Aggregator

信安国赛创新能力赛决赛Build环节 by 路人甲

更多最新文章，请访问SecWiki

There’s so much to keep up with in the world of cybercrime…especially for security practitioners. Leaky Weekly is a bi-weekly podcast hosted by security researcher Nick Ascoli as he dives into the most pressing stories on data leaks, cybercrime, and the dark web in the last week or so. Tune in for current events every […]

The post Launching Leaky Weekly with Flare, Cybercrime Current Events Podcast appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

The post Launching Leaky Weekly with Flare, Cybercrime Current Events Podcast appeared first on Security Boulevard.

全球气温连续创新高的记录终于在 2024 年 7 月结束了，此前全球气温连续 13 个月创新高。根据哥白尼气候变化服务机构(CCCS)的数据，2024 年 7 月为有记录以来第二热的 7 月和第二热的月份，平均地表气温为 16.91°C，比 1991-2020 年 7 月的平均气温高 0.68°C，仅比 2023 年 7 月创下的最高记录低 0.04°C。尽管 7 月气温略低于去年 7 月，但 7 月 22 日和 23 日为有记录以来最热的两天，分别达到 17.16°C 和 17.15°C。7 月平均气温比 1850-1900 年工业化前的 7 月估计气温高 1.48°C，结束了连续 12 个月平均气温达到或高于工业化前水平 1.5°C 的记录。科学家预计 2024 年仍将是有记录以来最热的一年。

Mozilla 释出了 Firefox 131 的 Nightly 版本，加入了用户期盼已久的垂直标签和侧边栏功能。Firefox 的最新稳定版本是 v129，这意味着该功能会在 2 个月后正式提供给用户（Mozilla 大约每个月释出一个 Firefox 新版本）。用户如果想要使用该功能，那么需要更新到最新的 Nightly 版本，之后前往 Settings > Firefox Labs，激活侧边栏和垂直标签实验，在浏览器工具栏上右键选择“定制工具栏”，然后将侧边栏图标拖到工具栏上，之后点击该图标就可以使用垂直标签。

ИИ-моделирование может изменить будущее миллионов пациентов

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers. Kimsuky, also known by the names APT43, ARCHIPELAGO,

Новая версия платформы имеет лицензию MIT и не требует интернет-соединения.

《金融时报》援引文件和知情人士的消息报道，Google 和 Meta 曾达成一项秘密广告协议，向 YouTube 上的青少年投放 Instagram 广告，绕开了搜索巨人禁止向未成年人投放广告的规定。报道称，Google 曾为 Meta 做过一个营销项目，旨在向 13-17 岁的 YouTube 用户投放广告，推广 Instagram。Instagram 广告推广针对的是 YouTube 广告系统中标记为“未知”的用户群，由于儿童隐私法律的限制，未知用户其实就是 18 岁以下的青少年。在《金融时报》联系 Google 置评时，它被告知 Google 已经取消了该项目，并展开了调查。

现在的攻防演练不再像以往那样一个漏洞直捣黄龙，而是需要各种组合拳才能信手拈来，但是有时候使尽浑身解数也不能称心如意。

Специалисты выявили новые опасности для устройств с неправильной реализацией SSH.

A vulnerability classified as critical has been found in jupyterhub up to 4.1.5/5.1.0. This affects an unknown part of the component Group Membership Handler. The manipulation leads to improper handling of insufficient privileges. This vulnerability is uniquely identified as CVE-2024-41942. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A ransomware tabletop exercise was conducted against a fictious hospital, aiming to educate attendees of how to fight against such threats

盖洛普民意调查显示，美国共和党人对疫苗的认可度急剧下降。2019 年 52% 的美国共和党人认为父母让孩子接种疫苗“极其重要”，如今这一比例降为 26%。相比下，美国民主党人及其支持者有 63% 认为儿童接种疫苗极其重要，略低于 2019 年的 67%。总体上今天只有四成的美国人认为儿童接种疫苗极其重要，低于 2019 年的 58% 和 2001 年的 64%。93% 的民主党人认为接种疫苗极其重要或非常重要，而共和党人中的比例为 52%。此外，有多达 31% 的共和党人认为疫苗比其预防的疾病更危险。

A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. This vulnerability is handled as CVE-2024-7616. Access to the local network is required for this attack to succeed. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards

A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-7615. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-7614. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.