100 часов жизни: хакер обыграл вымогателей их же оружием
Специалист предотвратил кибератаки на несколько крупных компаний.
Aggregator
土耳其以剥削儿童为由封杀 Roblox
11 months 3 weeks ago
在儿童游戏市场占据主导地位的美国游戏公司 Roblox 被土耳其封杀,理由是儿童剥削问题。Roblox 允许用户去设计自己的游戏、物品及衣服,以及游玩自己和其他开发者创建的各种不同类型的游戏,这些游戏均使用编程语言 Lua。Roblox 有逾 1.64 亿月活跃用户,美国 16 岁以下儿童半数以上在玩。由于 Roblox 平台的“开发者”主要是儿童,因此它也受到了利用童工的批评。现在土耳其政府认为 Roblox 通过非法行为剥削儿童,因此在全国范围内无限期禁止用户和创作者访问该平台。土耳其媒体称,其它原因包括宣传恋童癖的虚拟派对以及赌博问题。Roblox 发表声明表示将努力恢复在土耳其的访问。
【风险提示】Windows 远程桌面授权服务远程代码执行漏洞(CVE-2024-38077)
11 months 3 weeks ago
检测业务是否受到此漏洞影响,请联系长亭应急服务团队!
【风险提示】Windows 远程桌面授权服务远程代码执行漏洞(CVE-2024-38077)
11 months 3 weeks ago
检测业务是否受到此漏洞影响,请联系长亭应急服务团队!
Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities
11 months 3 weeks ago
Every software and operating system vendor has been implementing security measures to protect their products. This is due to the fact that threat actors require a lot of time to find a zero-days but require less time to find a readily available exploit for a vulnerable software. This brought them to the thought where they […]
The post Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
Kaaviya Balaji
Новая блокировка: Signal попал под санкции Роскомнадзора
11 months 3 weeks ago
Мессенджер заблокирован по требованию ведомства.
央行就《修改〈中国人民银行关于进一步加强征信信息安全管理的通知〉有关公告(征求意见稿)》公开征求意见
11 months 3 weeks ago
意见反馈截止时间为2024年8月25日。
三星将为 Galaxy 安全保险库的 RCE 支付 100 万美元
11 months 3 weeks ago
新的“重要场景漏洞计划(ISVP)”计划重点关注与任意代码执行、设备解锁、数据提取、任意应用程序安装和绕过设备保护相关的漏洞。
亚马逊为对抗 Temu 吸引中国卖家进驻
11 months 3 weeks ago
亚马逊为了提振电商业务,正在加快在中国争取卖家的步伐。在当地相继新设网点,还举行面向卖家的研讨会。此举是为了对抗以低价杂货等为优势不断增长的 Temu 等竞争对手,增加具有价格竞争力的商品。“推动中国品牌走向世界”,7 月底亚马逊在广东省深圳市举办了面向电商卖家的活动,发出了这样的呼吁。 亚马逊一直在中国削减面向普通消费者的业务。2019 年关闭了中国国内的电商服务,最近结束了电子书服务 kindle。销售海外商品的跨境电商(EC)继续面向中国消费者提供服务,但存在感较弱。另一方面,作为中国境外的电商的商品供应地,重新评估中国,正在开拓卖家。
关于甲方安全管理及相关事务的讨论| 总第257周
11 months 3 weeks ago
您有一份周报待查收......
Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices
11 months 3 weeks ago
A sophisticated mobile attack vector involves a deceptive iOS update that masquerades as the legitimate iOS 18, tricking users into installing malicious code. The persistence mechanism allows threat actors to maintain covert control over the compromised device, facilitating data exfiltration and continued device exploitation without user awareness. Understanding the intricate workings of such attacks necessitates […]
The post Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
Guru baran
macOS Sequoia 上的屏幕截图和屏录应用将需要每周授权
11 months 3 weeks ago
苹果即将于秋季释出的新桌面操作系统 macOS Sequoia 对屏幕录像类权限实施了更严格的控制。对于屏幕截图应用和屏幕录像应用,用户需要每周和每次重启计算机后授予应用明确的访问权限。苹果引入了一个新的系统提示,提醒用户应用何时有权访问其计算机的屏幕和音频。测试版用户已经注意到了这一现象,他们被反复提示是否允许应用访问屏幕,很多人认为这是 bug,但苹果应用开发者确认这是新特性。
CVE-2023-44487漏洞复现
11 months 3 weeks ago
漏洞原理就是HTTP/2协议有一个bug,它使得用户单方面可以取消通信,而服务器需要耗时来处理该响应,从而导致拒绝服务。
渗透测试指南(五)后利用及报告
11 months 3 weeks ago
本文介绍了后渗透利用及渗透测试报告的编写。
BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
11 months 3 weeks ago
DISPOSSESSOR And RADAR Ransomware Emerging With RaaS Model
11 months 3 weeks ago
Ransomware affiliates are forming alliances to recoup losses from unreliable partners. A prominent example involves ALPHV extorting $22 million from Change Healthcare but withholding funds from its data exfiltration affiliate. To remedy this, the affiliate has reportedly partnered with RansomHub to demand additional payment from Change Healthcare for data deletion, showcasing a new tactic in […]
The post DISPOSSESSOR And RADAR Ransomware Emerging With RaaS Model appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
Guru baran
FreeBuf 周报 | CrowdStrike发布蓝屏事件调查报告;微软AI助手安全隐患曝光
11 months 3 weeks ago
总结推荐本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
$27 млн в убыток: ипотечный гигант LoanDepot обнародовал потери от хакерской атаки
11 months 3 weeks ago
16 миллионов клиентов пострадало в результате январского инцидента.
PowerDMARC Integrates with SecLytics for Predictive Threat Intelligence Analysis
11 months 3 weeks ago
Reading Time: 5 min PowerDMARC now integrates with SecLytics to deliver advanced threat intelligence. Strengthen your email security with our powerful combination.
The post PowerDMARC Integrates with SecLytics for Predictive Threat Intelligence Analysis appeared first on Security Boulevard.
Ahona Rudra
思科:注意这些已达生命周期IP电话中的RCE 0day
11 months 3 weeks ago
速更新