier in Cybersecurity
While technical expertise is foundational in cybersecurity, organizational and project management skills have become critical differentiators for career advancement. Learn practical strategies to develop these capabilities, even if you don't consider yourself naturally detail-oriented or organized!

Landmark Admin Compromise Affects More Than a Dozen Insurance and Annuity Carriers
Landmark Admin, a third-party vendor that provides administrative services to life insurance and annuity companies, said 1.6 million people are potentially affected by 2024 ransomware and data exfiltration incidents that compromised a wide range of personal, financial and health information.

人工智能增强的欺骗更可信，也更难被发现，因为克隆的声音听起来非常逼真。

Жертвы проблемного апдейта уже не раз пожалели, что обновили свою систему.

Gartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.

HackerNews 编译，转载请注明出处： 苹果公司周三发布带外（out-of-band）操作系统更新，修复两个已被用于针对少量iOS设备的“极其复杂”攻击的安全漏洞。 这两个漏洞编号为CVE-2025-31200和CVE-2025-31201，分别被归类为代码执行漏洞和安全缓解措施绕过漏洞，影响iOS、iPadOS及macOS平台。苹果称已收到报告，确认这些漏洞被用于针对特定iPhone目标的高端攻击。 CoreAudio组件漏洞（CVE-2025-31200） 处理恶意构造的媒体文件中的音频流时可能触发代码执行。苹果确认该漏洞可能已在针对iOS设备特定个体的高度复杂攻击中被利用。此内存损坏问题通过改进边界检查修复。该漏洞由谷歌威胁分析小组（TAG）报告。 RPAC组件漏洞（CVE-2025-31201） 具备任意读写能力的攻击者可能绕过指针认证（Pointer Authentication）机制。苹果确认该漏洞可能已在针对iOS设备特定个体的高度复杂攻击中被利用。此问题通过移除漏洞代码修复。（注：指针认证是ARM架构中的安全功能，用于检测指针是否被篡改） 漏洞补丁已覆盖所有运行macOS Sequoia系统的设备，但苹果强调目前仅观察到少量针对iPhone的攻击实例。 依照惯例，苹果未公开实际攻击的技术细节或入侵指标（IOCs）。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert after confirming active exploitation of a SonicWall vulnerability. The flaw, documented as CVE-2021-20035, targets SonicWall’s SMA100 series appliances and has been added to CISA’s Known Exploited Vulnerabilities Catalog. Overview of the Vulnerability This particular vulnerability lies within the SonicWall Secure Mobile Access (SMA) […]

The post CISA Issues Alert on SonicWall Flaw Being Actively Exploited appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Цифровое возмездие настигло даже самых хитрых мошенников.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection

A vulnerability has been found in RT-Thread up to 5.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file utilities/rt-link/src/rtlink.c. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-25395. The attack needs to be initiated within the local network. There is no exploit available.