6. 疑似APT-C-55（Kimsuky）组织利用商业软件Web Browser Password Viewer进行攻击

Global Dynamics

1. The US Government Warns: Key Infrastructure Should Be on Alert for Ransomware Attacks

The US CISA and FBI issued a joint alert warning that critical infrastructure may be attacked by ransomware during the holiday period. [Foreign Journal-Read Original】

2. By 2026, the IoT security market size will reach $40.3 billion

A report by ResearchAndMarkets shows that the global IoT security market size will grow from $14.9 billion in 2021 to $40.3 billion in 2026, with a compound annual growth rate (CAGR) of 22.1% during the forecast period. [Foreign Journal-Read Original】

3. Cisco's New Vulnerability Affects Firewall Security

Researchers found new vulnerabilities in two devices manufactured by Cisco, which could lead to interruptions in remote access. [Foreign Journal-Read Original】

4. Taking a Different Path, the Accomplice of Memento Ransomware is WinRAR?

After the encryption process was intercepted by security companies, the new Memento ransomware 'took a different path', locking files in password-protected WinRAR archives. [Foreign Journal-Read Original】

5. NCSC Warns Over 4,000 Online Stores: Be Wary of Magecart Attacks That Can Steal Customer Payment Data

On the eve of Black Friday, the UK's National Cyber Security Centre (NCSC) issued warnings to over 4,000 online stores, potentially facing hacker attacks. [Read Original】

6. UserBenchmark Benchmarking Software Incorrectly Marked as 'Malware' by 23 Security Software

According to VirusTotal, UserBenchmark, a popular free benchmarking tool, has been marked as malware by nearly twenty websites. [Read Original】

Security Incident

1. GoDaddy Company Data Leaked, Affecting 1.2 Million Hosted WordPress Accounts

GoDaddy 披露了影响多达 120 万客户的数据泄露事件，攻击者破坏了该公司的托管 WordPress 托管环境。【外刊-Read Original】

2. 针对 Microsoft Exchange RCE 漏洞发布的漏洞，立即修补

概念验证漏洞利用代码已于周末在线发布，用于影响 Microsoft Exchange 服务器的积极利用的高严重性漏洞。【外刊-Read Original】

3. 新的Windows 零日漏洞，让每个人都可以成为管理员

一名安全研究人员公开披露了一个新的 Windows 零日本地权限提升漏洞的利用，该漏洞可在 Windows 10、Windows 11 和 Windows Server 中提供管理员权限。【外刊-Read Original】

4. 使用指纹照片、打印机和胶水，便可绕过生物识别身份验证

研究人员证明，无需使用任何复杂或不常见的工具，只需 5 美元即可克隆指纹以进行生物识别认证。【外刊-Read Original】

5. 黑客在网络钓鱼闪电战中利用 ProxyLogon 和 ProxyShell 漏洞

研究发现，攻击者正在滥用存在数月之久的 Microsoft Exchange Server 漏洞，在组织内发送充满恶意软件的网络钓鱼电子邮件。【外刊-Read Original】

6. 疑似APT-C-55（Kimsuky）组织利用商业软件Web Browser Password Viewer进行攻击

近日，有研究发现疑似Kimsuky组织利用利用商业软件Web Browser Password Viewer进行测试的样本，疑似测试功能是收集用户浏览器密码信息。【Read Original】

优质文章

1. 边吃瓜边审计 MacCMS

MacCMS 是一套快速视频内容管理开源 cms 系统。据说 MacCMS 已经发展了 12 年，现在流行的两个版本是v10和v8，本次主要审计 v10 的代码。【Read Original】

2.国产密码算法软件引擎的安全挑战

随着我国商用密码技术的应用推广，国产密码算法软件引擎已经成为必不可少的密码产品形态。【Read Original】

This report summarizes the activities, methods, and tools of theRead Original】

*The content of this article is collected from media and publications worldwide. The producer is responsible for its completeness, but not for its authenticity and effectiveness.

*Content marked as [Foreign Publication] mainly comes from media and publications in English-speaking countries, and some content requires registration for a free account to read.