Aggregator

A vulnerability was found in Apple visionOS and classified as critical. This issue affects some unknown processing of the component Web Content Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-40857. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been classified as critical. Affected is an unknown function of the component Web Content Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-40857. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Content Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-40857. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Safari. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Content Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-40857. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple macOS up to 14.6. This issue affects some unknown processing of the component File Handler. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2024-44154. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 网络犯罪分子通过发送虚假的版权索赔来勒索 YouTubers，迫使他们在视频中推广恶意软件和加密货币矿工。 这些威胁行为者利用 Windows Packet Divert (WPD) 工具在俄罗斯的流行程度，这些工具帮助用户绕过互联网审查和政府对网站及在线服务的限制。 YouTubers 为迎合这一受众群体，发布了关于如何使用各种基于 WPD 的工具绕过审查的教程，并成为威胁行为者的目标，这些行为者伪装成这些工具的版权持有者。 在大多数情况下，威胁行为者声称是所展示限制绕过工具的原始开发者，向 YouTube 提出版权索赔，然后联系创作者，提供解决方案，即在视频中包含他们提供的下载链接。 同时，他们威胁说，如果不遵守，将在 YouTube 上再增加两次“打击”，根据平台的“三次打击”政策，可能导致频道被封禁。 在其他情况下，攻击者直接联系创作者，伪装成工具的开发者，声称原始工具有一个新版本或新的下载链接，要求创作者在视频中更改链接。 YouTubers 出于对失去频道的担忧，屈服于威胁行为者的勒索，同意在视频中添加指向托管这些所谓的 WPD 工具的 GitHub 存储库的链接。然而，这些是被植入木马的版本，包含了一个加密矿工下载器。 卡巴斯基观察到这种推广被植入木马的 WPD 工具的行为发生在一段有超过 400,000 次观看的 YouTube 视频中，恶意链接在被移除前达到了 40,000 次下载。 一个拥有 340,000 订阅者的 Telegram 频道也以同样的伪装推广了恶意软件。 “根据我们的遥测，这场恶意软件活动已经影响了俄罗斯 2,000 多名受害者，但实际数字可能更高，”卡巴斯基警告说。 恶意软件加载程序是从 GitHub 存储库下载的包含 Python 恶意软件加载程序的恶意存档，通过修改后的启动脚本（“general.bat”）使用 PowerShell 启动。 如果受害者的防病毒软件干扰了这一过程，启动脚本会提示用户禁用防病毒软件并重新下载文件。 可执行文件仅针对俄罗斯 IP 地址获取第二阶段加载程序并在设备上执行。 第二阶段负载是另一个可执行文件，其大小被膨胀到 690 MB 以逃避防病毒分析，同时它还具备反沙盒和虚拟机检查功能。 恶意软件加载程序通过添加排除项和创建名为 “DrvSvc” 的 Windows 服务来关闭 Microsoft Defender 保护，以实现重启后的持久性。 最终，它下载最终负载，SilentCryptoMiner，这是一个修改版的 XMRig，能够开采多种加密货币，包括 ETH、ETC、XMR 和 RTM。 coin miner 每 100 分钟从 Pastebin 获取远程配置，以便动态更新。 为了逃避检测，它被加载到如 “dwm.exe” 的系统进程中，使用进程空心化技术，并在用户启动如 Process Explorer 和 Task Manager 的监控工具时暂停挖矿活动。 尽管卡巴斯基发现的这场活动主要针对俄罗斯用户，但相同的策略也可能被用于更广泛范围的操作，这些操作还可能投放信息窃取器或勒索软件等风险更高的恶意软件。 用户应避免从 YouTube 视频或描述中的网址下载软件，尤其是来自较小到中等规模的频道，这些频道更容易受到欺诈和勒索的影响。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 现年55岁的休斯顿居民戴维斯·卢（Davis Lu）被判定有罪，他曾在被降职后，通过运行自定义恶意软件并在前雇主的系统中安装“kill switch”来破坏其系统。 卢自2007年11月至2019年10月在俄亥俄州的一家公司（据称为伊顿公司）担任软件开发者。 伊顿公司是一家全球性的电力管理公司，为各行各业提供电气、液压和机械解决方案。 2018年公司重组后，卢在工作中失去了部分职责，并被判定通过自定义恶意软件和“kill switch”破坏了雇主的计算机系统和网络。 恶意活动包括运行“无限循环”的代码，耗尽生产服务器的资源，最终导致系统崩溃并阻止用户登录。这些无限循环通过反复生成新线程而不正确终止来耗尽Java线程。 根据卢的起诉书，他还删除了同事的用户配置文件，并设置了一个“kill switch”，如果他在公司的Windows活动目录中的账户被禁用，该“kill switch”将锁定所有用户。这个“kill switch”代码名为“IsDLEnabledinAD”，是“Is Davis Lu enabled in Active Directory”的缩写。 当卢在2019年9月9日被解雇时，“kill switch”被自动触发，导致数千名员工无法访问系统。 在他被要求归还公司笔记本电脑的当天，卢据称删除了加密数据。 美国司法部表示，互联网搜索查询还显示卢曾研究提升权限、隐藏进程和快速删除文件的方法。 美国司法部称，卢的行为和系统中断给公司带来了数十万美元的损失。 陪审团判定卢故意破坏受保护的计算机，这一罪名最高可判处10年监禁。宣判日期尚未确定。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 美国多个城市正在警告一场正在进行的移动网络钓鱼活动，该活动通过伪装成城市停车违规部门的短信，通知用户未付停车发票，并声称如果未支付，将每天收取35美元的额外罚款。 尽管停车诈骗已经存在多年，但最近一波大规模的网络钓鱼短信已导致美国多个城市发布警告，包括安纳波利斯、波士顿、格林尼治、丹佛、底特律、休斯顿、密尔沃基、盐湖城、夏洛特、圣地亚哥、旧金山等。 此次短信浪潮始于去年12月，并一直持续至今。BleepingComputer 本周早些时候也收到了针对纽约居民的钓鱼短信。 这些短信声称来自城市停车违规部门，通知用户有未付的停车发票，如果未支付，将每天收取35美元的逾期费用。短信随后提示用户点击链接以支付罚款。 “这是纽约市关于未付停车发票的最后提醒。如果今天不付款，将每天收取35美元的逾期费用，”钓鱼短信写道。 同样的钓鱼模板也被用于其他城市的未付停车发票短信中。 为了规避检测，诈骗者利用Google.com的开放重定向，将用户引导至伪装成目标城市的钓鱼网站。例如，纽约市的钓鱼网站是nycparkclient[.]com。 过去一年中，苹果引入了一项安全功能，禁用了来自未知发件人或可疑域名的短信中的链接。由于Google.com是一个受信任的域名，苹果iMessage不会禁用该链接，因此使用公司开放重定向更容易诱使用户不慎点击链接。 在纽约市的钓鱼活动中，点击链接会进入一个伪装成“纽约市财政局：停车和摄像头违规”的网站，提示用户输入姓名和邮政编码。 此时，用户可以输入任意姓名和邮政编码，随后将被引导至一个页面，声称“您的车辆在纽约市有未付的停车发票。为了避免每天35美元的滞纳金，请立即结算您的余额。” 所欠金额因活动而异，BleepingComputer收到的短信显示我们欠4.60美元。 从图片可以看出，这是一个骗局的明显迹象，因为美元符号显示在金额之后，而不是之前，这在美国是不寻常的。这进一步表明钓鱼诈骗是由美国以外的人创建的。 点击“现在处理”按钮会将用户引导至一个屏幕，诈骗者在此试图窃取用户的数据，包括姓名、地址、电话号码、电子邮件地址，最终还有信用卡信息。 这些信息随后可能被用于各种恶意活动，包括进一步的网络钓鱼攻击、身份盗窃、金融诈骗以及将数据出售给其他威胁行为者。 一般来说，如果您收到未知电话号码或电子邮件地址发来的短信，要求您点击链接、付款或以某种方式回应，您应该报告并封锁该号码，而不是轻信。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

解析11种“盗U”套路，从钓鱼网站到SIM卡交换，详解技术细节，提供实用防护建议。

ClientInspector Are you in control? – or are some of your core infrastructure processes like patching, antivirus, and bitlocker enablement drifting? Or would you like to do advanced inventory, where you can look up your warranty state against...

The post ClientInspectorV2: Unleashing the power of Azure LogAnalytics, Azure Data Collection Rules, Log Ingestion API appeared first on Penetration Testing Tools.

Poastal – the Email OSINT tool Poastal is an email OSINT tool that provides valuable information on any email address. With Poastal, you can easily input an email address and it will quickly answer several...

The post poastal: the Email OSINT tool appeared first on Penetration Testing Tools.

Sirius Scan Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors....

The post Sirius Scan: open-source general purpose vulnerability scanner appeared first on Penetration Testing Tools.

A vulnerability has been found in Apple macOS up to 13.6/14.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Texture Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-44161. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component UI. The manipulation leads to clickjacking. This vulnerability is known as CVE-2024-40866. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Decidim up to 0.27.6/0.28.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin of the component Admin Panel. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-32034. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple macOS up to 13.6/14.6. Affected is an unknown function of the component Texture Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-44160. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been rated as critical. This issue affects some unknown processing of the component Image Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-44176. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple tvOS. Affected is an unknown function of the component Image Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-44176. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Safari. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI. The manipulation leads to clickjacking. This vulnerability is handled as CVE-2024-40866. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple visionOS. Affected by this vulnerability is an unknown functionality of the component Image Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-44176. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.