Aggregator

DPC公开表示，LinkedIn 平台违反了多项 GDPR 原则，决议对 LinkedIn 处以 3.1 亿欧元（约23.8亿人民币）的罚款。

总结推荐本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. Data loss prevention (DLP) is a cornerstone of any effective cybersecurity strategy. Protecting sensitive data is what cybersecurity is all about. So, how can you conduct a DLP risk assessment? And how can you translate those findings […]

ESET раскрывает опасный тандем MDeployer и MS4Killer

点击了解更新详情~

高盛集团分析了光伏面板、锂离子电池、空调、电动汽车、建筑机械、钢铁、功率半导体的供需动向。其中除钢铁和功率半导体以外，其他 5 个行业都陷入了全球水平的产能过剩。产能过剩最为严重的是光伏面板。中国的供应能力达到 1036 吉瓦，这是 2023 年全球需求（533 吉瓦）的 1.9 倍。预计 2024 年以后中国的供应能力会继续高于全球需求。中国的电动汽车产能已达到全球EV需求的 1.2 倍。锂电池的供应能力是国内需求的 3.3 倍、全球需求的 1.5 倍。

在结束新冠疫情封锁政策后，全世界的碳排放正以比疫情前更快的速度增长。2023 年排放量增长 1.3% 达到 57.1 千兆吨二氧化碳当量，这一数字远高于 2010-2019 年期间的增长率，疫情前十年碳排放平均每年增长 0.8%。目前的全球温室气体排放量仅略低于 2019 年创记录的 59.1 千兆吨峰值。联合国全球环境规划署本周四发表了《2024年排放差距报告》，除了土地使用所有温室气体排放源都在增加。随着经济继续从新冠疫情中复苏，2023 年公路运输排放量、石油和天然气基础设施如管道泄漏以及工业排放量都在快速增长，而航空排放量增长了 19.5%。

在这个信息爆炸的时代，开源情报已成为一种潮流和趋势。越来越多的人开始关注开源，参与到开源情报的行列中来。

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Proof launched Verify, a live face-to-face experience that delivers high-level assurance with identity verification performed in the presence of an agent, reducing the risk of fraudulent activities such as deepfakes by ensuring that users are legitimate. Organizations and consumers alike are faced with two critical globally reaching problems: declining security and trust in digital transactions, and the rise of generative AI-powered deepfakes. Constructing a fake identity, generating a fake video, or falsifying records is now … More →

The post Proof Verify reduces false positives and improves fraud detection accuracy appeared first on Help Net Security.

A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector

The amount of data being collected and shared online before and during large sporting events is low-hanging fruit for attackers.

The post Cyberattacks Against Sporting Events are Growing More Calculated appeared first on Security Boulevard.

2024 年 Salem 奖授予了 Miguel Walsh 和王艺霖。Salem 奖是为了纪念提出 Salem 数以及 Salem–Spencer 集合的希腊数学家 Raphael Salem，由其遗孀创立，普林斯顿高等研究院数学学院负责颁发，主要授予在分析领域做出杰出贡献的年轻数学家，很多菲尔茨奖得主都获得过该奖项。Miguel Walsh 是阿根廷数学家，他因为在遍历理论、解析数论和多项式方法等方面的贡献而获奖；王艺霖是中国数学家，出生于 1991 年，明年将任教于瑞士苏黎世联邦理工学院，她因为在复分析、概率和数学物理之间建立深层新颖的联系而获奖。

Аналитики уверены: мы слишком многого ждем от LLM.

A vulnerability was found in NAVER Whale Browser Installer and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is handled as CVE-2024-50583. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in NEUMANNLTD MUSASI 3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of client-side authentication. This vulnerability is known as CVE-2024-45785. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in NEUMANNLTD N-LINE up to 2.0.6. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-47158. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Sharp/Toshiba Tec MFP. This issue affects some unknown processing of the component HTTP Authentication Handler. The manipulation leads to authentication bypass using alternate channel. The identification of this vulnerability is CVE-2024-47406. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Sharp/Toshiba Tec MFP. This vulnerability affects unknown code of the component HTTP Request Header Handler. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-43424. The attack can be initiated remotely. There is no exploit available.