Aggregator

机会就在眼前，赶紧抓住！名额有限，先到先得！🎯

机会就在眼前，赶紧抓住！名额有限，先到先得！🎯

机会就在眼前，赶紧抓住！名额有限，先到先得！🎯

机会就在眼前，赶紧抓住！名额有限，先到先得！🎯

一家知名日本加密货币平台遭遇黑客攻击，损失了价值数亿美元的加密货币，开业不到6个月便宣布关闭。 12月2日，DMM Bitcoin宣布，计划将所有客户账户及公司资产转移至另一家加密货币公司SBI VC Trade。后者是日本金融服务巨头思佰益（SBI）集团的子公司。 DMM Bitcoin表示，此决定源于今年5月31日的重大事件。当日，黑客侵入平台并盗取了4502.9枚比特币。事件发生时，这些比特币价值3.08亿美元（约合人民币22.39亿元），截至12月2日，其价值已增至超过4.29亿美元（约合人民币31.19元）。 DMM Bitcoin解释称，相关事件的调查仍在进行中，并透露平台已持续限制客户提取加密货币及提交购买订单。 公司表示：“我们认为，若长期维持现状，将严重影响客户的便利性。基于此情况，我们决定优先保护客户利益，将所有账户及资产转移至另一家公司。对此造成的长期不便，我们深表歉意。转移完成后，公司计划终止业务运营。” DMM Bitcoin成立于2018年1月。公司与SBI VC Trade已于近日（11月29日）签署协议，预计将在2025年3月之前完成所有账户及资产的转移。目前，双方仍在处理交易的具体细节，并将于未来发布进一步公告。SBI VC Trade也在声明中确认了这一交易。 调查显示交易所风险管理存在严重问题 5月底此次攻击发生后，DMM Bitcoin不得不通过贷款筹集巨额资金以弥补损失。6月，该公司获得了550亿日元（约合3.67亿美元）的贷款。 自9月以来，公司未就此事件提供进一步更新，也未公开完整说明事件细节，包括黑客身份及被盗资金的具体流向。 日本金融厅已介入调查，并在9月表示：“我们发现公司在系统风险管理及应对加密资产泄漏风险方面存在严重问题。” 调查显示，公司未指派专人负责风险管理，相关职责被集中在少数人员手中。此外，公司部门间进行了内部自我审计，但并未接受独立审计。 金融厅指出，DMM Bitcoin违反了多项有关加密货币公司处理资产转移的规定，且未保存有助于调查盗窃事件的日志记录。 金融厅表示：“公司未采取有效措施防止因欺诈行为等导致的加密资产外流，未能确保内部和外部的安全性。其在加密资产转移管理方面存在松散行为。此外，内部审计形同虚设，容忍这些管理漏洞，未能建立健全的风险防控体系。” 金融厅已向公司发出“业务改善命令”，但未明确是否会采取其他处罚措施。 分析认为攻击者为朝黑客组织Lazarus 区块链安全公司Elliptic的研究人员指出，被盗资金已迅速被分散，其中部分资金被转入至少10个不同的钱包中。 知名加密货币研究员ZachXBT于7月表示，这些资金中有部分通过一家有争议的柬埔寨支付平台Huione Guarantee进行洗钱。该平台与有组织犯罪及柬埔寨执政家族中的某成员存在关联。 ZachXBT根据资金转移方式及其他线索推测，此次攻击可能由臭名昭著的朝鲜黑客组织Lazarus Group发起。该组织以多起高调的网络攻击闻名，据称在过去10年内为朝鲜政府获取了超过30亿美元的资金。 根据区块链研究公司Chainalysis的报告，2024年上半年，网络犯罪分子通过加密货币盗窃获取了近16亿美元，高于2023年同期的8.57亿美元。 今年下半年也发生了多起重大盗窃事件。其中包括：印度加密货币平台WazirX被盗至少2.3亿美元，新加坡加密货币平台BingX被盗超过4400万美元；此外，印尼最大的加密货币平台于2024年9月被盗2000万美元，新加坡另一家加密货币平台Penpie报告称损失2700万美元。     转自安全内参，原文链接：https://www.secrss.com/articles/73079 封面来源于网络，如有侵权请联系删除

Meta 内部使用的辅助编程工具 Metamate 同时使用了 OpenAI 的 GPT-4 以及自己开发的 Llama AI。Llama 和 GPT-4 是竞争对手关系，Meta CEO 扎克伯格（Mark Zuckerberg）曾公开宣称 Llama 是领先的 AI 模型。此外扎克伯格的慈善机构 Chan Zuckerberg Initiative 正使用 OpenAI 的技术开发一款教育 AI 工具，而 OpenAI CEO Sam Altman 加入了其 AI 顾问委员会。

White House: Salt Typhoon hacked telcos in dozens of countries

A vulnerability was found in Image Access Scan2Net. It has been rated as problematic. This issue affects some unknown processing of the component Login Page. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-36494. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Image Access Scan2Net. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2024-50584. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Image Access Scan2Net. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-36498. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Image Access Scan2Net and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-47946. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Image Access Scan2Net and classified as critical. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. The manipulation leads to hard-coded credentials. This vulnerability is known as CVE-2024-28146. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Image Access Scan2Net. Affected is an unknown function of the file dbconnector.php of the component GET Parameter Handler. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-28145. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Image Access Scan2Net. This issue affects some unknown processing of the component Reboot/Shutdown. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-28144. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Image Access Scan2Net. This vulnerability affects unknown code of the component Password Change Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-28143. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Image Access Scan2Net. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-47947. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Image Access Scan2Net. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-28142. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Image Access Scan2Net. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-28141. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Image Access Scan2Net. It has been classified as critical. Affected is an unknown function of the component Kiosk Mode. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-28140. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Image Access Scan2Net and classified as critical. This issue affects some unknown processing of the component mount Command Handler. The manipulation leads to insecure inherited permissions. The identification of this vulnerability is CVE-2024-28139. The attack needs to be done within the local network. There is no exploit available.