Aggregator

Meta 和 YouTube 在社媒上瘾案中犯有疏忽罪

Solidot
5 days 13 hours ago
在美国一起具有里程碑意义的社媒成瘾案中,由七名女性和五名男性组成的陪审团裁定 Meta 和 YouTube 犯有疏忽罪,认为社媒广泛使用的无限滚动和算法推荐等上瘾设计损害了一名年轻用户,导致其出现心理健康问题。判决裁定赔偿 600 万美元,其中 Meta 支付 420 万美元,YouTube 180 万美元。这一判决可能为更多针对社媒的诉讼铺平道路。这起案件由 20 岁的 K.G.M. 提起,她指控社媒公司开发的产品如香烟或网络赌场一样让人上瘾。K.G.M. 起诉了拥有 Instagram 和 Facebook 的 Meta 以及 Google 的 YouTube,指控其提供的无限滚动和算法推荐等功能导致她焦虑和抑郁。TikTok 和 Snap 也是被告方,但在审判前与原告达成了和解,和解条款未公开。最新判决可能迫使社媒公司对其产品做出改变。

Remote Access VPN и Site-to-Site VPN: в чем разница и что выбрать

Securitylab.ru
5 days 13 hours ago
Ошибка в выборе типа VPN (в данном случае сервиса для безопасного удаленного доступа к ресурсам компании) может парализовать работу удаленных команд или оставить без защиты конфиденциальный трафик между офисами. Remote Access VPN создает защищенный туннель для одного устройства, подключая удаленного сотрудника к корпоративной сети. Site-to-Site VPN формирует  мост между двумя локальными сетями, например, между главным офисом и филиалом. В этой статье — сравнение двух подходов на основе их архитектуры, применения и бизнес-логики.

Fake VS Code Security Alerts on GitHub Used to Push Malware in Widespread Phishing Campaign

Cyber Security News
5 days 13 hours ago

A large-scale phishing campaign is targeting software developers on GitHub, using fake Visual Studio Code security alerts posted in GitHub Discussions to trick users into downloading malicious software. The attacks are designed to look like legitimate security advisories, warning developers of critical vulnerabilities in VS Code and urging them to install a so-called “patched” version […]

The post Fake VS Code Security Alerts on GitHub Used to Push Malware in Widespread Phishing Campaign appeared first on Cyber Security News.

Tushar Subhra Dutta

AI-Based Threats Usher in 'Dark Period' for Cyber Defenders

BankInfoSecurity.com
5 days 13 hours ago
NightDragon CEO Dave DeWalt on Perfect Storm of Risks, Attackers and Hybrid Warfare
Cybersecurity has entered a dark phase as AI-powered attackers outpace defense teams. Dave DeWalt of NightDragon outlines how hybrid warfare, critical infrastructure risks and rapid innovation are reshaping global security priorities.

CISA Forced Into 'Reactive' Cyber Posture Amid Shutdown

BankInfoSecurity.com
5 days 13 hours ago
Acting Director Says Furloughs And Cuts Limit Proactive Cyber Defense
A prolonged Homeland Security department shutdown has sidelined much of the U.S. cyber defense agency, halting proactive cyber operations, delaying directives and weakening visibility into threats - conditions officials warn are increasing systemic risk across critical infrastructure.

Why CISOs Need to Start Taking AI Third-Party Risk Seriously

BankInfoSecurity.com
5 days 13 hours ago
Keyrock CISO David Cass on Managing Agentic AI Risk in Financial Services
As financial institutions accelerate AI adoption, traditional governance models are falling short. David Cass, CISO at Keyrock, explains why organizations must rethink accountability, asset visibility and identity controls to manage emerging risks from LLMs and agentic AI systems.

How Cyberattacks Can Turn Battery Farms Into Grid Blackouts

BankInfoSecurity.com
5 days 13 hours ago
Centrii's Rafael Narezzi on Dangers of Weak Controls in Decentralized Energy Systems
As power systems decentralize to support AI workloads and rising energy demand, cyber defenses haven't been keeping pace, says Rafael Narezzi of Centrii. In fact, in December 2025 in Poland, cyberattackers disrupted the power grid balance by targeting battery storage systems.

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

The Hackers News
5 days 13 hours ago
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data," Sansec said in a report published this week. The attack,
The Hacker News

新西兰卫生部警告员工不要用生成式 AI 撰写临床记录

Solidot
5 days 14 hours ago
新西兰卫生部警告员工不要在工作中使用生成式 AI 如 ChatGPT、Claude 或 Gemini 等工具撰写临床记录,称这么做可能会导致正式的纪律处分。根据官员发布的备忘录,出于数据安全、隐私和问责方面的考虑,严禁将免费 AI 工具如 ChatGPT、Claude 和 Gemini 用于临床用途。即使匿名化了患者信息,也不允许使用 AI 工具起草记录,然后再转录成手写或打印记录。代表医疗工作人员的 Public Service Association 则表示临床员工转向 AI 工具是因为他们面临巨大的压力,威胁纪律处分是错误的做法。

美亚柏科培育的取证圈“小龙虾”来了

嘶吼
5 days 14 hours ago

手机取证是电子数据取证工作中占比最高的业务,但受限于手机本身的权限管理,在手机取证过程中往往要辅助以人工的操作才能顺利完成数据提取。像开启USB调试模式、密码/验证码的输入、各类弹窗的处理等,一旦没有处理到位,取证进度将会失败或者停滞不前。

针对以上问题,美亚柏科成功培育了一只取证圈的“小龙虾”!

行业首创、基于端到端AI技术打造的L4级手机全自动取证装备——AI-6200手机智能自动化取证方舱(简称智取方舱),正式登场!这不是一次常规的产品升级,而是一次从“人工操作”到“全自动取证”的跨越式革命。我们给AI大脑装上了敏锐的“眼睛”和灵活的“双手”,让AI代替你坐在工位上,帮你点击屏幕、处理弹窗、输入密码。

AI-6200手机智能自动化取证方舱

智取方舱将高速传输、视觉感知、智能控制、信号屏蔽四大关键能力进行深度融合,为您带来三大颠覆性体验:

亮点一 真正无人值守人工介入时间缩短至1分钟

过去,一次完整的手机取证需要数十分钟甚至数小时,对于操作人员来说最担心的就是在取证过程中忘记输入密码/验证码,或者一些权限授予的弹窗,从而导致取证中断或者数据提取不完整。这时候,取证人员就得实时盯守整个取证过程。

现在,我们只需要做一件事:把手机放进舱内,盖上舱门,方舱即可进行手机取证全程无人值守。

智取方舱拥有强大的视觉感知与智能控制能力,能够自动识别手机屏幕状态,自动完成十几个步骤的USB调试开启,自动处理取证中途跳出的任何授权弹窗或验证码输入。你只需完成检材放入的初始动作并在软件端输入手机密码,剩下的流程全部交由方舱自动完成。

亮点二 复杂场景一键破解自动切换提取方式

过去,直连取证遇到应用分身、手机存储空间不足等复杂情况时,会出现取证进度停止或中断,取证人员需要再手动发起一次无线克隆取证重来一遍,费时费力。

现在,方舱具备智能决策大脑,全程无需人工干预,在提取过程中,系统如果检测到应用分身或手机存储空间不足,方舱会自动从直连取证无缝切换至无线克隆取证模式,确保检材内的潜在数据都被最大化提取。

亮点三 内置标准化的取证流程全程合规可信

方舱内置标准化的取证流程,并且所有的AI操作与模式切换均有全程录像及时间戳日志存证,确保电子证据链条的绝对合规与可溯源。

智取方舱支持无缝对接美亚柏科手机取证装备,通过USB连接手机取证装备后,取证软件识别方舱接入后,自动进入智能取证模式。

操作步骤:

1.取证软件识别方舱后,自动进入智能模式;

2.点击智能取证入口;

3.在取证软件上输入手机密码;

4.点击“开始取证”。

国投智能

ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026  

Anyrun
5 days 14 hours ago

ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award ceremony took place during RSAC™ 2026 conference. We’re especially proud and grateful that our impact for the industry has been acknowledged in two categories at once:  This dual recognition reflects the approach to cybersecurity we prioritize: supporting the full SOC […]

The post ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026   appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

Managed ad