Aggregator

Почему продолжают ужесточать контроль над онлайн-пространством.

Entrust, a once-trusted Certificate Authority (CA), has faced a significant setback as Google and Mozilla have announced they will no longer trust Entrust's SSL/TLS certificates due to security concerns. This move leaves current Entrust customers scrambling to find alternative CAs to ensure secure digital connections. The article emphasizes the urgency of transitioning to a new, reliable CA, such as Sectigo, to avoid potential cybersecurity risks and ensure continued protection. It also outlines steps for migrating certificates, stressing the importance of active management and automation in maintaining digital security.

The post Entrust distrust: How to move to a new Certificate Authority appeared first on Security Boulevard.

Such is the industry, that RISC-V, an open and extensible instruction set architecture (ISA) has now invaded the CPU market, opening up many opportunities for new entrants. It has gained a lot of traction through Linux kernel support as well as being adopted by consumer devices and cloud platforms. However, RISC-V’s flexible nature has led […]

The post GhostWrite Vulnerability Let Hackers Read And Write Any Part Of The Computer’s Memory appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Специалист предотвратил кибератаки на несколько крупных компаний.

在儿童游戏市场占据主导地位的美国游戏公司 Roblox 被土耳其封杀，理由是儿童剥削问题。Roblox 允许用户去设计自己的游戏、物品及衣服，以及游玩自己和其他开发者创建的各种不同类型的游戏，这些游戏均使用编程语言 Lua。Roblox 有逾 1.64 亿月活跃用户，美国 16 岁以下儿童半数以上在玩。由于 Roblox 平台的“开发者”主要是儿童，因此它也受到了利用童工的批评。现在土耳其政府认为 Roblox 通过非法行为剥削儿童，因此在全国范围内无限期禁止用户和创作者访问该平台。土耳其媒体称，其它原因包括宣传恋童癖的虚拟派对以及赌博问题。Roblox 发表声明表示将努力恢复在土耳其的访问。

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Every software and operating system vendor has been implementing security measures to protect their products. This is due to the fact that threat actors require a lot of time to find a zero-days but require less time to find a readily available exploit for a vulnerable software. This brought them to the thought where they […]

The post Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Мессенджер заблокирован по требованию ведомства.

意见反馈截止时间为2024年8月25日。

新的“重要场景漏洞计划（ISVP）”计划重点关注与任意代码执行、设备解锁、数据提取、任意应用程序安装和绕过设备保护相关的漏洞。

亚马逊为了提振电商业务，正在加快在中国争取卖家的步伐。在当地相继新设网点，还举行面向卖家的研讨会。此举是为了对抗以低价杂货等为优势不断增长的 Temu 等竞争对手，增加具有价格竞争力的商品。“推动中国品牌走向世界”，7 月底亚马逊在广东省深圳市举办了面向电商卖家的活动，发出了这样的呼吁。 亚马逊一直在中国削减面向普通消费者的业务。2019 年关闭了中国国内的电商服务，最近结束了电子书服务 kindle。销售海外商品的跨境电商(EC)继续面向中国消费者提供服务，但存在感较弱。另一方面，作为中国境外的电商的商品供应地，重新评估中国，正在开拓卖家。

您有一份周报待查收......

A sophisticated mobile attack vector involves a deceptive iOS update that masquerades as the legitimate iOS 18, tricking users into installing malicious code.  The persistence mechanism allows threat actors to maintain covert control over the compromised device, facilitating data exfiltration and continued device exploitation without user awareness.  Understanding the intricate workings of such attacks necessitates […]

The post Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

苹果即将于秋季释出的新桌面操作系统 macOS Sequoia 对屏幕录像类权限实施了更严格的控制。对于屏幕截图应用和屏幕录像应用，用户需要每周和每次重启计算机后授予应用明确的访问权限。苹果引入了一个新的系统提示，提​​醒用户应用何时有权访问其计算机的屏幕和音频。测试版用户已经注意到了这一现象，他们被反复提示是否允许应用访问屏幕，很多人认为这是 bug，但苹果应用开发者确认这是新特性。

漏洞原理就是HTTP/2协议有一个bug，它使得用户单方面可以取消通信，而服务器需要耗时来处理该响应，从而导致拒绝服务。

本文介绍了后渗透利用及渗透测试报告的编写。

Ransomware affiliates are forming alliances to recoup losses from unreliable partners. A prominent example involves ALPHV extorting $22 million from Change Healthcare but withholding funds from its data exfiltration affiliate.  To remedy this, the affiliate has reportedly partnered with RansomHub to demand additional payment from Change Healthcare for data deletion, showcasing a new tactic in […]

The post DISPOSSESSOR And RADAR Ransomware Emerging With RaaS Model appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

总结推荐本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

16 миллионов клиентов пострадало в результате январского инцидента.