Aggregator

A vulnerability classified as critical has been found in Oracle Banking Supply Chain Finance up to 14.7.0. Affected is an unknown function of the component Security. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-1370. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Banking Virtual Account Management up to 14.7.0 and classified as critical. This issue affects some unknown processing of the component Common Core. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-1370. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Oracle FLEXCUBE Investor Servicing 14.7.0.0.0. This vulnerability affects unknown code of the component Infrastructure Code. The manipulation leads to denial of service. This vulnerability was named CVE-2023-1370. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle FLEXCUBE Universal Banking 14.5/14.6/14.7. It has been classified as critical. This affects an unknown part of the component INFRA code. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-1370. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Oracle Middleware Common Libraries and Tools 12.2.1.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Remote Diagnostic Agent. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-1370. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Oracle WebLogic Server 12.2.1.4.0/14.1.1.0.0. This affects an unknown part of the component Centralized Thirdparty Jars. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-1370. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle Data Integrator 12.2.1.4.0. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-1370. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Policy Automation and classified as critical. Affected by this issue is some unknown functionality of the component Determinations Engine. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-1370. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Utilities Application Framework up to 4.5.0.1.1. Affected by this issue is some unknown functionality of the component General. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-1370. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle GoldenGate Studio 12.2.1.4.0. This affects an unknown part of the component GoldenGate Studio. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-1370. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Oracle GoldenGate Veridata up to 12.2.1.4.230922 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Veridata. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-1370. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Oracle Financial Services Model Management and Governance 8.1.2.3/8.1.2.4. Affected is an unknown function of the component Installer. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-1370. It is possible to launch the attack remotely. There is no exploit available.

Эксперты Elastic раскрыли полный функционал продвинутого кибероружия.

HackerNews 编译，转载请注明出处： 一个与朝鲜有关的国家级威胁行为者被指与一场针对韩国商业、政府和加密货币部门的持续活动有关。 这场被 Securonix 命名为 DEEP#DRIVE 的攻击活动，被归因于一个名为 Kimsuky 的黑客组织，该组织也被追踪为 APT43、Black Banshee、Emerald Sleet、Sparkling Pisces、Springtail、TA427 和 Velvet Chollima。 “攻击者利用用韩语编写的定制网络钓鱼诱饵，伪装成合法文件，成功渗透到目标环境。” 安全研究人员丹・尤兹维克（Den Iuzvyk）和蒂姆・佩克（Tim Peck）在一份与《黑客新闻》共享的报告中表示，并将此活动描述为“复杂且多阶段的操作”。 通过网络钓鱼电子邮件发送的诱饵文件，格式为 .HWP、.XLSX 和 .PPTX，伪装成工作日志、保险文件和与加密货币相关的文件，诱使收件人打开它们，从而触发感染过程。 攻击链值得注意的是其在各个阶段大量依赖 PowerShell 脚本，包括有效载荷传递、侦察和执行。其特点还在于使用 Dropbox 进行有效载荷分发和数据窃取。 这一切都始于一个包含单个 Windows 快捷方式（.LNK）文件的 ZIP 压缩包，该文件伪装成合法文件。当提取并运行时，会触发 PowerShell 代码的执行，以从 Dropbox 获取并显示诱饵文件，同时通过名为“ChromeUpdateTaskMachine”的计划任务在 Windows 主机上秘密建立持久性。 其中一个用韩语编写的诱饵文件涉及物流设施叉车操作的安全工作计划，深入探讨了重型货物的安全处理，并概述了确保遵守工作场所安全标准的方法。 PowerShell 脚本还设计为联系同一个 Dropbox 位置以获取另一个 PowerShell 脚本，该脚本负责收集和窃取系统信息。此外，它还会投放第三个 PowerShell 脚本，最终负责执行一个未知的 .NET 程序集。 “使用基于 OAuth 令牌的身份验证进行 Dropbox API 交互，使得侦察数据（如系统信息和活动进程）能够无缝窃取到预定文件夹。” 研究人员表示。 “这种基于云的基础设施展示了一种有效且隐蔽的方法来托管和检索有效载荷，绕过了传统的 IP 或域名阻止列表。此外，该基础设施似乎具有动态性和短寿命，正如攻击初期阶段后关键链接的迅速移除所证明的那样，这不仅使分析复杂化，还表明攻击者积极监控其活动以确保操作安全。” Securonix 表示，他们能够利用 OAuth 令牌获得更多关于威胁行为者基础设施的洞察，发现证据表明这场活动可能从去年 9 月就开始了。 “尽管缺少最后阶段，但分析突显了攻击者采用的复杂技术，包括混淆、隐蔽执行和动态文件处理，这些技术表明攻击者意图规避检测并使事件响应复杂化。” 研究人员总结道。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Aklamator INfeed Plugin up to 2.0.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-12717. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Iocharger 24120701. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to path traversal: 'dir/../../filename'. This vulnerability was named CVE-2024-43658. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Posturinn Shipping with WooCommerce Plugin up to 1.3.1 on WordPress. This affects the function printed_marked/nonprinted_marked. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11815. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in stylemix Header Builder Plugin up to 1.3.8 on WordPress and classified as problematic. This vulnerability affects the function stm_header_builder. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12206. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in reichertbrothers SimplyRETS Real Estate IDX Plugin up to 2.11.2 on WordPress. This affects the function sr_search_form. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12491. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in opacewebdesign AI Scribe Plugin up to 2.3 on WordPress. This vulnerability affects the function al_scribe_engine_request_data/al_scribe_content_data. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12605. The attack can be initiated remotely. There is no exploit available.