Aggregator
黑客通过供应链攻击窃取了 15.5 万美元加密货币
9 months 1 week ago
黑客疑似通过社交工程或钓鱼攻击窃取了 solana-web3.js 开源库维护者的账号,在代码中加入了后门,窃取了价值 15.5 万美元的加密货币。solana-web3.js 被应用用于与 Solana 区块链交互。当应用整合了 solana-web3.js v1.95.6 和 v1.95.7 之后,后门会收集私钥和钱包地址。这些后门版本是在周二 3:20 pm UTC 到 8:25 pm UTC 的五小时内提供下载的。对黑客钱包地址的跟踪显示,共有 674.8 SOL 被盗,SOL 是 Solana 的货币单位,这些加密货币价值约 15.5 万美元。原开发商督促 Solana 应用开发者尽快升级到 v1.95.8。
知名伏特加品牌因勒索攻击而倒闭
9 months 1 week ago
Stoli集团在美国的子公司因8月份遭受的勒索软件攻击,以及俄罗斯当局没收其在俄剩余酿酒厂而不得不申请破产保护。 Stoli美国公司及其子公司肯塔基猫头鹰公司的总裁兼全球首席执行官克里斯·考德威尔在上周五提交的文件中指出,这一决定是在8月的网络攻击严重破坏了公司的IT系统,包括企业资源规划(ERP)平台之后作出的。 这场网络攻击迫使整个集团不得不依赖手动操作,严重影响了会计等关键业务流程,预计要到2025年初才能完全恢复正常。 考德威尔表示:“2024年8月,Stoli集团的IT基础设施在数据泄露和勒索软件攻击后遭受了严重破坏。” 他进一步解释说:“这次攻击导致Stoli集团内的所有公司都遭遇了重大的运营挑战,包括Stoli美国公司和KO,因为ERP系统被禁用,导致大多数内部流程(包括会计职能)被迫转为手动操作。” 此外,这一事件还阻止了Stoli美国子公司向贷款人提供财务报告,后者声称这两家公司拖欠了7800万美元的债务。 就在一个月前的2024年7月,Stoli集团在俄罗斯的最后两家价值1亿美元的酿酒厂也被没收,这一行动与Stoli集团及其创始人尤里·谢夫勒被俄罗斯政府标记为“极端分子”有关。这一标记与他们在乌克兰战争期间对乌克兰难民提供的人道主义援助和营销活动的支持有关。 Stoli集团还与俄罗斯国有企业FKP Sojuzplodoimport就Stolichnaya和Moskovskaya伏特加商标的权益进行了长达23年的法律斗争,这场斗争跨越了多个司法管辖区,包括美国。这场法律战始于2000年3月,当时普京总统发布了一项行政命令,旨在“恢复和保护国家在1990年代被私人公司购买的伏特加商标的权利”。 Stoli集团的创始人谢夫勒因对普京政权的批评和所谓的“捏造”指控,于2002年被迫逃离俄罗斯。在2010年代,俄罗斯的引渡请求被拒绝后,谢夫勒获得了瑞士的庇护和英国公民身份。 转自Freebuf,原文链接:https://www.freebuf.com/news/416924.html 封面来源于网络,如有侵权请联系删除
内容转载
软件供应链攻击导致 Solana 的 web3.js 库在 npm 注册表上出现恶意版本
9 months 1 week ago
安全客
The TechBeat: No, You Don't Need a Highly Specialized Team to Build Your SaaS Application (12/5/2024)
9 months 1 week ago
The TechBeat: No, You Don't Need a Highly Specialized Team to Build Your SaaS Application (12/5/2024)
Operation Destabilise dismantled Russian money laundering networks
9 months 1 week ago
Operation Destabilise: The U.K. National Crime Agency disrupted Russian money laundering networks tied to organized crime. The U.K. National Crime Agency (NCA) disrupted Russian money laundering networks linked to organized crime across the U.K., Middle East, Russia, and South America as part of an operation called “Operation Destabilise.” “An international NCA-led investigation – Operation Destabilise […]
Pierluigi Paganini
CVE-2024-51378 (CVSS 10):CISA 警告称,严重 Cyber Panel 缺陷受到主动攻击
9 months 1 week ago
安全客
CVE-2024-11942 | Drupal up to 10.2.9 File error condition (sa-core-2024-002)
9 months 1 week ago
A vulnerability has been found in Drupal up to 10.2.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Handler. The manipulation leads to detection of error condition without action.
This vulnerability is known as CVE-2024-11942. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-11941 | Drupal up to 10.1.7/10.2.1 infinite loop (sa-core-2024-001)
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in Drupal up to 10.1.7/10.2.1. Affected is an unknown function. The manipulation leads to infinite loop.
This vulnerability is traded as CVE-2024-11941. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
A Threat Actor Claims to be Selling VPN Access to an Unidentified Indian Advertising and Marketing Company
9 months 1 week ago
A Threat Actor Claims to be Selling VPN Access to an Unidentified Indian Advertising and Marketing Company
Dark Web Informer - Cyber Threat Intelligence
Latrodectus malware and how to defend against it with Wazuh
9 months 1 week ago
Latrodectus is a versatile malware family that infiltrate systems, steal sensitive data, and evades detection. Learn more from Wazuh about Latrodectus malware and how to defend against it using the open-source XDR. [...]
Sponsored by Wazuh
Vulnerability Management Challenges in IoT & OT Environments
9 months 1 week ago
By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.
Malleswar Reddy Yerabolu
译文 | 百舸争流,能者自渡:本地大语言模型(LLM)那些事
9 months 1 week ago
译文 | 百舸争流,能者自渡:本地大语言模型(LLM)那些事
Where to Start
9 months 1 week ago
Where to Start
A Threat Actor is Allegedly Selling a Blind XSS Vulnerability to an E-Commerce Website
9 months 1 week ago
A Threat Actor is Allegedly Selling a Blind XSS Vulnerability to an E-Commerce Website
Dark Web Informer - Cyber Threat Intelligence
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
9 months 1 week ago
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.
The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input
The Hacker News
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers
9 months 1 week ago
Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale.
The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected.
In addition, over 80 data storage devices
The Hacker News
A Threat Actor Claims to be Selling RDP Access to an Unidentified Organization in India
9 months 1 week ago
A Threat Actor Claims to be Selling RDP Access to an Unidentified Organization in India
Dark Web Informer - Cyber Threat Intelligence
A Threat Actor Claims to be Selling Data from a Mexican peer-to-peer Lending and Credit Management Application
9 months 1 week ago
A Threat Actor Claims to be Selling Data from a Mexican peer-to-peer Lending and Credit Management Application
Dark Web Informer - Cyber Threat Intelligence
英文维基百科 2024 年最受欢迎文章
9 months 1 week ago
英文维基百科 2024 年最受欢迎文章