Aggregator

A Threat Actor is Allegedly Selling Data of OPPO Thailand Employment

网络安全信息与动态周报2024年第49期（12月2日-12月8日）

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

在波动巨大的加密货币市场中，如何稳健地实现盈利？除了学习市场规律，还需要建立属于自己的交易逻辑。以下内容结合实际操作经验，为大家提供一套稳中求胜的炒币策略。前几天，出现小型黑天鹅，我感觉自己急功...

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

Fedora 项目负责人即将离任

只剩 3 天！快来加入这场年终科技狂欢！

对话超参数：Agent 诞生于游戏，最终会走进生活

Krispy Kreme, Inc. Has Filed Form 8-K Due to a Cybersecurity Incident

Устройства для защиты и наблюдения внезапно превращаются в цифровое оружие.

一周前，软件巨人还发表博文宣称 TPM 2.0 对 Windows 11 安全至关重要，因此是必不可少的。但现在它发布了一个支持页面“Installing Windows 11 on devices that don't meet minimum system requirements”，允许在未达到最低硬件需求的旧设备上安装 Windows 11。微软表示用户将需要承担出现兼容性问题的风险，不能保证会收到更新，如果因此导致电脑受损那么不在制造商的保修范围内。当然以前安装过 Windows 11 的用户都知道，规避 TPM 要求很容易，只需要简单修改下注册表。Windows 10 将于 2025 年 10 月终止支持，但根据统计数据，仍然有高达六成的用户运行 Windows 10。

Kubernetes EKS Authentication internal workings and abuses

The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed an advanced cyber attack against organizations in Japan, believed to have been conducted by the cyber espionage group APT-C-60. The attackers used phishing techniques, masquerading as a job applicant to infiltrate the victim’s system and deploy advanced malware. Details of the Attack: Initial Penetration […]

The post APT-C-60 Hackers Penetrate Org’s Network Using a Weapanized Google Drive link appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet发布《2025年网络威胁趋势预测报告》 揭秘四大威胁挑战

【风险提示】天融信关于微软2024年12月安全更新的风险提示

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell