Aggregator

A vulnerability was found in Itechscripts iTechBids 3 Gold/5.0. It has been classified as critical. This affects an unknown part of the file bidhistory.php. The manipulation of the argument item_id leads to sql injection. This vulnerability is uniquely identified as CVE-2008-0692. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in WordPress St Newsletter Plugin. It has been classified as critical. Affected is an unknown function of the file shiftthis-preview.php. The manipulation of the argument newsletter leads to sql injection. This vulnerability is traded as CVE-2008-0683. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to target financial and social media apps, has continued to evolve and spread through various forks and variants.  Recent research has uncovered a new campaign, dubbed ErrorFather, which leverages the Cerberus source code and utilizes a multi-stage dropper mechanism to deploy the […]

The post ErrorFather Hackers Attacking & Control Android Device Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

之前的实验表明，智能手机中的陀螺仪和加速计等惯性测量单元（IMU），可以通过检测声波振动监听对话。这意味着，即使是一个没有开启麦克风权限的应用程序也可以通过 IMU 获得对话内容。为了不让攻击者获得准确信息，Google 将 Android 应用从 IMU 采样数据的频率限制在每秒 200 次，使攻击者无法准确获得对话内容。根据发表在预印本平台 arXiv 上的预印本，研究人员发现了一个漏洞——通过欺骗陀螺仪和运动传感器在时间上稍微偏移地进行测量，将应用实际采样率从每秒 200 次提高到 400 次，可以突破上述保护措施。利用这种方法，攻击者能修复获得的音频量大大提升。与每秒仅采集 200 个样本相比，他们的方法在 AI 转录时单词错误率降低了 83%。这表明，目前的安全保护措施“不足以防止复杂的窃听攻击发生”，应该对其重新评估。

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for

高系数奖金！双倍积分！

A vulnerability was found in Element Desktop up to 1.11.80 and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-47771. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Elliptic Package 6.5.7 on Node.js and classified as problematic. This vulnerability affects the function _truncateToN of the component ECDSA. The manipulation leads to improper validation of integrity check value. This vulnerability was named CVE-2024-48948. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in matrix-org matrix-js-sdk up to 34.8.0. This affects the function MatrixClient.sendSharedHistoryKeys. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-47080. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in ZoneMinder up to 1.36.33. Affected by this issue is some unknown functionality of the component Languages Folder. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2023-31493. The attack may be launched remotely. There is no exploit available.

Generative AI is no doubt the leading frontier in AI. Models have captured attention and driven exciting use cases across industries with their ability to create everything from text to images, and even solve complex coding problems. The likes of ChatGPT and Anthropic have changed how companies innovate, automate and engage with customers in just a couple of years.   But ... Read More

The post Navigating the Cybersecurity Risks of Shadow & Open-Source GenAI appeared first on Nuspire.

The post Navigating the Cybersecurity Risks of Shadow & Open-Source GenAI appeared first on Security Boulevard.

在欧盟和印度等国和地区之后，英国考虑将 USB-C 作为消费设备的通用充电端口。英国商务贸易部下辖的产品安全和标准办公室（Office for Product Safety and Standards）发表声明，呼吁制造商、进口商、分销商和贸易协会就此事发表意见。欧盟此前要求到 2024 年底移动设备制造商必须采用 USB-C 通用充电端口，沙特宣布到 2025 年所有电子设备使用 USB-C 充电端口，印度要求在 2025 年 3 月前智能手机等移动设备必须有一个 USB-C 充电端口。

iris-web是一款专业的网络安全事件应急响应协同平台，该工具允许广大安全研究人员执行网络安全事件响应调查，并在技术层面上共享调查结果。

Cyberthreats are all around us, lurking in the shadows of networks, devices, and the internet. Numerous cyberattacks can target individuals and enterprises, but some are more common than others. Here are nine of the most common types of cyberattacks: Malware: Malicious software installed on target devices or networks...

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload. "DarkVision RAT communicates with its command-and-control (C2) server using a custom network

The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers. [...]

Cyber threats surge ahead of the 2024 election, including phishing, ransomware and Darknet activity

世界上第一个 BBS-CBBS 公告板共同发明人 Ward Christensen 于 10 月 11 日在美国伊利诺伊州 Rolling Meadows 去世，享年 78 岁。Christensen 与 Randy Suess 于 1978 年在芝加哥创建了第一个 BBS，引领了数字社区建设的重要文化时代，预示了今天的网络世界。Christensen 是一个低调的人，从不寻求关注，虽然创造了数字时代的基础性技术，但一生都保持低调，他在 IBM 工作一直到退休。他是在家中去世的，死因没有公布。在创造 BBS 前，他发明了文件传输技术 XMODEM，将二进制文件分解为数据包并确保每个数据包通过有时不太稳定的模拟电话线安全传输，它让 BBS 成为可能，启发了其它文件传输协议，推动了在线文件共享的发展。