Aggregator

A vulnerability was found in Zabbix Server up to 5.0.42/6.0.30/6.4.15/7.0.0rc2. It has been rated as problematic. This issue affects some unknown processing of the component SMS Notification Handler. The manipulation of the argument Number leads to command injection. The identification of this vulnerability is CVE-2024-22122. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

ReliaQuest found that Rclone, WinSCP and cURL were the top three data exfiltration tools utilized by threat actors over the past year

Новый международный стандарт противодействия кибератакам.

ADT Inc., a prominent security and automation solutions provider, reported that unauthorized actors accessed specific databases containing customer order information. The company swiftly addressed the breach, which raised concerns about data security and customer privacy. Unauthorized Access and Immediate Response ADT became aware of the breach when unauthorized actors illegally accessed customer order information databases. […]

The post ADT Data Breach: Customers Personal Information Exposed appeared first on Cyber Security News.

2024年7月，Microsoft官方发布公告，披露 CVE-2024-38077 Windows Server 远程桌面授权服务(Remote Desktop Licensing Service，简称RDL) 远程代码执行漏洞。

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

At the recent Black Hat USA conference, security researcher Michael Bargury unveiled alarming vulnerabilities within Microsoft Copilot, demonstrating how hackers can potentially exploit this AI-powered tool for malicious purposes. This revelation underscores the urgent need for organizations to reassess their security measures when using AI technologies like Microsoft Copilot. Bargury’s presentation highlighted several methods through […]

The post Researchers Demonstrate How Hackers Can Exploit Microsoft Copilot appeared first on Cyber Security News.

腾讯云 DNSPod 官方8月9日发文，称监测到国内大量家用路由器的 DNS 解析配置被篡改，从而影响到了正常的网站和 App 访问。

Почему продолжают ужесточать контроль над онлайн-пространством.

Entrust, a once-trusted Certificate Authority (CA), has faced a significant setback as Google and Mozilla have announced they will no longer trust Entrust's SSL/TLS certificates due to security concerns. This move leaves current Entrust customers scrambling to find alternative CAs to ensure secure digital connections. The article emphasizes the urgency of transitioning to a new, reliable CA, such as Sectigo, to avoid potential cybersecurity risks and ensure continued protection. It also outlines steps for migrating certificates, stressing the importance of active management and automation in maintaining digital security.

The post Entrust distrust: How to move to a new Certificate Authority appeared first on Security Boulevard.

Such is the industry, that RISC-V, an open and extensible instruction set architecture (ISA) has now invaded the CPU market, opening up many opportunities for new entrants. It has gained a lot of traction through Linux kernel support as well as being adopted by consumer devices and cloud platforms. However, RISC-V’s flexible nature has led […]

The post GhostWrite Vulnerability Let Hackers Read And Write Any Part Of The Computer’s Memory appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Специалист предотвратил кибератаки на несколько крупных компаний.

在儿童游戏市场占据主导地位的美国游戏公司 Roblox 被土耳其封杀，理由是儿童剥削问题。Roblox 允许用户去设计自己的游戏、物品及衣服，以及游玩自己和其他开发者创建的各种不同类型的游戏，这些游戏均使用编程语言 Lua。Roblox 有逾 1.64 亿月活跃用户，美国 16 岁以下儿童半数以上在玩。由于 Roblox 平台的“开发者”主要是儿童，因此它也受到了利用童工的批评。现在土耳其政府认为 Roblox 通过非法行为剥削儿童，因此在全国范围内无限期禁止用户和创作者访问该平台。土耳其媒体称，其它原因包括宣传恋童癖的虚拟派对以及赌博问题。Roblox 发表声明表示将努力恢复在土耳其的访问。

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Every software and operating system vendor has been implementing security measures to protect their products. This is due to the fact that threat actors require a lot of time to find a zero-days but require less time to find a readily available exploit for a vulnerable software. This brought them to the thought where they […]

The post Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Мессенджер заблокирован по требованию ведомства.

意见反馈截止时间为2024年8月25日。

新的“重要场景漏洞计划（ISVP）”计划重点关注与任意代码执行、设备解锁、数据提取、任意应用程序安装和绕过设备保护相关的漏洞。

亚马逊为了提振电商业务，正在加快在中国争取卖家的步伐。在当地相继新设网点，还举行面向卖家的研讨会。此举是为了对抗以低价杂货等为优势不断增长的 Temu 等竞争对手，增加具有价格竞争力的商品。“推动中国品牌走向世界”，7 月底亚马逊在广东省深圳市举办了面向电商卖家的活动，发出了这样的呼吁。 亚马逊一直在中国削减面向普通消费者的业务。2019 年关闭了中国国内的电商服务，最近结束了电子书服务 kindle。销售海外商品的跨境电商(EC)继续面向中国消费者提供服务，但存在感较弱。另一方面，作为中国境外的电商的商品供应地，重新评估中国，正在开拓卖家。