Aggregator

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point

历经数年探索，集结来自细胞图谱、大脑类器官等研究获得的海量数据，科学家终于部分揭开了人脑与众不同的秘密。与其它灵长类动物的大脑相比，人脑的一个独特之处是体积大。人脑的体积比黑猩猩、大猩猩以及许多已灭绝的人类“近亲”的大脑大 3 倍以上。进化促使人脑变大，但不同区域的进化程度并不均衡，有些区域会变大更多。其中皮层区域尤为突出。这一区域负责执行计划、推理、语言等众多人类擅长的行为。此外大脑后部神经元密集的小脑区域，与运动和规划息息相关，这个区域也变大了很多。人脑中神经元的数量也与其它动物存在极大差异：人脑的神经元数量约为小鼠大脑的 1000 倍，是猕猴的 13.5 倍。大脑发育的速度因物种而异，但人脑的发育过程尤为漫长。如小鼠大脑在其寿命 5% 时就已发育完全；猕猴和黑猩猩在其寿命的三分之一时大脑发育完全。但人脑需要约 30 年光阴，来生长、成熟并精心织就内部的连接网络，这几乎占据人类平均寿命的一半。科学家认为，这种缓慢的发育节奏为人脑的生长提供了更多可能性。在这段漫长的岁月中，大脑能够孕育出更多的神经元，培育出更为丰富和复杂的连接。同时这也让大脑有了更多时间来适应这个瞬息万变的世界。

国际刑警组织披露，一波“空前”的网络犯罪浪潮席卷全球，每39秒就会发生一次黑客攻击，给受害者造成重大经济损失。

A vulnerability was found in perfSONAR Monitoring and Debugging Dashboard 2.0.2. It has been classified as problematic. This affects an unknown part of the file /style/. The manipulation leads to information disclosure (Directory). This vulnerability is uniquely identified as CVE-2018-12522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

黑莓公司旗下的类 Unix 实时操作系统 QNX 宣布对非商业使用免费，此举旨在吸引嵌入式用户使用，但很多人认为黑莓此举可能已经晚了。QNX 诞生于 1982 年，由加拿大公司 Quantum Software Systems 开发，它后来改名为 QNX Software Systems，2004 年出售给 Harman International Industries，2010 年 Research In Motion（后改名为黑莓）从 Harman International Industries 收购了 QNX。QNX 曾两次尝试开源或公开部分源代码，但因为两次收购案，它的开源行动都无疾而终，黑莓公司在收购 QNX 之后就立即限制了其源代码的访问。QNX Everywhere 是黑莓尝试向感兴趣的用户开放 QNX 的最新举措，它还在 GitLab 上公开一系列示例、应用、框架和库，发布了用于 Raspberry Pi 4 的可启动 QNX 映像文件。

The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense.

And it’s confusing; most “open source” AI models—like LLAMA—are open source in name only. But the OSI seems to have been co-opted by industry players that want both corporate secrecy and the “open source” label. (Here’s one ...

The post AI Industry is Trying to Subvert the Definition of “Open Source AI” appeared first on Security Boulevard.

A vulnerability was found in Quassel 0.10.0. It has been classified as critical. This affects the function CoreUserInputHandler::doMode of the file core/coreuserinputhandler.cpp. The manipulation with the input /op * leads to code. This vulnerability is uniquely identified as CVE-2015-8547. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

International energy solution provider Newpark Resources has confirmed it was hit by a ransomware attack that disrupted critical systems

A vulnerability was found in Impero Education Pro and classified as critical. This issue affects some unknown processing of the component CBC Key Handler. The manipulation leads to missing encryption of sensitive data. The identification of this vulnerability is CVE-2015-5997. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available

We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective

A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys Cybersecurity Research Center (CyRC), CVE-2024-5910 stems from missing authentication for a critical function, which can lead to an Expedition admin account takeover for attackers with network access to the installation. A security update fixing … More →

The post Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) appeared first on Help Net Security.

A vulnerability classified as critical has been found in Joomla CMS up to 1.5.x/2.x/3.4.5. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument User-Agent leads to improper input validation. This vulnerability is traded as CVE-2015-8562. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Новая версия анализирует информацию об активах с помощью искусственного интеллекта.

Кто из миллиардеров определит будущее человечества?

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile […]

Космическая радиация полностью преобразит производство на Земле.

A vulnerability, which was classified as critical, has been found in Zoho ManageEngine SharePoint Manager Plus up to 4503. Affected by this issue is some unknown functionality of the component Management Option. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2024-10839. The attack may be launched remotely. There is no exploit available.