Aggregator

AI 需要的钱，可比造车要多多了。

AI 需要的钱，可比造车要多多了。作者 | 周永亮、shiyun编辑 | 靖宇最近，理想汽车连续三天推出「2024 理想 AI Talk」，分享了理想汽车董事长兼 CEO 李想对人工智能的最新思考，以

As deepfakes become increasingly sophisticated and accessible, their potential for misuse in areas such as cybercrime, misinformation campaigns, and identity theft continues to grow. In this article, you will find key insights from 2024 reports on deepfake technology and the growing risks it represents. Crypto companies are losing ground to deepfake attacks 57% of crypto companies report audio deepfake incidents, compared to just 45% facing fake or modified document fraud. While the crypto industry experiences an average … More →

The post Deepfakes question our ability to discern reality appeared first on Help Net Security.

News苹果公司近日同意支付9500万美元，以和解一项涉及Siri隐私泄露的集体诉讼。该诉讼指控苹果公司未经用户同意，录制并分享了因Siri意外激活而捕捉到的私人对话，并将这些录音分享给第三方，包括承

A vulnerability, which was classified as very critical, was found in Microsoft Windows. This affects an unknown part of the component LDAP. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2022-29130. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows up to Server 2022 and classified as critical. This vulnerability affects unknown code of the component LDAP. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2022-29131. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as critical. This issue affects some unknown processing of the component Print Spooler. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2022-29132. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows 11. It has been classified as very critical. Affected is an unknown function of the component Kernel. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2022-29133. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows Server 2012 R2/Server 2016/Server 2019/Server 2022/Server 20H2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Clustered Shared Volume. The manipulation leads to information disclosure. This vulnerability is known as CVE-2022-29134. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows Server 2012 up to Server 2019. It has been rated as critical. Affected by this issue is some unknown functionality of the component Cluster Shared Volume. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2022-29135. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part of the component LDAP. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2022-29137. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows Server 2012 up to Server 2019. This vulnerability affects unknown code of the component Clustered Shared Volume. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2022-29138. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Microsoft Windows up to Server 2022. Affected is an unknown function of the component Print Spooler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-29140. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component LDAP. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2022-29141. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows up to Server 2022 and classified as critical. Affected by this issue is some unknown functionality of the component Kernel. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2022-29142. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

HackerNews 编译，转载请注明出处： 苹果公司已同意支付9500万美元，以和解一项指控其利用虚拟助手Siri偷听iPhone及其他时尚设备用户隐私的诉讼。 周二，加利福尼亚州奥克兰联邦法院提交的和解方案，旨在解决这起长达5年的诉讼。该诉讼指控苹果公司在十多年间，秘密激活Siri，通过iPhone及其他配备该虚拟助手的设备记录用户对话。 据称，这些录音甚至在用户没有使用触发词“嘿，Siri”激活虚拟助手时也发生了。诉讼还声称，部分录音被分享给广告商，以便向更可能对产品感兴趣的消费者推销商品和服务。 关于Siri偷听的指控，与苹果公司长期以来保护客户隐私的承诺相悖。苹果公司首席执行官蒂姆·库克经常将此承诺描述为捍卫“一项基本人权”的斗争。 在这项和解中，苹果公司并未承认有任何不当行为，该和解仍需得到美国地区法官杰弗里·怀特的批准。案件律师已提议于2月14日在奥克兰举行法庭听证会，以审查和解条款。 如果和解获得批准，自2014年9月17日至去年年底拥有iPhone及其他苹果设备的数千万消费者可提出索赔。每位消费者可获得最多20美元的赔偿，针对和解覆盖的每台配备Siri的设备，但具体赔偿金额可能会根据索赔数量而增减。据法庭文件估计，预计只有3%至5%的符合条件的消费者会提出索赔。 符合条件的消费者最多只能就五台设备寻求赔偿。 对于苹果公司自2014年9月以来获得的7050亿美元利润而言，这笔和解金额只是九牛一毛。同时，这也远低于消费者代表律师在诉讼中估计的，如果苹果被判违反窃听及其他隐私法律，可能需要支付的约15亿美元罚款的一小部分。 根据法庭文件，提起诉讼的律师可从和解基金中寻求最多2960万美元，以支付其费用和其他开支。   消息来源：Security Week, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

2024 又要到了结尾， 最近和朋友们聊到过去的一年时，常常听到大家感叹「好像什么都没做，一年就过去了」。作为一个曾经容易分心、拖延，做事三分钟热度、又带着完美主义倾向的人，我突然觉得如果能分享下

HackerNews 编译，转载请注明出处： 日本最大移动运营商NTT Docomo发布报告称，该公司正努力恢复服务，此前一次网络攻击于周四暂时中断了其运营。 总部位于东京的NTT Docomo在声明中透露，其系统遭受了分布式拒绝服务（DDoS）攻击，这种攻击通过多个源头向网络发送大量垃圾流量，导致部分服务无法正常使用。 从周四清晨至傍晚，当地用户无法访问NTT Docomo的新闻网站、视频流平台、移动支付、网络邮件服务以及一个高尔夫爱好者网站。目前，大多数服务已恢复访问，但部分内容的更新可能会延迟。 NTT Docomo未指明此次攻击的具体威胁行为体。值得注意的是，该公司在2023年曾遭受勒索软件团伙Ransomed.vc的攻击。该团伙声称，在据称逮捕六名附属人员后，计划停止活动。 NTT Docomo是最近几个月遭受网络攻击的众多日本公司之一。12月初，日本航空（JAL）因系统“流量激增”导致部分国内外航班延误，疑似遭遇DDoS攻击。 上月，日本大型非寿险公司三井住友保险公司报告称，其一家第三方供应商遭到未具名勒索软件组织的攻击，可能导致数千名投保人信息泄露。 去年早些时候，知名媒体公司角川据称在一次数据泄露后，向与俄罗斯有联系的黑客组织BlackSuit支付了近300万美元。 此外，日本钟表制造商卡西欧在10月也遭受勒索软件攻击，导致交货延迟，该事件由“地下”勒索软件团伙所为。 其他近期遭遇网络攻击的日本公司还包括电机制造商日本电产、汽车零部件制造商Yorozu和研发机构Monohakobi。 据当地媒体报道，三菱日联银行、Resona银行和瑞穗银行等日本主要金融机构的网上银行服务也因网络攻击而中断。   消息来源：The Record, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文