Aggregator

由于 App-Bound 服务是以系统权限运行的，攻击者需要做的不仅仅是诱骗用户运行恶意应用程序。

Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able to pinpoint the intendend victims. The email included a link pointing to an unusually big ZIP file (285 MB), and its name – OneAmerica Survey.zip – points to the likely lure: a survey by OneAmerica … More →

The post Beware of phishing emails delivering backdoored Linux VMs! appeared first on Help Net Security.

根据在珠海航展上公布的最新设计，长征九号重型火箭的外形看起来就像是 SpaceX Starship 的克隆。根据最新设计，长征九号的第一级将是完全可重复使用的，使用了 30 台 YF-215 引擎，燃料为甲烷和液氧，单引擎推力约 200 吨。相比下，Starship 第一级使用了 33 台 Raptor 引擎，燃料为甲烷和液氧，单引擎推力约为 280 吨。长征九号的上面级也与 Starship 相似，襟翼也在相似位置。中国计划在 2033 年试射长征九号。这不是中国火箭制造商第一次模仿 SpaceX，毕竟 SpaceX 在可重复使用火箭领域处于领先位置，它的设计就是行业的最佳实践。

A vulnerability was found in Samba up to 3.6.x. It has been rated as very critical. Affected by this issue is the function SetInfoPolicy AuditEventsInfo. The manipulation leads to numeric error. This vulnerability is handled as CVE-2012-1182. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

韩国个人信息保护委员会决定对违反韩国《个人信息保护法》的美国公司 Meta 处以 216.232 亿韩元（约合人民币 1.12 亿元）的行政罚款。根据调查结果，Meta 从旗下社交平台 F

亚马逊流媒体服务 Prime Video 推出了工具 X-Ray Recaps，使用生成式 AI 为观众概述正在观看的剧集内容。X-Ray Recaps 能创建整季节目、单集，甚至剧集片段

A vulnerability classified as critical was found in Apple iOS up to 9.3.1. Affected by this vulnerability is an unknown functionality of the component IOAcceleratorFamily. The manipulation leads to memory corruption. This vulnerability is known as CVE-2016-1817. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Хакер IntelBroker проник в самое сердце NOKIA – но не блефует ли он?

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legiti

一、青龙组WEB web1 开局随便随便输入都可以登录，登上去以后生成了一个token和一个session，一个是jwt一个是flask框架的这边先伪造jwt,是国外的原题CTFtime.org /

Robert Leslie Roberson III 于 2003 年被定罪谋杀其两岁女儿而被判死刑，原定于 2024 年 10 月 17 日处决，但死刑裁决的一个重要依据摇晃婴儿综合症已被认为是错误的，因此其处决已被推迟。摇晃婴儿会造成伤害，但摇晃并不是构成相关伤害的唯一方式，意外摔倒或肺炎都可能造成类似伤害，而他的女儿本就存在肺炎等医疗问题。研究表明，很多用于诊断摇晃的伤害实际上更可能是意外导致的。Roberson III 的案件在历史上并不罕见，法律史上充斥着曾认为是科学真理的案例：FBI 在 2015 年报告非基于 DNA 的微观毛发鉴定九成是错误的；咬痕检验的专家甚至无法在咬痕来自狗还是来自人上面达成一致。科学认识随着时间在不断变化，黄油曾被认为有害，人造黄油更有益，今天我们知道黄油比人造黄油更好。法律对一锤定音的需求与科学不断发展的本质之间的冲突正在制造严重的司法问题。

Цифровое око за кассой — новый подход к борьбе с внутренними рисками.

In Q3 2024, credential exposure alerts made up a striking 75% of GreyMatter Digital Risk Protection (DRP) alerts across our customer base, revealing the extensive threat posed by compromised credentials.

In Q3 2024, credential exposure alerts made up a striking 75% of GreyMatter Digital Risk Protection (DRP) alerts across our customer base, revealing the extensive threat posed by compromised credentials.

A vulnerability, which was classified as problematic, was found in Honeywell Tuxedo Touch up to 5.2.19.0. This affects an unknown part of the component Home-Automation Command Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2015-2848. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

decompress压缩包套娃，一直解到最后一层，将文件提取出来提示给出了一个正则，按照正则爆破密码，一共五位，第四位是数字 ^([a-z]){3}\d[a-z]$一共就五位数，直接ARCHPR爆破

Нашумевший хакер сам предсказал своё падение.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows XP SP3. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2008-4323. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox 3.0.3. This affects an unknown part of the component User Interface. The manipulation leads to improper resource management. This vulnerability is uniquely identified as CVE-2008-4324. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Sylvain Pasquet BbZL.PhP 0.92. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument lien_2 leads to path traversal. This vulnerability is uniquely identified as CVE-2008-4707. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.