Aggregator

探讨WebAssembly（WASM）在API网关安全、敏感信息监控、容器隔离等场景的创新应用，对云安全上的应用能力给出一些可以实践的方向。

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members' private accounts and communications.

A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. The attackers are leveraging weaponized LNK files disguised as Office documents to deliver the Remcos backdoor malware, utilizing themes related to troop movements in Ukraine as a social engineering lure to trick victims […]

The post Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows appeared first on Cyber Security News.

Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. A recent investigation revealed 46 new vulnerabilities across three of the world’s top 10 solar inverter vendors, exposing systemic weaknesses in these increasingly essential components of […]

The post 46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings appeared first on Cyber Security News.

800 сотрудников получили вредоносные ZIP-архивы от хакеров.

Разведка США подтвердила использование приложения для внутренней связи.

In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. Backdoor attacks, among the most effective and covert threats to deep learning, involve injecting hidden triggers that cause models to behave maliciously […]

The post DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models appeared first on Cyber Security News.

A vulnerability was found in CSS Exfil Protection 1.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-33437. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in Zenario Twig Snippet Plugin and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument HEAD/BODY leads to code injection. This vulnerability was named CVE-2024-34461. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.0/20.12.0/21.7.2. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Content-Length leads to http request smuggling. This vulnerability is handled as CVE-2024-27982. The attack may be launched remotely. There is no exploit available.

Банк первым в мире математически подтвердил генерацию непредсказуемых данных для криптографии.

Но подойдёт ли она для вашего калькулятора?

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.6. Affected is the function drm_mode_duplicate. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-56711. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Hdrtest проверяет C-файлы, но ломает настроение Торвальдса.

Рассказываем, почему навык задавать вопросы сегодня важнее, чем знать ответы

Миллионы паролей в даркнете, 2FA больше не спасает — что делать.

Защитные системы бессильны против динамически генерируемых страниц авторизации.

Новый алгоритм разбивает пользователей на группы по степени зрелости — и это неутешительно.

Artificial intelligence has dramatically transformed the cybersecurity landscape, with red team activities increasingly leveraging sophisticated AI-driven techniques to simulate advanced persistent threats. These AI-enhanced red teams can now automate the process of penetrating targets and collecting sensitive data at unprecedented speeds. The evolution of machine learning, deep learning, and large language models has opened new […]

The post Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence appeared first on Cyber Security News.