Aggregator

Russian Phobos ransomware operator faces cybercrime charges Pie

Хизер Морган закопала золото, но не зарыла следы.

A vulnerability has been found in Google Android 6/6.0.1/7 and classified as critical. This vulnerability affects the function ArrayConcatVisitor of the file builtins-array.cc. The manipulation leads to type confusion. This vulnerability was named CVE-2018-9433. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Andrioid 6/6.0.1/7/8/8.1. This affects the function smp_data_received of the file smp_l2c.cc. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2018-9365. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Ganglia-web 3.73/3.74/3.75. Affected by this issue is some unknown functionality of the file /graph_all_periods.php. The manipulation of the argument g leads to cross site scripting. This vulnerability is handled as CVE-2024-52763. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ganglia-web 3.73/3.74/3.75. Affected by this vulnerability is an unknown functionality of the file /master/header.php. The manipulation of the argument tz leads to cross site scripting. This vulnerability is known as CVE-2024-52762. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Google Android 6/6.0.1/7/8/8.1. Affected is the function writeInplace of the file Parcel.cpp. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2018-9421. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Apple macOS on Intel. It has been classified as critical. This affects an unknown part of the component Cookie Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-44309. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS on Intel. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-44309. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple visionOS on Intel. It has been rated as critical. This issue affects some unknown processing of the component Cookie Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-44309. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Safari on Intel and classified as critical. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-44309. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS on Intel. This issue affects some unknown processing of the component Web Content Handler. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2024-44308. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple iOS and iPadOS on Intel. Affected is an unknown function of the component Web Content Handler. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2024-44308. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple visionOS on Intel and classified as critical. Affected by this vulnerability is an unknown functionality of the component Web Content Handler. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2024-44308. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple Safari on Intel. This vulnerability affects unknown code of the component Web Content Handler. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2024-44308. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Любительский эксперимент превратился в исследование редких цветов и создание новых оттенков.

孩子两岁之后，就可以在日常生活中，有意识地规划，提升孩子专注力​。

Sekoia的威胁检测与研究（TDR）团队发现了Helldown勒索软件的Linux变种，扩大了威胁范围。 Helldown 勒索软件组织以前以针对 Windows 系统而闻名，现在已将其活动范围扩大到 Linux 机器。Sekoia的威胁检测与研究（TDR）团队发现了这一新情况，他们在一条推特上提到了针对Linux系统的Helldown勒索软件的Linux变种。 Helldown 是勒索软件领域的一个相对较新的成员，于 2024 年 8 月首次出现，目前已在美国和欧洲造成 31 名受害者，其中包括 Zyxel 的欧洲子公司。该组织采用双重勒索策略，在加密文件之前先渗出敏感数据，并威胁说如果不支付赎金，就会公布窃取的信息。 Sekoia 已将几起 Helldown 攻击与 Zyxel 防火墙的漏洞联系起来。一个名为 CVE-2024-42057 的关键漏洞允许未经身份验证的代码执行，已被确定为该组织的一个可能入口点。值得注意的是 受攻击的防火墙被发现带有恶意用户账户和有效载荷，如从俄罗斯 IP 上传的 zzz1.conf 文件。 利用漏洞，攻击者可以进一步进入网络，使用高级端口扫描器等工具和命令来瘫痪防御系统 Helldown 的勒索软件以 Windows 和 Linux 系统为目标，具有独特的有效载荷： Windows 勒索软件： 采用阴影副本删除、进程终止和加密。被攻击的系统上会留下一份赎金说明 ReadMe.[encrypt_extension].txt。 Linux 勒索软件： 主要针对 VMware ESX 服务器。它会杀死虚拟机，用 RSA 加密密钥加密文件，并将密钥附加到加密文件中，只能用攻击者的私人密钥解密。 Helldown 通过渗出大量数据进行双重勒索–每个受害者的数据量从 22GB 到 431GB。被盗数据通常包括 PDF 和扫描文档，可能来自网络文件共享驱动器或 NAS 系统。 Helldown 的行为和工具与 Darkrace 和 Donex 有相似之处，两者都源自泄露的 LockBit 3 代码库。不过，这些组织之间尚未建立明确的联系。     转自安全客，原文链接：https://www.anquanke.com/post/id/302006 封面来源于网络，如有侵权请联系删除

在持续开发 22 年后 FreeCAD 项目宣布释出 1.0 版本。开发者称，1.0 版本通常代表着软件已经成熟，可用于真正的工作。FreeCAD 早已为真正的工作做好了准备，已经用于生产多年。之前的版本之所以没有称为 1.0 版本，是为了解决两大问题：修正 Toponaming 问题和内置组装模块。这两大问题如今已经基本解决。开发者建议第一次接触 FreeCAD 的用户先阅读文档和教程。FreeCAD 是一款通用参数化 3D CAD 建模器，支持有限元素法（FEM）的建筑信息模型（BIM）软件，既适用于机械工程产品设计，也可以扩展到其他工程领域如建筑或电气工程。

流行的 Wget 下载工具中新发现的一个漏洞可能允许攻击者发起服务器端请求伪造（SSRF）攻击。 来自 JFrog 的安全研究员 Goni Golan 在 Wget 中发现了一个漏洞，Wget 是一种广泛使用的命令行工具，用于从互联网下载文件。该漏洞被追踪为 CVE-2024-10524，攻击者可利用该漏洞诱使 Wget 向内部或受限服务器发出非预期请求。 了解漏洞 该漏洞源于 Wget 对速记 URL 的支持，这种传统功能允许用户在某些情况下省略协议方案（如 “http://”）。然而，攻击者可以利用Wget对这些速记URL的处理来操纵请求的目的地。 “我们发现，当使用用户提供输入的HTTP速记格式时，可能会出现意外行为。Wget可能会向不同的主机发出FTP请求，这些主机可能是攻击者控制的主机，也可能是用户通常无法访问的受限主机。这个 SSRF 漏洞可能成为多种类型攻击的起点。 利用场景 戈兰概述了攻击者利用这一漏洞的几种方式，包括 SSRF 攻击： 通过操纵速记 URL，攻击者可以迫使 Wget 向通常无法从互联网访问的内部服务器发送请求。 网络钓鱼攻击： 攻击者可以制作恶意链接，这些链接看似指向合法网站，但实际上会将用户重定向到攻击者控制的服务器。 中间人（MitM）攻击： 攻击者可将自己置于 Wget 和目标服务器之间，拦截并可能篡改数据。 数据泄漏： 攻击者可利用漏洞获取敏感信息，如错误日志或内部主机名。 影响和补救措施 该漏洞影响包括 1.24.5 在内的所有 Wget 版本。我们建议用户更新至 1.25.0 或更高版本，其中包含对该问题的修复。 建议 更新 Wget： 更新至最新版本的 Wget，以解决该漏洞。 对用户输入进行消毒： 如果使用用户提供输入的 Wget，请仔细检查输入内容，防止恶意篡改 URL。 避免使用速记 URL： 尽可能避免使用速记 URL，并在所有 Wget 请求中明确指定协议方案。     转自安全客，原文链接：https://www.anquanke.com/post/id/302009 封面来源于网络，如有侵权请联系删除