「推安早报」1010 | 近期漏洞、红蓝工具
涵盖CUPS打印系统、恶意软件虚拟化、Exchange PowerShell等多领域漏洞,以及Active Directory检测、Zimbra邮件平台远程命令执行等关键威胁
Aggregator
可导致设备崩溃,MMS协议被曝存在多个安全漏洞
11 months 1 week ago
制造信息规范(MMS)协议中存在多个安全漏洞,一旦被黑客利用,将很有可能会对工业环境中造成严重影响。
DumpForums论坛黑客声称从网络安全公司 Dr.Web 窃取了 10TB 数据
11 months 1 week ago
根据黑客在DumpForums 上发布的声明,此次攻击事件是经过精心策划和执行的,历时数天。
Update from the Trenches
11 months 1 week ago
Marriott required to pay $52 million, beef up information security in wake of data breaches
11 months 1 week ago
The Federal Trade Commission (FTC) will require Marriott International and its subsidiary Starwood
Palo Alto Networks warns of firewall hijack bugs with public exploit
11 months 1 week ago
error code: 1106
What lies ahead for AI in cybersecurity
11 months 1 week ago
AI is becoming recognized for its potential to strengthen cybersecurity measures and tackle the skills gap across various sectors. Its ability to streamline data management processes boosts efficiency and strengthens security protocols. However, the rise of GenAI has raised alarms about the effectiveness of traditional data privacy practices, urging a reevaluation of existing strategies. Aaron Fulkerson, CEO of Opaque, discusses how the weaponization of GenAI has made existing data privacy practices (like masking, anonymization, tokenization, … More →
The post What lies ahead for AI in cybersecurity appeared first on Help Net Security.
Help Net Security
谷歌与 GASA 和 DNS RF 联手应对大型网络诈骗
11 months 1 week ago
本周三,谷歌宣布与全球反诈骗联盟(GASA)和DNS研究联合会(DNS RF)建立全新伙伴关系,目的在于打击网络诈骗。 该合作平台被命名为全球信号交换系统(GSE),旨在实时洞察以欺诈为内核的各种形式的网络犯罪。其背后逻辑在于通过汇集不同数据源的威胁信号,增强对网络犯罪实施者的可见性。 谷歌在《黑客新闻》上发布博客文章,表示:“GSE集中式平台的建立,旨在改善滥用信号的交换,从而更快地识别并阻断各部门、平台和服务中的欺诈活动。”。 GSE的目标是,创建一个由GASA和DNS RF共同管理,对用户友好且解决问题高效的方案,并且该方案可在线上运行,提供符合条件的组织访问。 谷歌表示,它已经共享超过10万个不良商家的URL和超过100万个诈骗信号,并将其输入到数据平台,以期同步提供来自其他产品的数据。 它补充道:“从既有经验中可知,如果想要更全方位地保护用户,更有力地打击打击网络诈骗行为及其背后的犯罪组织需要政府、企业、社会三方协作。” 谷歌还借此机会指出,跨帐户保护已被应用于使用谷歌账号登录网站和应用程序的32亿使用者。而公司的下一步计划则是与Canva、Electronic Arts、Indeed和微软旗下的LinkedIn合作。 一周前,Meta表示将与英国银行合作打击其平台上的欺诈行为,而这也是欺诈情报互惠交易所(FIRE)信息共享合作计划的一部分。 消息来源:The Hacker News,译者:XX; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews
攻防演练实录 | 360助力某能源企业安全运营实战“自动驾驶”
11 months 1 week ago
2024攻防演练落下帷幕360 AI军团及相关组织保障本地安全大脑与安全大模型强强联合以智能化攻防演练解决方案服务超200家单位为客户构建云地协同的安全防线守护百行千业数字安全攻防演练圆满收官政府、金
Internet Archive 遭遇黑客攻击,导致 3100 万用户数据泄露
11 months 1 week ago
在 archive.org 的访问者开始看到黑客创建的 JavaScript 警报后,有关泄露的消息开始流传。
Kill
11 months 1 week ago
cohenido
Meow
11 months 1 week ago
cohenido
Lynx
11 months 1 week ago
cohenido
Mozilla fixes Firefox zero-day actively exploited in attacks
11 months 1 week ago
error code: 1106
Lamborghini Carjackers Lured by $243M Cyberheist
11 months 1 week ago
The parents of a 19-year-old Connecticut honors student accused of taking part in a $24
最后四天倒计时|2024双11安全保卫战
11 months 1 week ago
阿里巴巴联合蚂蚁、百度、贝壳、Boss直聘、京东、快手、美团、OPPO、平安、荣耀、微博、小米、字节跳动组成双11安全联盟公司排名不分先后诚邀白帽战士参与第八届双十一安全保卫战为数亿用户的安全保驾护航
【漏洞通告】Redis 缓冲区溢出漏洞(CVE-2024-31449)
11 months 1 week ago
漏洞名称:Redis 缓冲区溢出漏洞(CVE-2024-31449)组件名称:Redis影响范围:2.6 ≤ Redis < 6.2.167.0.0 ≤ Redis < 7.2.67.4.0 ≤ Re
微软补丁日安全通告 | 10月份
11 months 1 week ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
Kraken: All-in-One Toolkit for BruteForce Attacks
11 months 1 week ago
Kraken Kraken is a powerful, Python-based tool designed to centralize and streamline various brute-forcing tasks. Kraken provides a suite of tools for cybersecurity professionals to efficiently perform brute-force attacks across a range of protocols and...
The post Kraken: All-in-One Toolkit for BruteForce Attacks appeared first on Penetration Testing Tools.
ddos
Cybercriminals Are Targeting AI Conversational Platforms
11 months 1 week ago
Cybercriminals Are Targeting AI Conversational PlatformsResecurity reports a rise in attacks o