New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Microsoft News
New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability…
The Ultimate Guide to Fine-Tuning LLMs from Basics to Breakthroughs:
An Exhaustive Review of Technologies, Research, Best Practices, Applied Research Challenges and Opportunities
(Version 1.0)
https://arxiv.org/html/2408.13296v2
An Exhaustive Review of Technologies, Research, Best Practices, Applied Research Challenges and Opportunities
(Version 1.0)
https://arxiv.org/html/2408.13296v2
Call and Register — Relay Attack on WinReg RPC Client
https://www.akamai.com/blog/security-research/2024/oct/winreg-relay-vulnerability
https://www.akamai.com/blog/security-research/2024/oct/winreg-relay-vulnerability
Akamai
Call and Register — Relay Attack on WinReg RPC Client | Akamai
Akamai researchers explore a new vulnerability that can be exploited to lead to elevation of privilege attacks against Windows machines.
Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys
https://blog.phylum.io/trojanized-ethers-forks-on-npm-attempting-to-steal-ethereum-private-keys/
https://blog.phylum.io/trojanized-ethers-forks-on-npm-attempting-to-steal-ethereum-private-keys/
Phylum Research | Software Supply Chain Security
Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys | Phylum
Software supply chain attack targets open-source developers in npm via malicious packages that steal Ethereum private keys, gain SSH persistence.
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/
https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/
SentinelOne
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user.
https://access.redhat.com/security/cve/CVE-2024-9050
https://access.redhat.com/security/cve/CVE-2024-9050
identity-security-threat-landscape-2024-report.pdf
11.5 MB
Threat Landscape Report 2024
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
BleepingComputer
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
Forwarded from Constantine Maltsev
Microsoft News
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other…
Выбирай не хочу:
— Курс
— Сертификат
Конкурс от core247.kz вполне может помочь в этом, ваучер применим к:
— онлайн-курсу
— сертификационному экзамену
— или пакету (курс + сертификация)
🚩 14 ноября - итоги и выбор 7 победителей. Активировать ваучер нужно до
31.10.2025. После этого будет 1 год и 2 попытки, чтобы завершить обучение и/или сдать экзамен.Детали здесь: https://core247.io/cncf
Please open Telegram to view this post
VIEW IN TELEGRAM
Details about of Storm-0940 spray attack
https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
Previous post:
https://news.1rj.ru/str/sysadm_in_channel/5254
https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
Previous post:
https://news.1rj.ru/str/sysadm_in_channel/5254
Microsoft News
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray…