相關新聞
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives. [...]
Bleepingcomputer
2025年01月22日 304 觀看次數
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.
The Hacker News
2025年01月21日 362 觀看次數
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security
OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.…
The Register
2025年01月20日 535 觀看次數
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. [...]
Bleepingcomputer
2025年01月19日 454 觀看次數
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a...
Krebs on Security
2025年01月17日 281 觀看次數
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...]
Bleepingcomputer
2025年01月17日 256 觀看次數
Attackers Hijack Google Advertiser Accounts to Spread Malware
It's an especially brazen form of malvertising, researchers say, striking at the heart of Google's business; the tech giant says it's aware of the issue and is working quickly to address the problem.
Dark Reading
2025年01月16日 516 觀看次數
MFA Failures - The Worst is Yet to Come
This article delves into the rising tide of MFA failures, the alarming role of generative AI in amplifying these attacks, the growing user discontent weakening our defenses, and the glaring vulnerabilities being frequently exploited. The storm is building, and the worst is yet to come...
Bleepingcomputer
2025年01月16日 311 觀看次數
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg
Updated Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according to...
The Register
2025年01月15日 318 觀看次數
Phishing texts trick Apple iMessage users into disabling protection
Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [...]
Bleepingcomputer
2025年01月13日 488 觀看次數
