Aggregator

探讨WebAssembly（WASM）在API网关安全、敏感信息监控、容器隔离等场景的创新应用，对云安全上的应用能力给出一些可以实践的方向。

探讨WebAssembly（WASM）在API网关安全、敏感信息监控、容器隔离等场景的创新应用，对云安全上的应用能力给出一些可以实践的方向。

探讨WebAssembly（WASM）在API网关安全、敏感信息监控、容器隔离等场景的创新应用，对云安全上的应用能力给出一些可以实践的方向。

探讨WebAssembly（WASM）在API网关安全、敏感信息监控、容器隔离等场景的创新应用，对云安全上的应用能力给出一些可以实践的方向。

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members' private accounts and communications.

A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. The attackers are leveraging weaponized LNK files disguised as Office documents to deliver the Remcos backdoor malware, utilizing themes related to troop movements in Ukraine as a social engineering lure to trick victims […]

The post Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows appeared first on Cyber Security News.

Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. A recent investigation revealed 46 new vulnerabilities across three of the world’s top 10 solar inverter vendors, exposing systemic weaknesses in these increasingly essential components of […]

The post 46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings appeared first on Cyber Security News.

800 сотрудников получили вредоносные ZIP-архивы от хакеров.

Разведка США подтвердила использование приложения для внутренней связи.

In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. Backdoor attacks, among the most effective and covert threats to deep learning, involve injecting hidden triggers that cause models to behave maliciously […]

The post DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in GOG Galaxy up to 2.0.71.2. This issue affects some unknown processing of the file GalaxyClientService.exe of the component RPC Object Manager Symbolic Link Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-50915. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in CSS Exfil Protection 1.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-33437. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in Zenario Twig Snippet Plugin and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument HEAD/BODY leads to code injection. This vulnerability was named CVE-2024-34461. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.10. It has been classified as problematic. This affects an unknown part of the component wifi. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-27056. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.0/20.12.0/21.7.2. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Content-Length leads to http request smuggling. This vulnerability is handled as CVE-2024-27982. The attack may be launched remotely. There is no exploit available.

Банк первым в мире математически подтвердил генерацию непредсказуемых данных для криптографии.

Но подойдёт ли она для вашего калькулятора?

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.6. Affected is the function drm_mode_duplicate. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-56711. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.6. It has been declared as critical. Affected by this vulnerability is the function pfn_to_page of the component page_alloc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-57881. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.