The Linux Lite 7.6 distribution, developed in New Zealand, has been released. Built on Ubuntu 24.04.3 and powered
The post Linux Lite 7.6 Is Here: A Lightweight OS That’s a Great Windows Alternative appeared first on Penetration Testing Tools.
Researchers at Eclypsium have recorded a sharp increase in scanning activity targeting outdated and long-abandoned network equipment. The
The post Obsolete Hardware Is a Hacker’s Dream and Your Worst Nightmare appeared first on Penetration Testing Tools.
Artificial intelligence systems have often been criticized for producing convoluted vulnerability reports and overwhelming open-source developers with irrelevant
The post This New AI Bot Discovered 104 Zero-Day Flaws in Android Apps appeared first on Penetration Testing Tools.
Cybercriminals have launched a new wave of attacks that employ SVG files as carriers for phishing pages. According
The post Anatomy of a Phishing Attack: How Hackers Are Weaponizing SVG Files appeared first on Penetration Testing Tools.
The world’s largest chess platform, Chess.com, has notified thousands of users of a compromise of their personal data
The post Chess.com Data Breach: Third-Party Vendor Compromise Exposes User Data appeared first on Penetration Testing Tools.
You must login to view this content
Developers eager to write Windows drivers in Rust now have more tools and examples at their disposal—yet full-scale
The post Rust for Windows Drivers: A Major Step Forward, But Not for Production Yet appeared first on Penetration Testing Tools.
The August Windows security update has unexpectedly turned into a major headache for administrators. At the heart of
The post Windows Update Fixes Vulnerability, But Breaks Apps for Standard Users appeared first on Penetration Testing Tools.
The Japanese tire manufacturer Bridgestone has announced an investigation into a cybersecurity incident in North America that disrupted
The post Cyberattack Disrupts Bridgestone’s North American Operations appeared first on Penetration Testing Tools.
TP-Link has confirmed the existence of a new zero-day vulnerability affecting several of its router models. The flaw
The post Warning: Zero-Day Flaw in TP-Link Routers Puts Users at Risk appeared first on Penetration Testing Tools.
Generative AI is showing up everywhere in the enterprise, from customer service chatbots to marketing campaigns. It promises speed and innovation, but it also brings new and unfamiliar security risks. As companies rush to adopt these tools, many are discovering that their data protection strategies are not ready for the challenges AI creates. The 2025 Thales Data Threat Report, based on a survey of more than 3,000 IT and security professionals, highlights how quickly AI … More →
The post AI moves fast, but data security must move faster appeared first on Help Net Security.
In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. The hosts discuss […]
The post Salesforce Under Fire: The Salesloft Drift Supply-Chain Breach appeared first on Shared Security Podcast.
The post Salesforce Under Fire: The Salesloft Drift Supply-Chain Breach appeared first on Security Boulevard.
安全研究人员发现,攻击者近期正利用Sitecore遗留中的一个零日漏洞,部署名为WeepSteel的侦察恶意软件。
该漏洞编号为CVE-2025-53690,是一种ViewState反序列化漏洞,其成因是2017年前的Sitecore官方指南中包含了一个ASP.NET机器密钥示例。部分客户在生产环境中复用了该密钥,这使得掌握该密钥的攻击者能够构造有效的恶意“_VIEWSTATE”有效载荷,对这些载荷进行反序列化并执行,最终导致远程代码执行(RCE)。
需要明确的是,该漏洞并非ASP.NET本身的问题,而是因复用公开文档中,本不应用于生产环境的密钥所导致的配置错误漏洞。
漏洞利用活动详情
Mandiant研究人员在野外发现了相关恶意活动,他们报告称,攻击者正利用该漏洞实施多阶段攻击。具体流程如下:
1. 初始入侵:攻击者瞄准“/sitecore/blocked.aspx”端点(该端点包含无需身份验证的ViewState字段),借助CVE-2025-53690漏洞,以IIS网络服务(NETWORK SERVICE)账户权限实现远程代码执行。
2. 植入侦察工具:攻击者投放的恶意有效载荷为WeepSteel——这是一款侦察型后门程序,可收集系统、进程、磁盘及网络信息,并将数据窃取行为伪装成标准的ViewState响应。
WeepSteel的信息收集
Mandiant观察到,攻击者在被攻陷环境中执行了多项侦察命令,包括whoami(查看当前用户)、hostname(查看主机名)、tasklist(查看进程列表)、ipconfig /all(查看网络配置)以及netstat -ano(查看网络连接)。
3. 部署后续工具:在攻击的下一阶段,黑客部署了Earthworm(网络隧道与反向SOCKS代理工具)、Dwagent(远程访问工具)以及7-Zip(用于将窃取的数据压缩归档)。
4. 权限提升与持久化:随后,攻击者通过创建本地管理员账户(如“asp$”“sawadmin”)、转储缓存凭证(SAM与SYSTEM注册表 hive)、借助GoTokenTheft工具尝试令牌伪造等方式提升权限;并通过禁用这些账户的密码过期功能、授予远程桌面(RDP)访问权限、将Dwagent注册为系统(SYSTEM)服务等手段,实现持久化控制。
攻击生命周期
针对CVE-2025-53690漏洞建议
CVE-2025-53690漏洞影响Sitecore Experience Manager(XM)、Experience Platform(XP)、Experience Commerce(XC)及Managed Cloud产品,且仅当这些产品(最高版本9.0)使用2017年前文档中包含的ASP.NET机器密钥示例进行部署时才会受影响。
XM Cloud、Content Hub、CDP、Personalize、OrderCloud、Storefront、Send、Discover、Search及Commerce Server等产品不受此漏洞影响。
Sitecore已协同Mandiant的报告发布安全公告,警示使用静态机器密钥的多实例部署同样面临风险。针对可能受影响的管理员,建议采取以下措施:
1. 立即将web.config中所有静态值替换为新的唯一密钥;
2. 确保web.config中的元素已加密;
3. 作为常规安全措施,建议定期轮换静态机器密钥。
Researchers from the School of Computer Science at Carnegie Mellon University have unveiled the results of a large-scale
The post GitHub’s Star System Is Corrupted: Millions of Stars Are Fake appeared first on Penetration Testing Tools.