Aggregator

如何平衡数字世界快速发展过程中的安全风险影响，已成为全世界重视的共性问题。

KCon大会培训日回归！课程人员有限，先到先得~

KCon大会议题巡展正式开启

KCon大会培训日回归！课程人员有限，先到先得~

KCon大会议题巡展正式开启

KCon大会培训日回归！课程人员有限，先到先得~

KCon大会议题巡展正式开启

俄罗斯国家通信监管机构周五表示，已封锁对 Signal 通讯应用程序的访问，这是当局在乌克兰战乱期间加强信息管控的最新举措。 俄罗斯联邦通信监管局表示，之所以做出这一决定，是因为 Signal“违反了俄罗斯法律的规定，而这些规定必须得到遵守，以防止该通讯工具被用于恐怖主义和极端主义目的”。 Signal 采用端到端加密，这使得俄罗斯政府很难拦截通信。 2022 年 2 月，俄罗斯总统弗拉基米尔·普京向乌克兰派兵后，俄罗斯当局加大了对异见人士和自由媒体的打压。他们封锁了多家批评克里姆林宫的独立俄语媒体，并切断了对 Twitter（后来成为 X）以及 Meta 的 Facebook 和 Instagram 的访问。 在最近几周屡次出现速度减慢之后，YouTube 于周四遭遇了大规模中断，这是对信息自由的最新打击。 俄罗斯当局将网络速度下降归咎于谷歌未能升级其在俄罗斯的设备，但许多专家对这一说法提出质疑，他们认为网络速度下降和最新中断的可能原因是克里姆林宫希望关闭公众对承载反对派观点的主要平台的访问。   消息来源：securityweek，译者：YY；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Radar/Dispossessor. The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by individual(

Several security issues have recently been discovered in OpenSSL that could result in denial-of-service attacks. OpenSSL is widely used to secure communications across the internet, making these vulnerabilities a significant concern. In response, Canonical has released security updates to address multiple OpenSSL vulnerabilities across different releases, including Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, and Ubuntu […]

The post Ubuntu Fixes Multiple OpenSSL Vulnerabilities appeared first on TuxCare.

The post Ubuntu Fixes Multiple OpenSSL Vulnerabilities appeared first on Security Boulevard.

Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data

Интеграция YARA и оптимизация DNS/HTTP движков позволили значительно повысить производительность инструмента.

LoanDepot通过SEC报告披露称，今年1月曝光的勒索软件攻击相关的费用总计超1.92亿元。 安全内参8月13日消息，美国抵押贷款巨头LoanDepot 6日报告称，与最近的勒索软件攻击相关的成本已达到近2700万美元。 这次网络攻击于2024年1月初被曝光。当时，公司为了应对攻击导致数据被加密的情况，选择将一些系统下线。 几周后，LoanDepot通知当局，超过1600万人的个人信息可能已被泄露，包括姓名、地址、电子邮件地址、电话号码、出生日期、社会保障号码和金融账号等。 LoanDepot的最新财务报告显示，该事件给公司造成了2690万美元（约合人民币1.92亿元）的成本。 该金额包括“调查和补救网络安全事件的成本，客户通知和身份保护的成本，以及专业费用（包括法律费用、诉讼和解费用以及佣金担保）”。 LoanDepot补充道：“在截至2024年6月30日的季度内，公司因与网络安全事件相关的集体诉讼带来了2500万美元的应计成本。” 就在LoanDepot数据泄露曝光之前，执法机构刚刚针对Alphv/BlackCat勒索软件组织进行了打击，该组织声称对上述攻击事件负责。这些网络犯罪分子声称，他们正在出售从贷款机构窃取的数据。 电子制造服务公司Keytronic近日透露，最近的勒索软件攻击导致的费用和收入损失总计超过1700万美元。   转自安全内参，原文链接：https://mp.weixin.qq.com/s/CBVPPBDvTUZh1ilzzBnU8g 封面来源于网络，如有侵权请联系删除

开源 BeOS 操作系统 Haiku 有了 Firefox 移植版本。Firefox 有被称为 Bezilla 的 BeOS 移植版本，但那是几十年前的事情了。Haiku 的原生浏览器 WebPositive 表现不佳，因此有开发者不断移植其它的主流浏览器，最新的努力成果就是 Firefox。目前移植版本还是处于早期阶段，没有可下载的软件包，感兴趣的用户需要自己去编译。移植版本是 v128，比最新的稳定版 v129 落后一个版本。

The FBI and other law enforcers claim to have disrupted the Radar/Dispossessor ransomware group

This Article What is the Critical Pathway to Insider Risk (CPIR)? was first published on Signpost Six. | https://www.signpostsix.com/

Insider risk remains one of the most challenging threats for organisations to manage. The Critical Pathway to Insider Risk (CPIR) offers a structured approach to understanding and mitigating this threat by examining the pathway of events and factors leading to insider acts. This model is based on extensive research into the behaviours and characteristics of […]

This Article What is the Critical Pathway to Insider Risk (CPIR)? was first published on Signpost Six. | https://www.signpostsix.com/

The post What is the Critical Pathway to Insider Risk (CPIR)? appeared first on Security Boulevard.

Akamai researchers have delved into the often-overlooked threat of VPN post-exploitation, highlighting techniques that threat actors can use to escalate their intrusion after compromising a VPN server. The study focuses on vulnerabilities and no-fix techniques affecting Ivanti Connect Secure and FortiGate VPNs, potentially allowing attackers to gain control over other critical network assets. VPN servers […]

The post Post-Exploitation Tactics Hackers Use After Compromising Ivanti, Fortigate VPN Servers appeared first on Cyber Security News.

供应商也需强制实施漏洞披露政策

泄露信息包括姓名、地址、电子邮件地址、电话号码、出生日期、社会保障号码和金融账号

A new Ransomware-as-a-Service (RaaS) platform known as DeathGrip has surfaced, offering sophisticated ransomware tools to aspiring cyber criminals. This service is being promoted through Telegram and various underground forums, providing a gateway for individuals with limited technical expertise to launch potent ransomware attacks. DeathGrip’s emergence underscores the growing accessibility of cybercrime tools, posing an increased […]

The post DeathGrip Ransomware Expanding Services Using RaaS Service appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.