Aggregator

The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at […]

If a company as big as Bybit can lose over a billion, it points to a much deeper issue and that should alarm anyone in crypto.

The post Who’s to Blame for Bybit? appeared first on Security Boulevard.

Fermilab и Caltech создают сенсоры для охоты на тёмную материю.

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity

Panaseer's latest cybersecurity study revealed that US companies have paid $155M in data breach lawsuit settlements over just six months

美国俄亥俄州莱克县（Lake County）男性大学入学率过去十年暴跌逾 15%，是美国大县中跌幅最高的。2011-2022 年之间全美大学入学人数减少了 120 万，放弃接受大学教育的基本上都是男性。选择放弃大学的原因包括了经济因素，即使是入学州内的公立大学，一年的学杂费需要花 2.5 万美元。相比之下，一名高中毕业生很容易找到一份时薪 15 美元的修车工作，一两周时间就能赚到一千多美元，而且他们可以避免学生贷款。社交媒体对年轻男性的选择有巨大影响，许多网红会告诉年轻男性不需要大学教育，他们中很多人真的会相信。

A vulnerability was found in EyouCMS 1.6.2. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument web_recordnum leads to cross site scripting. This vulnerability is traded as CVE-2023-34657. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Conditional Menus Plugin up to 1.2.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Attribute Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-2654. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in File Renaming on Upload Plugin up to 2.5.1 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-2684. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Social Share, Social Login and Social Comments Plugin 7.13.30 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-2779. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in QuBot Plugin up to 1.1.5 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Chat Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-2399. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs).  At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.

Экономика целой страны — в голове секретаря, который боится ИИ.

互联网作为意识形态传播的重要载体，其强大的传播能力和广泛的覆盖面，成为意识形态斗争的主战场、主阵地、最前沿。各种思想观念、价值取向在网络空间汇聚、交锋、碰撞，网络舆论环境复杂多变，给我国意识形态安全带来了严峻挑战。

24日消息，业内首个智能体可信互连技术ASL发布，该技术可以在MCP等协议的基础之上，保障各个智能体协作中在权限等方面的安全，为Agent互连提供安全、可信的协作保障。

个人信息保护是数字时代的重要议题，是社会治理的底线。只有强化协同治理，构建全方位、多层次的保护体系，才能有效遏制个人信息违法犯罪活动，推动数字社会长远健康发展。

我们应该看到人工智能技术下的政务应用在提升效能的同时，其所带来的政务员工失业风险、政务算法黑箱、政务数据安全泄露风险等也亟待防范。如何在拥抱技术红利的同时规避潜在政务服务风险，是数字政府建设面临的关键课题。

近日，国家计算机病毒应急处理中心和计算机病毒防治技术国家工程实验室依托国家计算机病毒协同分析平台在我国境内连续捕获一系列针对我国网络用户，特别是财务和税务工作人员用户的木马病毒。