Aggregator

Космос космосом, а 5 o’clock по расписанию.

Cybercriminals have embraced a new deceptive technique that transforms seemingly harmless vector graphics into dangerous malware delivery systems. A recent campaign targeting Latin America demonstrates how attackers are exploiting oversized SVG files containing embedded malicious payloads to distribute AsyncRAT, a potent remote access trojan capable of comprehensive system compromise. The campaign begins with carefully crafted […]

The post Hackers Weaponizing SVG Files to Stealthily Deliver Malicious Payloads appeared first on Cyber Security News.

× Unlock Exclusive Cyber Threat Intelligence

Powered by DarkWebInformer.com

Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.

📚4,700+ Blog Posts (PRO)
Continuously updated breach reports and threat summaries. 📢37,000+ Alerts (PRO)
Daily

Китайская разработка извлекает данные даже из мёртвой РНК.

近年来，网络技术的发展引起网络犯罪手段、犯罪形态、危害后果等多方面的变化，这也为打击网络犯罪提出了新的挑战

如何应对深度伪造技术给检察机关司法办案带来的风险挑战，揭开伪造证据面纱，更加精准还原案件事实

加州律师 Amir Mostafavi 因其诉状包含了 ChatGPT 生成的虚假案例而被罚款 1 万美元，这可能是加州法院就 AI 造假开出的金额最高的罚单。这名律师被发现引用的 23 个案例有 21 个是 AI 虚构的。律师告诉法庭，上诉书是他自己写的，然后尝试使用 AI 进行改进，他不知道 AI 会在修饰文本时会引用虚构的案例或捏造内容。他承认自己没有在 AI 修饰后阅读其生成的文本。三名法官组成的审判团队以递交无理诉讼、违反法庭规则、引用虚假案例以及浪费法庭时间和纳税​​人金钱为由对他处以罚款。

There’s no escaping AI’s tightening grip on the technology industry, and it turns out that ransomware criminals are just as susceptible to the reality-bending excitement as anyone else. According to an analysis of 2,800 ransomware incidents from 2023-2024 carried out by Safe Security and MIT Sloan, 80% utilized what is termed ‘adversarial AI’ in one […]

The post The era of AI ransomware is bad news for everyone – including ransomware criminals appeared first on Ransomware.org.

Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). [...]

今日暂未更新资讯~
更多最新文章，请访问SecWiki

New research from Check Point Research reveals the Iranian cyber group Nimbus Manticore is targeting defence, telecom, and aerospace companies in Europe with fake job offers. Learn how they use advanced malware to steal sensitive data.

The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security. "This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites," the Secret

Новый механизм публикации навсегда исключит человека из цепочки доверия.

Learn how to build a high-performance incident response team, including key roles, responsibilities, and the ideal team structure for fast action.

The post Building a High-Performance Incident Response Team: Key Roles, Responsibilities, and Structure appeared first on Sygnia.

Attackers are constantly finding ways to take over accounts and push malicious packages to the npm registry, the (GitHub-operated) online repository for JavaScript and Node.js packages. But in this month alone, we witnessed the compromise of popular code packages after a successful phishing campaign, and the Shai-Hulud attack, which involved the use of a self-replicating worm-like payload that ultimately compromised over 500 packages and compromised many secrets. While GitHub has managed to put a stop … More →

The post After Shai-Hulud, GitHub tightens npm publishing security appeared first on Help Net Security.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.8.4. This issue affects the function nfsd_rename. The manipulation results in deadlock. This vulnerability is known as CVE-2024-35914. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.15.153/6.1.84/6.6.25/6.8.4. Affected is the function kmemdup of the component iwlwifi. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2024-35912. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in QNAP QTS and QuTS hero. The impacted element is an unknown function. The manipulation leads to improper authentication. This vulnerability is referenced as CVE-2024-48859. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in QNAP QTS and QuTS hero. This impacts an unknown function of the component URL Handler. This manipulation causes improper handling of url encoding. This vulnerability is tracked as CVE-2024-48866. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in QNAP QTS and QuTS hero. Affected is an unknown function. Such manipulation leads to crlf injection. This vulnerability is listed as CVE-2024-48867. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.