Aggregator

A vulnerability was found in upKeeper Solutions upKeeper Instant Privilege Access up to 1.1. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to improper privilege management. This vulnerability was named CVE-2024-9478. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

error code: 521

在持续开发 22 年后 FreeCAD 项目宣布释出 1.0 版本。开发者称，1.0 版本通常代表着软件已经成熟，可用于真正的工作。FreeCAD 早已为真正的工作做好了准备，已经用于生产

error code: 521

A vulnerability classified as problematic was found in Yaws Web Server 1.88. Affected by this vulnerability is an unknown functionality. The manipulation of the argument text leads to cross site scripting. This vulnerability is known as CVE-2011-5025. The attack can be launched remotely. Furthermore, there is an exploit available.

Минцифры анонсировала создание новой платформы для защиты от атак.

An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.

APT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest in compromising the platform’s user community.  By analyzing shared SSH keys, investigators identified additional infrastructure linked to this campaign and another open directory, highlighting the evolving tactics employed by APT31 […]

The post Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

微博客服务 Bluesky 以接近每天新增 100 万用户的数量快速增长，几天前它有 1500 万用户，如今突破 2090 万。尽管 Bluesky 的规模仍然远逊于竞争对手 Threads 和 X，但过去几天的增长势头与 Meta 的 Threads 相差无几。Threads 过去 3 个月以每天新增 100 万用户的数量增长，11 月初用户达到 2.75 亿，11 月以来增加了至少 1500 万用户。App Figures 的数据显示，Bluesky 过去六天是苹果 App Store 最受欢迎的应用，连续四天成为 Google Play 最受欢迎的非游戏类应用。Thread 在 App Store 排名第二。Bluesky 新用户中很大一部分来自于逃离的 X/Twitter 用户。

Water Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in a residential proxy marketplace by leveraging automated scripts to identify vulnerable devices from public databases like Shodan.  When the device is compromised, the Ngioweb malware is installed in a stealthy manner, thereby establishing a connection to command-and-control servers.  The infected device […]

The post Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

North Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps.  The group, likely based in Laos, has demonstrated a sophisticated approach, infiltrating a U.S.-based SMB IT services company to gain access to sensitive information and secure a position at a major tech company.  It […]

The post North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Scammers are using everything from fraudulent deals and fake ads to spoofed websites and brand impersonation to target online shoppers who are gearing up for Black Friday as the holiday buying season gets underway, according to cybersecurity firms.

The post Black Friday Scammers are Hard at Work: Security Experts appeared first on Security Boulevard.

Recent threat hunting activities focused on analyzing outbound network traffic and binaries within containerized environments. By cross-referencing honeypot data with threat intelligence platforms, researchers identified suspicious network events linked to the execution of the benign tool ffmpeg. Although this particular instance was not inherently malicious, it did raise concerns due to the unusual context in […]

The post Hackers Hijacked Misconfigured Servers For Live Streaming Sports appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

知名游戏工作室 FromSoftware 的母公司角川发布声明，证实索尼有意收购该公司股份。索尼递交了收购的初步意向书，但它尚未做出决定。如果做出决定，它将会发布公告。角川的投资者包括了腾讯，它旗下有多家知名的工作室，其中包括开发了《ELDEN RING》和《ARMORED CORE》的 FromSoftware，开发 《Danganronpa》和《DRAGON BALL: Sparking! ZERO》的 Spike Chunsoft，《OCTOPATH TRAVELER》开发商 ACQUIRE，以及开发 《RPG Maker》游戏制作软件的 Gotcha Gotcha Games。

Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software. [...]

Volt Typhoon, a Chinese state-sponsored threat actor, targets critical infrastructure sectors like communications, energy, transportation, and water systems by pre-positions itself in target networks, often exploiting vulnerabilities in operational technology (OT) environments.  Known for persistence and patient operations, Volt Typhoon has been tracked under various aliases, including BRONZE SILHOUETTE, Voltzite, Insidious Taurus, DEV-0391, UNC3236, and […]

The post Volt Typhoon Attacking U.S. Critical Infra To Maintain Persistent Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in University of Cambridge Exim 3.35/3.36/4.10 and classified as critical. Affected by this issue is some unknown functionality of the file daemon.c. The manipulation of the argument pid_file_path leads to format string. This vulnerability is handled as CVE-2002-1381. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Неуместные кнопки замечены на снимках в шокирующих статьях.