Aggregator

The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware being distributed alongside a Monero coin miner. This malware leverages the PyBitmessage library, a Python implementation of the Bitmessage protocol, to establish covert peer-to-peer (P2P) communications. Unlike traditional HTTP or IP-based methods, PyBitmessage encrypts data exchanges and anonymizes both sender and […]

The post Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with three high-risk flaws enabling denial-of-service (DoS) attacks dominating the threat landscape. The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps platform confronts multiple attack vectors that could destabilize systems through resource […]

The post Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco has disclosed a significant security vulnerability in its Identity Services Engine (ISE) that could enable unauthenticated remote attackers to cause denial of service conditions by exploiting flaws in the RADIUS message processing feature. The vulnerability, which was discovered during Cisco’s internal security testing, allows attackers to force affected devices to reload by sending specially […]

The post Cisco Identity Services RADIUS Vulnerability Allows Attackers to Trigger Denial of Service Condition appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The High-severity cross-site scripting (XSS) vulnerability has been discovered in Grafana, prompting the immediate release of security patches across all supported versions. The vulnerability (CVE-2025-4123) enables attackers to redirect users to malicious websites where arbitrary JavaScript code can be executed. Grafana Labs has released patches ahead of schedule after discovering the vulnerability had been publicly […]

The post Grafana Zero-Day Vulnerability Allows Attackers to Redirect Users to Malicious Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets. This flaw, identified as CVE-2023-5517, could cause named (the BIND DNS server process) to terminate unexpectedly with an assertion failure when specific queries were processed with certain features enabled. The vulnerability, disclosed in BIND 9.18.24 release […]

The post Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers revealed this method exploits shared memory regions and thread context manipulation to execute malicious payloads without triggering standard detection heuristics. Novel process injection technique leveraging execution-only primitives has demonstrated the ability to bypass leading Endpoint Detection and Response (EDR) systems by avoiding traditional memory allocation and modification patterns. Modern EDR solutions typically monitor for […]

The post New Process Injection Technique Evades EDR by Injecting Malicious Code into Windows Processes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

声明：以下内容符合OSINT国际开源情报搜集定义，不涉及任何非法行为，仅供交流与参考。

2017年7月，发生了一起足以在国际冰球赛史上留名的丑闻：

来自俄罗斯冰球队的教练，在他们的房间里发现了一个窃听器材。

据 Sport-Express 报道，周五晚，Metallurg 在对阵 Saint Petersburg SKA的加加林杯决赛中，最终以 2-1 失利。

赛后，Metallurg （全称：Metallurg Magnitogorsk，马格尼托格尔斯克马钢城队）的客队教练在圣彼得堡冰宫的教练室内，发现了一个带有麦克风的窃听器材，引起一片哗然，Metallurg 宣称会将其交给联盟以便开展更多调查。

如下图所示，这个窃听器材并不是什么高科技的间谍装置，看起来更像是某个电子爱好者做的小制作

所以，普遍有这样两种看法：

1、Metallurg 故意窃听自己，以分散民众对决赛的关注度。

2、或许确实是 SKA 在监视他们，这最终意味着 Metallurg 可能从未通过电子邮件讨论过比赛战术及执教计划，否则 SKA 早就拿到了。

咳咳，虽然杨叔不懂冰球，不过这个消息供大家参考：

Saint Petersburg SKA（圣彼得堡陆军队）是 KHL 中最富有的球队，他们的副总裁也是冰球俄罗斯的副总裁。

小知识：

大陆冰球联赛（俄语：Континентальная хоккейная лига），简称：KHL联赛，成立于2008年，其前身为俄罗斯冰球超级联赛。

大陆冰球联赛除了俄罗斯冰球俱乐部参加外，还吸纳了中国、哈萨克斯坦、白俄罗斯、拉脱维亚、芬兰等国冰球俱乐部参赛。

大陆冰球联赛分常规赛和季后赛，季后赛冠军为当年KHL联赛总冠军，获得加加林杯（Gagarin Cup），常规赛冠军获得大陆杯（Continental Cup）。

教练们，似乎需要某种方式来保护自己免受使用录音设备在会所或更衣室环境中偷偷地......也许是非法地......记录他们的言论。

2020年5月，美国加利福尼亚州Anaheim Esperanza 的拉里·麦肯 (Larry McCann) 成为至少两个赛季以来，第二位因为俱乐部的秘密录音，被迫离职的南地高中棒球教练。

在麦肯的案例中，音频来自 4 月 11 日的一次会议，当时他的团队战绩下降到 3-12。在《泰晤士报》获得的一份 15 分钟录音副本中，可以听到教练批评他的球员，从他们在奏国歌时的“不尊重”排队行为，到他们在比赛期间表现出缺乏基本功很差等。

很难相信教练会因为录音内容而被解雇，但麦肯说这就是他被解雇的原因。而校长拒绝就人事问题发表评论。

在上个赛季之前，格拉纳达山的第一位棒球教练雷吉史密斯说，他也是在秘密录音后被解雇，在录音中他在与球队交谈时使用了亵渎神灵的词语。

和大家想象的不一样，这个还真不是针孔偷拍，而是官方安装的隐藏摄像头。

2020年10月，根据《每日新闻》报道，New York Jets （纽约喷气机队）的球员向 NFLPA（国家橄榄球联盟球员协会）通报了隐藏在喷气机队球员更衣室烟雾报警器中的监视设备。

但据消息人士透露，美国国家橄榄球联盟声称，自 2008 年球队从长岛搬到新泽西州弗洛勒姆公园的新训练设施以来，监视摄像设备一直部署在更衣室内及附近。

所以，联盟得出的结论是：球员们知道这些摄像头，因此，这些摄像头符合联盟规则。

但无论球队前任或现任球员都没有印象签署过关于更衣室监控的同意书，而且无论如何，工会也极不可能同意。

不过受疫情影响，NFL 和 NFLPA都同意启用更严格的 COVID-19 疫情管控协议，以确保团队成员遵守安全措施以降低感染风险。于是在团队设施的公共/公共区域开展了额外的视频监控。

防疫为重，似乎球员们只能捏鼻子认了。

小知识：

NFL职业橄榄球大联盟（National Football League，简称NFL）是指国家橄榄球联合会（National Football Conference，简称国联（NFC））与美国橄榄球联合会（American Football Conference，简称美联（AFC））合并后的名称。

美国职业橄榄球大联盟居北美四大职业体育运动联盟之首，也是世界上规模最大的职业橄榄球大联盟。

其实还有很多案例，比如大学体育特长学生引进过程舞弊、高校球员淋浴室出现针孔摄像头、体育企业出现窃密器材、体育明星被跟踪偷拍等等，杨叔就不再举例了。

就像美国某位足球教练说的一样：

“我认为时代已经有了很大变化，你必须非常谨慎。我总是假设我们一直在被某种形式记录下来。”

在当今时代，无论体育圈还是其它行业圈，保护商业与个人隐私已愈发显得重要，希望大家都能在努力工作的同时，保护好自己。

You must login to view this content

You must login to view this content

You must login to view this content