Aggregator

商业服务巨头 CBIZ 近日披露了一起数据泄露事件，攻击者通过利用公司某网页中的安全漏洞，于2024年6月2日至6月21日期间窃取了客户数据。2024年6月24日，网络安全专家参与协助调查，公司确认了这一入侵事件并识别了数据泄露情况。 CBIZ发布通知称： “2024 年 6 月 24 日，公司获悉未经授权的攻击者可能从某些数据库中提取了信息。 ” 调查显示，攻击者通过利用与公司网页相关的漏洞，在2024年6月2日至6月21日期间获取了部分数据库中的信息。 在此次事件中攻击者窃取了近 36,000 人的个人信息，其中包括： 姓名 联系方式 社会安全号码 出生或死亡日期 退休人员健康信息 福利计划信息 CBIZ是一家管理咨询公司，提供财务、福利及保险服务，是美国最大的专业服务公司之一。公司在全国拥有120个办事处，员工总数达6,700人。2023年，公司收入达到15.9亿美元。 受此次事件影响的CBIZ客户已于2024年8月28日开始收到通知。 尽管目前没有证据表明被盗数据已被滥用，CBIZ仍在披露指南中建议客户注册为期两年的信用监控和身份盗窃保护服务，以降低潜在风险。此外，建议受影响的客户考虑冻结信用记录及在其信用报告中添加欺诈警报。   消息来源：BleepingComputer，译者：YY；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is

A vulnerability classified as critical was found in XOOPS Rha7 Downloads Module 1.0. This vulnerability affects unknown code of the file visit.php. The manipulation of the argument lid leads to sql injection. This vulnerability was named CVE-2007-1960. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in phpBB mutant 0.9.2. This issue affects some unknown processing of the file mutant_functions.php. The manipulation of the argument phpbb_root_path leads to file inclusion. The identification of this vulnerability is CVE-2007-1961. The attack may be initiated remotely. Furthermore, there is an exploit available.

Молодые люди теперь ответят за создание аферы века в суде.

A vulnerability, which was classified as critical, was found in XOOPS WF-Snippets 1.02. Affected is an unknown function of the file index.php. The manipulation of the argument c leads to sql injection. This vulnerability is traded as CVE-2007-1962. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19), have pleaded guilty to operating OTP.Agency, an online platform that allowed crooks to bypass MFA used by customers of several banks and services. These […]

Вебинар Positive Technologies состоится 5 сентября в 14:00.

In the cyberthreat landscape, Qilin ransomware attack has recently been observed stealing credentials in Chrome browsers. Reports claim that these credentials are being acquired using a small set of compromised end points. In this article, we’ll cover how the attack plays  out and the complexities involved with deploying defense mechanisms. Let’s begin! Qilin Ransomware Attack […]

The post Qilin Ransomware Attack Used To Steal Chrome Browser Data appeared first on TuxCare.

The post Qilin Ransomware Attack Used To Steal Chrome Browser Data appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Cyboards Cyboards PHP Lite 1.21. Affected is an unknown function of the file include/default_header.php. The manipulation of the argument script_path leads to file inclusion. This vulnerability is traded as CVE-2007-1983. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098 and classified as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-16383. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Устройство может улучшить подводную связь, цветную лазерную проекцию и лечить определенные заболевания.

A vulnerability was found in Alsunna 0.1. It has been classified as critical. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-5844. The attack can only be done within the local network. There is no exploit available.

新一期大咖培训+漏洞挖掘实战，超多奖学金~

在2024年4月1日00:00至2024年9月9日23:59期间，提交1个平台审核通过的漏洞即可获得1个补天众测中秋礼盒。

千元奖励金~

A vulnerability, which was classified as critical, was found in barnraiser AROUNDMe 0.7.7. This affects an unknown part of the file inc/core_profile.header.php. The manipulation of the argument template_path leads to file inclusion. This vulnerability is uniquely identified as CVE-2007-1986. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

新闻速览 •2024年国家网络安全宣传周将于9月9日至15日举办 •工信部就《电子认证服务管理办法（征求意见稿 […]