相關新聞
Adobe’s Surprise Security Bulletin Dominated by Critical Patches
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.
Threatpost
2021年10月28日 355 觀看次數
Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.
Threatpost
2021年10月28日 397 觀看次數
HTTPS Threats Grow More Than 314% Through 2021: Report
Packet Storm
2021年10月28日 349 觀看次數
NPM packages disguised as Roblox API code caught carrying ransomware
Subverted libraries likely intended as a prank but should be taken seriously, say security researchers Yet another NPM library has turned up infected with malware. Security firm Sonatype on Wednesday said it had spotted two related malicious NPM libraries that were named so they might be mistaken for...
The Register
2021年10月28日 549 觀看次數
WordPress Plugin Bug Lets Subscribers Wipe Sites
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.
Threatpost
2021年10月28日 459 觀看次數
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations (...
Microsoft
2021年10月26日 428 觀看次數
Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls
Only for one-to-one voice and video, mind Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.…
The Register
2021年10月23日 563 觀看次數
Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks
The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme.
"With FIN7's latest fake company, the...
The Hacker News
2021年10月23日 360 觀看次數
Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices
Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.
The...
The Hacker News
2021年10月23日 384 觀看次數
WinRAR’s vulnerable trialware: when free software isn’t free
PT SWARM
2021年10月22日 406 觀看次數
