Aggregator

共话企业数字化转型之路 ISC.AI 2024为企业数转智改保驾护航

The notorious Mirai botnet has been observed exploiting a recently disclosed directory traversal vulnerability in Apache OFBiz. This Java-based framework, supported by the Apache Foundation, is used for creating ERP (Enterprise Resource Planning) applications, which are critical for managing sensitive business data despite being less prevalent than commercial alternatives. Vulnerability Details and Exploitation According to […]

The post Mirai Botnet Attacking Apache OFBiz Directory Traversal Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Attackers uploaded malicious Python packages targeting Raydium and Solana users to PyPI, leveraging a StackExchange post to distribute the malware.  The multi-stage malware stole sensitive data, drained cryptocurrency wallets, and established persistent backdoor access, bypassing Windows security protections, underscoring the vulnerability of software supply chains and the ineffectiveness of traditional endpoint security solutions against modern […]

The post Hackers Abused StackExchange Platform To Deliuver Malicious Python Package appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Решение Meta вызывает опасения относительно будущего сетевой прозрачности.

在希腊神话中，当阿芙罗狄蒂的脚被一根刺刺破，鲜血洒在白玫瑰上时，红玫瑰首次出现。玫瑰并非唯一带刺的植物。根据发表在《科学》期刊上的研究，冷泉港实验室(CSHL)发现，尽管数百万年的进化分离，同一个古老的基因家族对许多植物的刺负责。研究人员找到了一个名为 LONELY GUY(LOG)的基因家族。LOG 基因通常负责产生一种导致细胞分裂和扩张的激素。研究小组在大约 2 0个物种中发现了刺与 log 相关的基因。

2024年7月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1904.1万件，环比下降4.4%、同比增长7.1%。

近日，中国互联网联合辟谣平台对7月网络谣言进行了梳理分析。网上数据监测和网民举报显示，当月网络谣言主要集中在编造涉汛谣言、杜撰民生政策、虚构社会事件等方面。

发布不实信息诋毁企业形象、以负面信息要挟企业开展商业合作……前不久，国家网信办公布了一批破坏营商网络环境的典型案例，查处了一批涉企违法违规账号，为优化营商网络环境助力。

8月1日，欧盟《人工智能法案》正式生效。该法案是全球首部全面监管人工智能的法规，标志着欧盟在规范人工智能应用方面迈出重要一步。

近日，公安部、国家互联网信息办公室等部门联合发布了《国家网络身份认证公共服务管理办法（征求意见稿）》，旨在通过建设网络身份认证公共服务基础设施，统一签发“网号”“网证”，以加强网络身份管理，保护个人隐私，并推进网络可信身份战略。

目前，我国在针对智能网联汽车网络攻击事件的分析溯源手段上存在不足，亟需完善相关管理体系和技术能力建设，以促进提升智能网联汽车安全保障水平，推动车联网产业高质量发展。

点击文章，了解最前沿的国际网安资讯！

目前「FreeBuf网安知识大陆」三大特色功能已经成熟，分别是播客、电台和帮会（私域）。

Mint-Stealer is a Malware-as-a-Service tool designed to exfiltrate sensitive data from compromised systems stealthily and targets a broad spectrum of data, including web credentials, cryptocurrency wallet details, gaming credentials, VPN configurations, messaging app data, and FTP client information.  Employing encryption and obfuscation, Mint-Stealer evades detection while actively stealing data. Distributed through dedicated websites and supported […]

The post Mint-stealer Targeting web browsers, VPN clients & messaging apps to Steal Logins appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

KCon大会培训日回归！课程人员有限，先到先得~

KCon大会议题巡展正式开启

Cisco Talos has unearthed a sophisticated cyber-espionage campaign targeting a Taiwanese government-affiliated research institute. The attack, attributed to the notorious Chinese hacking group APT41, involved the deployment of the ShadowPad malware and Cobalt Strike, among other customized tools. This article delves into the specifics of the attack, the methodologies employed by the hackers, and the […]

The post APT41 Hackers Attacking Research Institute with ShadowPad and Cobalt Strike appeared first on Cyber Security News.

The Exodus Market, a haven for exiled criminals, has grown to become a significant player in the black market economy. The user “ExodusMarket” originally announced Exodus Market for Logs on the Cracked forum on February 10, 2024, after it was formally launched at the end of January 2024. Twice, in March 2024 and July 16, […]

The post Exodus Underground Market Place Emerging As A Heaven For Cybercriminals appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

达美航空 CEO Ed Bastian 表示，CrowdStrike 事故导致该公司取消了多达 5000 个航班，包括给客户的赔偿金，该公司因此次事故损失了 5 亿美元，该公司要求 CrowdStrike 和微软赔偿其损失，已聘请律所准备提起诉讼。CrowdStrike 律师对此回应，称达美取消航班不应该怪罪于它。在事故发生后 CrowdStrike CEO George Kurtz 联系 Bastian 表示愿意提供现场协助，但没有收到回应。CrowdStrike 律师表示，根据合同协议该公司承担的责任上限是数百万美元。

【开奖】批量查询工具权限已开通