Aggregator

Важная роль в образовании стала причиной, чтобы спасти работу платформы.

Apache Avro Java 软件开发工具包（SDK）中存在一个严重漏洞（跟踪编号为 CVE-2024-47561），该漏洞可允许在易受攻击的实例上执行任意代码。 该漏洞被追踪为 CVE-2024-47561，影响 1.11.4 之前的所有软件版本。 Avro Java 软件开发工具包（SDK）是在 Java 应用程序中使用 Apache Avro 的工具包。Apache Avro 是作为 Apache Hadoop 项目的一部分开发的数据序列化框架。它为结构化数据的序列化提供了一种紧凑、快速和高效的方法，这使它在涉及大数据、流或分布式系统的应用中特别有用。 “Apache Avro 1.11.3 及以前版本的 Java SDK 中的模式分析允许恶意程序执行任意代码。建议用户升级到 1.11.4 或 1.12.0 版本，它们修复了这个问题。 该漏洞会影响任何允许用户提供自己的 Avro 模式进行解析的应用程序。 来自 Databricks security 的安全研究员 Kostya Kortchinsky 向 Avro 团队报告了这一漏洞。     转自安全客，原文链接：https://www.anquanke.com/post/id/300654 封面来源于网络，如有侵权请联系删除

A vulnerability was found in Adobe ColdFusion 6.1/7.0.1/7.0.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2007-0817. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Авиакомпания старается вернуть доверие клиентов и наказывает сотрудников.

Frontegg launched Flows, a journey-time orchestration capability that uses generative AI to simplify the creation of advanced customer identity processes. As growing businesses emerge from startup mode and enter scale-up mode, their user identities start to enter the thousands. In addition, managing workflows across multiple applications and often in various programming languages leads to inefficiencies, a high risk of errors, and prolonged development cycles. As a result, identity becomes fraught with business and security risks … More →

The post Frontegg Flows simplifies customer identity processes appeared first on Help Net Security.

The Appeals Centre Europe is supported by Meta’s Oversight Board Trust and certified by Ireland's media regulator

四川省公安厅基层基础工作总队发布通告，称因机房电路短路导致我省户政业务服务器发生故障，全省公安机关暂停办理户籍和身份证业务。

A vulnerability was found in libotr up to 4.1.0 on 64-bit. It has been rated as critical. Affected by this issue is some unknown functionality of the file proto.c of the component OTR Message Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-2851. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Как OneDrive и Dropbox стали главными инструментами фишинга?

A vulnerability was found in Adobe Dimension up to 4.0.3. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-45150. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Painter up to 10.0.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-20787. The attack can be initiated remotely. There is no exploit available.

Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

由 Cris Tomboc 和 King Orande 领导的 Trustwave 威胁情报团队最近发布了一份报告，公布了一种新发现的名为 Pronsis Loader 的恶意软件。该恶意软件于 2023 年 11 月首次出现，与 2024 年初出现的类似威胁 D3F@ck Loader 进行了比较。Pronsis Loader 的显著特点是它能发送 Lumma Stealer 和 Latrodectus 等恶意软件，给受害者带来巨大风险。发现其基础设施与 Lumma Stealer 相关联，凸显了这一不断演变的威胁的规模。 Pronsis Loader 与其他加载程序的不同之处在于它使用了 JPHP（一种 PHP 的 Java 实现）。“研究人员解释说：”两者都使用 JPHP 编译的可执行文件，因此很容易互换。不过，与使用 Inno Setup Installer 的 D3F@ck Loader 不同，Pronsis Loader 部署的是 Nullsoft Scriptable Install System（NSIS）。这种开源工具可以定制 Windows 安装程序，使 Pronsis Loader 在安装技术上具有明显优势。 Pronsis 加载器 Pronsis Loader 使用 NSIS | 图片： Trustwave 有趣的是，JPHP 在恶意软件开发者中并不广泛使用，这使得 Pronsis Loader 对这种语言的依赖偏离了典型的恶意软件环境。这种实现方式允许创建 .phb 文件，而使用传统的 Java 工具无法轻松反编译这些文件。尽管存在这种复杂性，但由于这些文件中存在 CAFEBABE 标头，威胁分析人员可以在提取后对其进行反编译，从而揭示其真实性质。 Pronsis Loader 的安装程序包含大量有效载荷，其中大部分由良性文件组成，旨在掩盖内嵌的恶意代码。据研究人员称，“安装程序的大部分内容由良性文件组成，旨在掩盖恶意文件”。这些文件被放入 %Temp% 目录，但其中隐藏着一个关键的可执行文件–FailWorker-Install.exe，它包含真正的恶意软件。 该可执行文件会触发一系列事件，通过 NSIS 插件调用 Nact.dll 文件来运行 JPHP 编译的加载程序。提取后，可以在 JPHP-INF 目录中找到主模块，其中 launcher.conf 文件指定了 app\modules 目录的初始 .bootstrap 文件。Pronsis Loader 的结构允许它从指定 URL 下载有效载荷，然后发送 Latrodectus 恶意软件。该恶意软件主要通过钓鱼邮件传播，与 IcedID 等其他已知威胁如出一辙。 Pronsis Loader 具有逃避检测的嵌入式功能。其中一种规避技术是通过隐藏在 MainForm.phb 文件中的 PowerShell 脚本实现的。这个编码脚本会禁用 Windows Defender 对用户配置文件目录的扫描，使恶意软件更容易运行而不被发现。“报告强调说：”这个 PowerShell 命令将被放置在一个批处理文件中，文件名为随机数字，并通过 cmd.exe 执行。 通过部署 Lumma Stealer 和 Latrodectus，进一步证明了 Pronsis Loader 提供多种有效载荷的能力。Latrodectus 于 2023 年 10 月首次被观察到，因其激进的感染技术而备受关注。受感染的机器会加载一系列批处理文件和可执行文件，以方便恶意软件的安装和持续运行。 在一个实例中，Latrodectus 通过一个名为 todaydatabase.zip 的文件发送，该文件将一个可执行文件放入 %Temp% 目录，启动了感染过程。安装完成后，Latrodectus 会使用计划任务来确保持久性，每 10 分钟运行一次，重新执行其恶意组件。此外，该恶意软件还创建了一个名为 runnung 的互斥程序来管理持续感染。 Pronsis Loader 的推出标志着 JPHP 作为恶意软件平台的使用发生了重大转变。通过利用 NSIS 安装程序和规避典型的安全协议，Pronsis Loader 对网络安全防御者提出了严峻的挑战。报告强调，这种加载器 “突出了它与 D3F@ck Loader 的相似之处，以及它在提供 Lumma Stealer 和 Latrodectus 作为主要有效载荷方面的作用”。     转自安全客，原文链接：https://www.anquanke.com/post/id/300658 封面来源于网络，如有侵权请联系删除

ИИ стал свидетелем самых сокровенных желаний пользователей.

Через несколько лет нам не придется ежедневно тратить по 8 часов жизни впустую.

Intel Microcode, a critical component of Intel CPUs, has been found to contain security vulnerabilities. These vulnerabilities could potentially allow attackers to gain unauthorized access to sensitive information or even crash systems.   Intel Microcode Vulnerabilities Fixed   Following two vulnerabilities have been identified in Intel Microcode, affecting some Intel processors.   CVE-2024-23984 This vulnerability […]

The post Extended Support for Ubuntu: Patch Intel Microcode Vulnerabilities appeared first on TuxCare.

The post Extended Support for Ubuntu: Patch Intel Microcode Vulnerabilities appeared first on Security Boulevard.

Edgio launched Premier Bot Manager, a next-generation bot management solution designed to protect enterprise applications against increasingly sophisticated automated threats. Premier Bot Manager introduces enhanced detection capabilities, AI-powered threat intelligence, and granular categorization of known and unknown bot attacks, providing organizations with comprehensive visibility and defense against bots including credential abusers, scrapers, and DDoS attackers. Building on the success of Edgio’s previous Advanced Bot Management solution that saw wide adoption upon its release, Premier Bot … More →

The post Edgio Premier Bot Manager detects, classifies and mitigates bot traffic appeared first on Help Net Security.

There has been a dramatic rise in e-commerce fraud as the increasing use of AI-generated deepfakes poses an unprecedented security challenge for online merchants.

The post AI-Driven eCommerce Fraud to Top $107 Billion by 2029 appeared first on Security Boulevard.

Crime Syndicates Too Powerful for Regional Governments to Police, UN Report Warns
Cybercrime syndicates across Southeast Asia have teamed up with human traffickers, money launderers and cryptocurrency services to build an increasingly effective cybercrime ecosystem that can survive law enforcement crackdowns, according to a new United Nations report.