Aggregator

库特奈医疗中心 (Kootenai Health) 披露了一起数据泄露事件，464000 名患者的个人信息被 3AM 勒索软件窃取和泄露，泄露的数据包括姓名、出生日期、社会安全号码 (SSN)、医疗和病情信息、医疗诊断以及健康保险信息等。 Kootenai提交给缅因州司法部长办公室的通知写道：“2024 年 3 月 2 日，Kootenai卫生局发现异常活动，导致某些 IT 系统访问中断。” 经调查，网络犯罪分子于 2024 年 2 月 22 日就未经授权访问了 Kootenai 的系统，这一行为使得犯罪分子有十天时间能够窃取敏感数据。 2024 年 8 月 1 日，Kootenai结束了对所有泄露数据的检查，确认泄露的数据包括：姓名、出生日期、社会安全号码 (SSN)、驾驶执照、政府身份证号码、医疗记录编号、医疗和病情信息、医疗诊断以及健康保险信息。 Kootenai Health 表示，未发现被盗信息遭到滥用的情况，但是建议受影响人员注册 12-24 个月的身份保护服务。 患者还可以访问医院在库特奈健康网站上发布的公告，以获取更多信息和支持链接。 Kootenai Health 是爱达荷州的一家非营利性医疗保健机构，运营着该地区最大的医院，提供急救、外科手术、癌症治疗、心脏护理和骨科等广泛的医疗服务。 3AM 勒索软件泄露数据 3AM 勒索软件团伙已声称对此次攻击负责，并在其暗网门户上泄露了被盗数据，网页显示还未支付赎金。 被盗数据包括一个 22GB 的档案，任何网络犯罪分子都可以免费下载并用于进一步的攻击。 Kootenai Health 数据在 3AM 勒索门户网站上泄露 3AM 是一种基于 Rust 开发的勒索软件毒株，首次报告于 2023 年 9 月。它主要作为备选工具，用于当其他更成熟的锁定工具失效时进行部署，因此其部署范围相对较为有限。 今年 1 月，Intrisec 分析师报告称，发现3AM、Conti 和 Royal 勒索软件团伙之间存在明显联系，暗示这三者之间可能存在某种关联。   BleepingComputer，译者：YY；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

描述：Topaz Video AI是一款运用了AI人工智能技术的视频放大工具，能够在单个视频剪辑中提供大量信息的情况下呈现出更加逼真的外观，可以将视频放大至8K分辨率，并提供真实的细节和动作一致...

描述：Clash Meta是基于开源项目Clash的二次开发版本，它由社区用户对Clash进行改进和优化，添加了更多功能和特性。Clash Meta采用了现代化的用户界面设计和更强大的功能，使用...

Frpc 可以帮助用户在没有公网 IP 的情况下远程访问内网设备和服务 使用场景比较多，比如访问 NAS、远程桌面、自建网站、使用 Docker 等等 支持 Windows、macOS、Linu...

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, nine are rated Critical, 80 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday

Google 宣布了三款 Pixel 9 系列手机，其中 Pixel 9 和 9 Pro 屏幕大小相同、电池容量相同，后者的屏幕分辨率和明亮度更高，支持可变刷新率 1-120 Hz。Pixel 9 Pro 配备了 6.3 英寸显示屏、16GB RAM 以及 128GB 到 1TB 的可选存储容量，Pixel 9 的内存是 12GB，存储容量只有 128GB 或 256GB。Pixel 9 系列最高端的型号是 Pro XL，屏幕大小 6.8 英寸，分辨率 1344×2992，电池 5060 mAh，其余基本相同。Pixel 9 成为 Google 首款支持 Satellite SOS 的 Android 手机，该功能将首先在美国地区推出，但夏威夷和阿拉斯加暂时不支持，设备激活两年内无需额外付费，其它地区何时推出暂时还不清楚。

A vulnerability was found in JetGridBuilder Plugin up to 1.1.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2024-43221. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Sheet to Table Live Sync for Google Sheet Plugin up to 1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function STWT_Sheet_Table of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6532. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WP Search Analytics Plugin up to 1.4.9 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-43229. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in myCred Plugin up to 2.7.2 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-43214. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Social Slider Feed Plugin up to 2.2.1 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-43215. The attack can be initiated remotely. There is no exploit available.

美国东部时间8月12日晚8时（北京时间13日上午8时），一场未能准时开播的特朗普网络访谈引发全球关注，标志着围 […]

A vulnerability, which was classified as critical, was found in WpTravelly Plugin up to 1.7.7 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-43212. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Send Emails with Mandrill Plugin up to 1.3.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-43208. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Bitly Plugin up to 2.7.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-43209. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Meta Box Plugin up to 5.9.10 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-43235. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in CAYIN SMP-2100, SMP-2200, SMP-2210, SMP-2300, SMP-2310, SMP-6000, SMP-8000, SMP-8000QD, CMS-20, CMS-60, CMS-SE, CMS-SE(18.04), CMS-SE(22.04), SMP-8100 and SMP-2400. It has been rated as problematic. This issue affects some unknown processing of the component CGI File Handler. The manipulation leads to files or directories accessible. The identification of this vulnerability is CVE-2024-7729. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Ivanti Avalanche up to 6.4.3. It has been declared as critical. This vulnerability affects unknown code of the component SmartDeviceServer. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2024-38653. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ivanti Avalanche up to 6.4.3. It has been classified as critical. This affects an unknown part of the component Skin Management. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-38652. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ivanti Avalanche up to 6.4.3 and classified as critical. Affected by this issue is some unknown functionality of the component WLAvalancheService. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-37399. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.