Aggregator

macOS后门，以中国钉钉和微信用户为目标的HZRat后门攻击场景复现及木马检测方法

方正畅享新闻采编系统 binary.do SQL注入漏洞分析复现

缓存投毒之CPDOS

A vulnerability was found in mxBB Mx Shotcast 1.0 Rc2 and classified as critical. Affected by this issue is some unknown functionality of the file getinfo1.php. The manipulation of the argument mx_root_path leads to file inclusion. This vulnerability is handled as CVE-2007-2313. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in androidforums Forum For Android 2.4.4.9. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-5889. The attack can only be done within the local network. There is no exploit available.

美国第二巡回上诉法院维持了 Hachette v. Internet Archive 一案的原判决，裁定互联网档案馆的数字借阅项目侵犯了版权法，驳回了互联网档案馆所持的论点——即借阅行为受到了合理使用原则的保护。因新冠疫情导致了图书馆关闭，互联网档案馆于 2020 年 3 月启动了 National Emergency Library 项目，向困住家中的民众大批量提供电子书的数字借阅服务，不再限制一本电子书一次只借给一个人。该项目立即遭到了出版商和作家的反对。互联网档案馆后来恢复了借阅限制。2020 年 6 月，主要出版商 Hachette、HarperCollins、Penguin Random House 和 Wiley 提起了侵权诉讼。2023 年 3 月，地方法院裁定出版商胜诉。互联网档案馆提起上诉，现在上诉法院再次做出了不利于它的判决。

A vulnerability, which was classified as critical, has been found in mosMedia. This issue affects some unknown processing of the file Mambo/Joomla. The manipulation of the argument mosConfig_absolute_path leads to Remote Code Execution. The identification of this vulnerability is CVE-2007-2043. The attack may be initiated remotely. Furthermore, there is an exploit available.

Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of […]

你可能错过的新鲜事英特尔发布酷睿 Ultra 200V 系列处理器9 月 3 日，英特尔公司在柏林举办发布会，推出酷睿 Ultra 200V 系列处理器。该处理器系列分为 5、7、9 三个类目，共

The DoJ says Russia paid a US company $10m to post disinformation that attracted millions of views online

A vulnerability, which was classified as critical, has been found in Avant-Garde Solutions MOSMedia 1.0.8. This issue affects some unknown processing of the file media.tab.php of the component mediad. The manipulation of the argument mosConfig_absolute_path leads to file inclusion. The identification of this vulnerability is CVE-2007-2043. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in bibleslots SLOTS: Bible Slots Free 1.122 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5888. The attack needs to be approached within the local network. There is no exploit available.

Вебинар Positive Technologies состоится 10 сентября в 14:00.

A vulnerability was found in Apple macOS up to 10.13.1 and classified as critical. This issue affects some unknown processing of the component Kernel. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2017-13817. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

2024年9月5日，深瞳漏洞实验室监测到一则Apache-ofbiz组件存在服务器端伪造请求（SSRF）漏洞的信息，漏洞编号：CVE-2024-45507，漏洞威胁等级：高危。

Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachability Analysis, a feature that identifies and prioritizes vulnerabilities based on their exploitability within the system’s execution flow, allowing for more targeted and effective remediation. With the introduction of Reachability Analysis, Binarly’s Transparency Platform 2.5 provides a truly innovative method to evaluate risk by … More →

The post Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited appeared first on Help Net Security.

据BleepingComputer消息，一款最初被设计为红队演练之用的工具MacroPack近来正被攻击者滥用并部署恶意负载 Havoc、Brute Ratel 和 PhatomCore ，所发现的恶意文档已涉及多个国家和地区。 MacroPack 是由法国开发人员 Emeric Nasi （dba BallisKit） 创建的专注于红队演习演练和对手模拟的专有工具，提供反恶意软件绕过、反逆技术、使用代码混淆构建各种文档有效负载、嵌入无法检测的 VB 脚本等多项高级功能。 Cisco Talos 的安全研究人员研究了来自美国、俄罗斯和巴基斯坦等国家和地区在 VirusTotal 上提交的恶意文档，这些文件的诱饵、复杂程度和感染载体各不相同，表明 MacroPack 正被多个攻击者滥用，已成为一种潜在的威胁趋势。 这些被捕获的野外样本都有在 MacroPack 上创建的痕迹，包括基于马尔可夫链的函数和变量重命名、删除注释和多余的空格字符（这些字符可将静态分析检测率降到最低）以及字符串编码。 当受害者打开这些恶意Office 文档时会触发第一级 VBA 代码，该代码会加载恶意 DLL，并连接到攻击者的命令和控制 (C2) 服务器。 攻击链 Cisco Talos 的报告了一些与MacroPack 滥用相关的重要恶意活动集群： 美国：2023 年 3 月上传的一份文件伪装成加密的 NMLS 更新表格，并使用马尔可夫链生成的函数名来逃避检测。 该文档包含多级 VBA 代码，在尝试通过 mshta.exe 下载未知有效载荷之前会检查沙盒环境。 装成加密的 NMLS 更新表格 俄罗斯：2024 年 7 月，一个俄罗斯 IP 上传的空白 Excel 工作簿提供了 PhantomCore，这是一个基于 Golang 的用于间谍活动的后门 。 该文件运行多级 VBA 代码，试图从远程 URL 下载后门。 巴基斯坦：从巴基斯坦各地上传了以巴基斯坦军事为主题的文件。 其中一份文件伪装成巴基斯坦空军的通知，另一份伪装成就业确认书，部署了 Brute Ratel 獾。 这些文件通过 HTTPS DNS 和亚马逊 CloudFront 进行通信，其中一个文档嵌入了 base64 编码的 blob 以用于 Adobe Experience Cloud 跟踪。   转自FreeBuf，原文链接：https://www.freebuf.com/news/410268.html 封面来源于网络，如有侵权请联系删除。

A vulnerability classified as problematic was found in Samsung Samsung Assistant. This vulnerability affects unknown code of the component Location Data Handler. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability was named CVE-2024-34661. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Group Sharing 10.8.03.2/13.0.6.15 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-34659. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.