Aggregator

Currently trending CVE - Hype Score: 22 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

HackerNews 编译，转载请注明出处： 联合国警告称，网络诈骗活动正以工业化规模在东南亚及更广区域扩张。 联合国毒品和犯罪问题办公室（UNODC）新报告《拐点：东南亚诈骗中心、地下银行与非法在线市场的全球影响》披露了相关发现。 报告指出，诈骗中心由“复杂的跨国集团与洗钱者、人口贩子、数据中介及日益增多的专业服务提供商组成的犯罪集团驱动”。 这些组织倾向聚集在缅甸与柬埔寨等“脆弱”边境地区，大型整合集团正取代分散诈骗团伙，建设“工业科技园区、赌场及酒店”。 UNODC表示，此类集团利用腐败官员“进一步渗透东南亚许多偏远、脆弱及防护薄弱的地区，并日益向其他区域扩张”，年获利达数百亿美元。 报告警告称：“当前越来越明显的是，东南亚已发生可能无法逆转的溢出效应，犯罪集团可自由选择司法管辖区、转移业务与资产，导致局势迅速超出政府管控能力。” 据称，数十万被贩运受害者与“谋划者”共同推动产业扩张，通过犯罪市场、赌博平台、无证支付处理商、加密通信平台、稳定币及区块链网络等在线服务牟利。UNODC指出，生成式人工智能（GenAI）被滥用于诈骗的案例正日益增多。 联合国补充声明，2023年这些亚洲犯罪集团在本土通过网络诈骗获利约370亿美元，同时将业务扩展至非洲、南美、南亚及太平洋岛屿等遥远地区。报告呼吁采取多管齐下应对措施，包括提高政治意识、强化监管框架、加强跨机构与区域合作、提升执法部门技术能力。 UNODC东南亚及太平洋地区代理代表Benedikt Hofmann认为，犯罪集团扩张旨在对冲未来风险与干扰。“它像癌症般扩散，”Hofmann强调，“当局在某区域打击，但其根源永不消失；它们只是转移。这导致该区域实质上成为由复杂集团自由利用漏洞的相关联组织，从而危及国家主权，扭曲政策制定流程及其他政府体系。”     消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

送给摄影师的一封情书。

「反垄断」为虚，想快速获取现成的巨量用户，才是 OpenAI 的真正用意。

Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy

With billions of users, YouTube has become a tempting target for cybercriminals. They post malicious links in video descriptions and comments. Some send phishing emails to creators, posing as sponsors but attaching malware. Others hijack popular channels to promote fake cryptocurrency giveaways. Deepfake videos have entered the mix, using AI to impersonate well-known public figures. This article looks at the most common scams found on YouTube and how they work. Malware in video descriptions and … More →

The post The dark side of YouTube: Malicious links, phishing, and deepfakes appeared first on Help Net Security.

Custom-Crafted, Qantas-Spoofing Emails Target Australian Victims

The post Custom-Crafted, Qantas-Spoofing Emails Target Australian Victims appeared first on Security Boulevard.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0. It has been classified as problematic. This affects an unknown part of the file avrc_pars_ct.cc of the component AVRC Response Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2022-20483. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Google Android 10.0/11.0/12.0. Affected by this issue is the function setEnabledSetting of the file PackageManager.java. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2022-20476. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Android 10.0/11.0/12.0/13.0. This affects the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2022-20478. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Android 10.0/11.0/12.0/13.0 and classified as problematic. This vulnerability affects the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. This vulnerability was named CVE-2022-20479. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0 and classified as problematic. This issue affects the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2022-20480. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12.0/13.0. It has been classified as problematic. Affected is the function createNotificationChannel of the file NotificationManager.java. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2022-20482. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0. It has been declared as problematic. Affected by this vulnerability is the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. This vulnerability is known as CVE-2022-20484. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0. It has been rated as problematic. Affected by this issue is the function NotificationChannel of the file NotificationChannel.java. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2022-20485. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0 and classified as problematic. Affected by this issue is the function GetResolvedMethod of the file entrypoint_utils-inl.h. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-20502. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Android 13.0 and classified as problematic. Affected by this vulnerability is the function shouldHideNotification of the file KeyguardNotificationVisibilityProvider.kt. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2022-20477. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0. It has been declared as problematic. This vulnerability affects the function onCreate of the file EnableAccountPreferenceActivity.java. The manipulation leads to improper restriction of rendered ui layers. This vulnerability was named CVE-2022-20501. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 10.0/11.0/12.0/13.0. It has been rated as critical. This issue affects the function deletePackageVersionedInternal of the file DeletePackageHelper.java. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2022-20611. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Prevent Files Access Plugin up to 2.5.1 on WordPress and classified as problematic. This issue affects the function mo_media_restrict_page. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2023-4238. The attack needs to be initiated within the local network. There is no exploit available.