Aggregator

年入百万赏金的白帽大佬月神的故事

年入百万赏金的白帽大佬月神的故事

年入百万赏金的白帽大佬月神的故事

年入百万赏金的白帽大佬月神的故事

年入百万赏金的白帽大佬月神的故事

资产搜索时发现某学校的统一身份认证处的找回密码功能，发现需要对应手机号，前期信息收集中并未找到某个学生的手机号，但是其系统存在找回手机号功能，需要对应学生的学号和身份证号，所以我们接下来需要去找到某一

A vulnerability was found in Measuresoft ScadaPro up to 2.6.0. It has been classified as very critical. This affects an unknown part of the file service.exe. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2011-3490. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Apple iOS and iPadOS. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-44176. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple watchOS. This affects an unknown part of the component Image Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-44176. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as problematic. This affects an unknown part of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2024-44187. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS. It has been declared as problematic. This vulnerability affects unknown code of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2024-44187. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple visionOS. It has been rated as problematic. This issue affects some unknown processing of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2024-44187. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： “雷根”加载器是一种“复杂且不断演变的恶意软件工具包”，被包括“雷根”锁屏软件（又名“怪兽螳螂”）、芬7、芬8以及“无情螳螂”（前身为REvil）在内的多个网络犯罪和勒索软件团伙所使用。 瑞士网络安全公司PRODAFT在一份声明中表示：“雷根”加载器在维持对受感染系统的访问中发挥着关键作用，帮助攻击者长期潜伏在网络中进行攻击活动。 尽管它与“雷根”锁屏软件团伙有关联，但尚不清楚该团伙是拥有该工具还是将其出租给他人。不过可以肯定的是，其开发者不断添加新功能，使其更具模块化，更难被检测。 “雷根”加载器也被称为“萨多尼克”，最早于2021年8月由Bitdefender记录，当时芬8针对美国一家未具名金融机构的攻击未能成功。该恶意软件自2020年起就被投入使用。 2023年7月，博通旗下的赛门铁克披露芬8使用该后门的更新版本来投放现已失效的“黑猫”勒索软件。 “雷根”加载器的核心功能是能够在目标环境中建立长期立足点，同时运用一系列技术规避检测，确保攻击活动的持续性。 PRODAFT指出：“该恶意软件利用基于PowerShell的有效载荷执行操作，采用强大的加密和编码方法（包括RC4和Base64）来隐藏其活动，并运用复杂的进程注入策略来建立和维持对受感染系统的隐秘控制。” “这些功能共同增强了其规避检测和在目标环境中持续存在的能力。” 该恶意软件以包含多个组件的档案文件包的形式提供给合作伙伴，以便实现反向Shell、本地权限提升和远程桌面访问等功能。它还被设计为与攻击者建立通信，使攻击者能够通过命令与控制（C2）面板远程控制受感染的系统。 “雷根”加载器通常利用PowerShell在受害者系统上执行，并整合了大量反分析技术，以抵抗检测并模糊控制流逻辑。 此外，它还能够通过运行DLL插件和Shellcode以及读取和窃取任意文件内容来开展各种后门操作。为了在网络中横向移动，“雷根”加载器还使用了另一个基于PowerShell的跳板文件。 另一个关键组件是一个名为“bc”的Linux可执行ELF文件，它被设计用于协助远程连接，使攻击者能够在受感染的系统上直接启动和执行命令行指令。 PRODAFT表示，“bc”与QakBot和IcedID等其他已知恶意软件家族中的BackConnect模块类似，它们都允许攻击者与受害者的设备进行远程交互。“这是网络犯罪分子的常见手段，尤其是针对企业受害者，因为他们的设备通常处于网络隔离状态。”该公司补充道，“它采用了高级的混淆、加密和反分析技术，包括基于PowerShell的有效载荷、RC4和Base64解密程序、动态进程注入、令牌操作以及横向移动能力。这些功能体现了现代勒索软件生态系统的复杂性和适应性不断增强。”   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic has been found in Apple iOS and iPadOS. Affected is an unknown function of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is traded as CVE-2024-44187. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple watchOS. Affected by this vulnerability is an unknown functionality of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2024-44187. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple Safari. Affected by this issue is some unknown functionality of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is handled as CVE-2024-44187. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been rated as problematic. This issue affects some unknown processing of the component Web Content Handler. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2024-44198. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple tvOS. Affected is an unknown function of the component Web Content Handler. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2024-44198. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple visionOS up to 14.5. Affected by this vulnerability is an unknown functionality of the component Web Content Handler. The manipulation leads to integer overflow. This vulnerability is known as CVE-2024-44198. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS. Affected by this issue is some unknown functionality of the component Web Content Handler. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2024-44198. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.