Aggregator

SecWiki周刊（第563期) by ourren

更多最新文章，请访问SecWiki

A Threat Actor Claims to be Selling Enterprise Access to an Unidentified Iranian Government Sector

今天的电视机遥控器和机顶盒遥控器是不同的，意味着你可能需要同时使用两种遥控器控制连接了机顶盒的电视，这给用户带来困惑和麻烦。上周中国电子视像行业协会公布了《电视机通用遥控技术要求和测量方法》团体标准，要求新生产电视机至少支持基于红外、蓝牙、星闪的 3 种遥控方式之一，而通用遥控器通过支持红外、蓝牙和星闪三种无线技术实现同时具备控制电视机和机顶盒能力。星闪是星闪无线短距通信联盟推动的技术，其使用的专利主要来自华为，华为承诺向联盟成员免专利使用费。星闪被形容为蓝牙和 Wi-Fi 的升级版，整合了 5G 网络使用的理念，能处理多个设备的同时连接，节省电量，且可传输无损立体声音频。

第12期全国开源情报能力提升培训班将于2025年1月13日在北京市举办。

​今天以FBI的SENTINEL 系统为例，看看美国FBI要采集哪些个人信息。

A Threat Actor is Allegedly Selling Government and Law Enforcement Leads

Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security

Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. [...]

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. The report includes a set of recommendations to mitigate the exposure to the […]

A vulnerability has been found in Adobe Experience Manager up to 6.5.21 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-43732. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Experience Manager up to 6.5.21. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43721. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.21. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Form Field Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43718. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.21. It has been classified as problematic. This affects an unknown part of the component Form Field Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-43734. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

EnergyWeaponUser and IntelBroker are Allegedly Selling the Data of PostEx

根据中国音像与数字出版协会的报告，2024 年中国游戏行业增长 7.53%，销售额达到创纪录的 3258 亿元；而中国游戏玩家数量增长 0.94% 达到 6.74 亿。报告称，新手游和热门单机游戏推动了收入的增长。手游收入占到了游戏行业总收入的 73%，今年增长 5% 达到 2382 亿元，增幅低于去年的 17.5%；PC 游戏收入占 20.9% 达到 680 亿元。中国游戏公司今年的海外收入达到 186 亿美元增长 13.4%，其中美国是中国手游的最大海外市场，收入份额占到整个市场的 31.1%，其次是日本的 17.3% 和韩国的 8.9%。单机游戏《黑神话：悟空》被认为是中国首款 3A 游戏，其上市一个月销量突破了 2000 万份拷贝。

En el primer post sobre auditorías móviles explicamos la creación y configuración de un entorno de pruebas de pentesting utilizando...

Protecting your computer in the hyper-connected world of today goes beyond merely preventing bothersome viruses. Smarter, quicker, and far more invasive than ever before are modern dangers. Cybercriminals no longer depend on simple strategies; they leverage flaws, fool unsuspecting consumers, […]

The post 5 Modern Computer Safety Tips You Should Know About appeared first on TechSpective.

The post 5 Modern Computer Safety Tips You Should Know About appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in D-Link DAP-1520 1.10B04. Affected is the function plugins_call_handle_uri_clean. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-36831. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in D-Link DAP-1513 1.01. This issue affects some unknown processing of the file /bin/webs. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-36832. The attack may be initiated remotely. There is no exploit available.