New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Microsoft News
New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability…
The Ultimate Guide to Fine-Tuning LLMs from Basics to Breakthroughs:
An Exhaustive Review of Technologies, Research, Best Practices, Applied Research Challenges and Opportunities
(Version 1.0)
https://arxiv.org/html/2408.13296v2
An Exhaustive Review of Technologies, Research, Best Practices, Applied Research Challenges and Opportunities
(Version 1.0)
https://arxiv.org/html/2408.13296v2
Call and Register — Relay Attack on WinReg RPC Client
https://www.akamai.com/blog/security-research/2024/oct/winreg-relay-vulnerability
https://www.akamai.com/blog/security-research/2024/oct/winreg-relay-vulnerability
Akamai
Call and Register — Relay Attack on WinReg RPC Client | Akamai
Akamai researchers explore a new vulnerability that can be exploited to lead to elevation of privilege attacks against Windows machines.
Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys
https://blog.phylum.io/trojanized-ethers-forks-on-npm-attempting-to-steal-ethereum-private-keys/
https://blog.phylum.io/trojanized-ethers-forks-on-npm-attempting-to-steal-ethereum-private-keys/
Phylum Research | Software Supply Chain Security
Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys | Phylum
Software supply chain attack targets open-source developers in npm via malicious packages that steal Ethereum private keys, gain SSH persistence.
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/
https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/
SentinelOne
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user.
https://access.redhat.com/security/cve/CVE-2024-9050
https://access.redhat.com/security/cve/CVE-2024-9050
identity-security-threat-landscape-2024-report.pdf
11.5 MB
Threat Landscape Report 2024
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
BleepingComputer
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
Forwarded from Constantine Maltsev
Microsoft News
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other…
Выбирай не хочу:
— Курс
— Сертификат
Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:
— онлайн-курсу
— сертификационному экзамену
— или пакету (курс + сертификация)
🚩 14 ноября - итоги и выбор 7 победителей. Активировать ваучер нужно до
31.10.2025. После этого будет 1 год и 2 попытки, чтобы завершить обучение и/или сдать экзамен.Детали здесь: https://core247.io/cncf
Please open Telegram to view this post
VIEW IN TELEGRAM