Aggregator

白帽泰裤辣，GEEK要出发！

物理学家首次能测量单个电子穿过固体的几何形状。研究报告发表在《Nature Physics》期刊上。微观层面的粒子相互作用需要用量子力学去描述。这项研究由康奈尔大学的 Mingu Kang 和首尔国立大学的 Sunjie Kim 领导。为了测量电子的量子几何，研究人员尝试测量名为量子几何张量（quantum geometric tensor 或 QGT）的属性。QGT 是编码量子态完整几何信息的物理量，类似二维全息图编码三维空间信息的方式。他们利用了角分辨光电子能谱学技术，测量对象是钴锡合金单晶。在获得 QGT 的测量结果之后他们能推断出金属中电子的其余量子几何形状。

​More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. [...]

A WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users.  

The post WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps appeared first on Security Boulevard.

Discover how a global insurance leader leverages DataDome to protect endpoints from sophisticated bots, achieve GDPR compliance, block brute-force attacks, and gain actionable threat insights.

The post How a Global Insurer Protects Customer Data & Achieves Compliance With DataDome appeared first on Security Boulevard.

Remote work is on the rise with 32.6 million American expected to ditch the central office by 2025. But as the workforce shifts, so do the complexities IT teams face. Today’s ongoing digital transformation has made it possible for employees to conduct work from nearly anywhere around the world. These locations might...

A vulnerability was found in OpenVPN Connect up to 3.4.x and classified as problematic. This issue affects some unknown processing of the component Application Log. The manipulation leads to improper removal of sensitive information before storage or transfer. The identification of this vulnerability is CVE-2024-8474. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Злоумышленники создают сложные схемы для хищения информации.

New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.

Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and assess security vulnerabilities in systems, networks, and applications. Tenable was forced to disable two Nessus scanner agent versions because a faulty plugin update caused agents to […]

爱思唯尔（Elsevier）旗下期刊《人类进化杂志》（Journal of Human Evolution，JHE）的编辑委员会近乎全员辞职。这是 2023 年以来第 20 起集体辞职。最新的事件与 AI 使用相关。出版方在未咨询或通知编辑的情况下，将 AI 投入到稿子的校对流程。然而 AI 加入后不仅没有减轻编辑的工作，反而使工作更加繁重。稿子在经过 AI 校对后，出现了一系列严重的错误，比如文章校样中所有专有名词都没有大写，属和种也没有用斜体突出显示。编辑们的辞职信中写道：“这些错误给该杂志带来了极大的麻烦。为了补救这些问题，我们足足花费了6个月时间。”尽管多次向出版商表达 A I校对的危害性，爱思唯尔的回应却是“编辑无需关注语言、语法、可读性、一致性或术语及格式的准确性”。

New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. [...]

Уникальная сеть CENI меняет правила игры в области искусственного интеллекта.

In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.

A vulnerability has been found in OpenVPN up to 2.6.10 and classified as problematic. This vulnerability affects unknown code of the component PUSH_REPLY Message Handler. The manipulation leads to improper validation of specified type of input. This vulnerability was named CVE-2024-5594. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday. "Citizens are empowered with rights to demand data erasure,

在 AT&T、Verizon、 Lumen Technologies 和 T-Mobile 之后，又有三家美国电信公司—— Charter Communications、Consolidated Communications 和 Windstream——据报道被中国黑客组织 Salt Typhoon 入侵。黑客还利用未及时打上补丁的 Fortinet 设备漏洞，入侵了思科的大型网络路由器。中国否认了入侵，指责美国散布虚假信息。对于最新的报道，思科和 Fortinet 拒绝置评。