Aggregator

微软在其最新的威胁情报报告中披露，威胁行为者正在滥用SharePoint、OneDrive和Dropbox等合法文件托管服务，以发起商业电子邮件入侵（BEC）攻击。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Learn how the right integrations close critical data gaps, helping you gain a more complete view of your organization’s insider risk Cyber Threat Intelligence Systems Human Resources Information Systems Data Loss Prevention Solutions Inventory Management Systems Access Control and Visitor Management Systems License Plate Recognition and Video Management Systems To fully understand and mitigate your…

The post Enhance Your Insider Risk Program with These 6 Systems Integrations appeared first on Ontic.

The post Enhance Your Insider Risk Program with These 6 Systems Integrations appeared first on Security Boulevard.

A vulnerability has been found in XOOPS 2.0.18 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument lang leads to path traversal. This vulnerability was named CVE-2008-0612. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in XOOPS 2.0.18 and classified as critical. This issue affects some unknown processing. The manipulation of the argument xoops_redirect leads to link following. The identification of this vulnerability is CVE-2008-0613. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in MicroTik RouterOS 3.2. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2008-0680. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Com Marketplace 1.1.1/1.1.1-pl1 on Joomla. Affected is an unknown function of the file index.php. The manipulation of the argument catid leads to sql injection. This vulnerability is traded as CVE-2008-0689. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Itechscripts iTechBids 3 Gold/5.0. It has been classified as critical. This affects an unknown part of the file bidhistory.php. The manipulation of the argument item_id leads to sql injection. This vulnerability is uniquely identified as CVE-2008-0692. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in WordPress St Newsletter Plugin. It has been classified as critical. Affected is an unknown function of the file shiftthis-preview.php. The manipulation of the argument newsletter leads to sql injection. This vulnerability is traded as CVE-2008-0683. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to target financial and social media apps, has continued to evolve and spread through various forks and variants.  Recent research has uncovered a new campaign, dubbed ErrorFather, which leverages the Cerberus source code and utilizes a multi-stage dropper mechanism to deploy the […]

The post ErrorFather Hackers Attacking & Control Android Device Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

之前的实验表明，智能手机中的陀螺仪和加速计等惯性测量单元（IMU），可以通过检测声波振动监听对话。这意味着，即使是一个没有开启麦克风权限的应用程序也可以通过 IMU 获得对话内容。为了不让攻击者获得准确信息，Google 将 Android 应用从 IMU 采样数据的频率限制在每秒 200 次，使攻击者无法准确获得对话内容。根据发表在预印本平台 arXiv 上的预印本，研究人员发现了一个漏洞——通过欺骗陀螺仪和运动传感器在时间上稍微偏移地进行测量，将应用实际采样率从每秒 200 次提高到 400 次，可以突破上述保护措施。利用这种方法，攻击者能修复获得的音频量大大提升。与每秒仅采集 200 个样本相比，他们的方法在 AI 转录时单词错误率降低了 83%。这表明，目前的安全保护措施“不足以防止复杂的窃听攻击发生”，应该对其重新评估。

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for

高系数奖金！双倍积分！

A vulnerability was found in Element Desktop up to 1.11.80 and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-47771. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Elliptic Package 6.5.7 on Node.js and classified as problematic. This vulnerability affects the function _truncateToN of the component ECDSA. The manipulation leads to improper validation of integrity check value. This vulnerability was named CVE-2024-48948. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in matrix-org matrix-js-sdk up to 34.8.0. This affects the function MatrixClient.sendSharedHistoryKeys. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-47080. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in ZoneMinder up to 1.36.33. Affected by this issue is some unknown functionality of the component Languages Folder. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2023-31493. The attack may be launched remotely. There is no exploit available.

Generative AI is no doubt the leading frontier in AI. Models have captured attention and driven exciting use cases across industries with their ability to create everything from text to images, and even solve complex coding problems. The likes of ChatGPT and Anthropic have changed how companies innovate, automate and engage with customers in just a couple of years.   But ... Read More

The post Navigating the Cybersecurity Risks of Shadow & Open-Source GenAI appeared first on Nuspire.

The post Navigating the Cybersecurity Risks of Shadow & Open-Source GenAI appeared first on Security Boulevard.