Aggregator

CVE-2008-4529 | asiCMS 0.208 MemCached Association.php _ENV[asicms][path] code injection (EDB-6685 / XFDB-45684)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in asiCMS 0.208. It has been declared as critical. This vulnerability affects unknown code of the file Association.php of the component MemCached. The manipulation of the argument _ENV[asicms][path] leads to code injection. This vulnerability was named CVE-2008-4529. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-4490 | phpAbook 0.8.4b/0.8.6b/0.8.7b/0.8.8b config.inc.php path traversal (EDB-6679 / XFDB-45680)

Vuldb Updates
2 months 2 weeks ago
A vulnerability classified as problematic has been found in phpAbook 0.8.4b/0.8.6b/0.8.7b/0.8.8b. This affects an unknown part of the file config.inc.php. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2008-4490. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-4521 | PHP-Fusion World Of Warcraft Tracker Infusion Module 2.0 thisraidprogress.php INFO_RAID_ID sql injection (EDB-6682 / XFDB-45675)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in PHP-Fusion World Of Warcraft Tracker Infusion Module 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file thisraidprogress.php. The manipulation of the argument INFO_RAID_ID leads to sql injection. This vulnerability is handled as CVE-2008-4521. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-4518 | Fastpublish CMS 1.9.9.9.9d/1.9999d index2.php artikel sql injection (EDB-6678 / XFDB-45671)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Fastpublish CMS 1.9.9.9.9d/1.9999d and classified as critical. This issue affects some unknown processing of the file index2.php. The manipulation of the argument artikel leads to sql injection. The identification of this vulnerability is CVE-2008-4518. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-4519 | Fastpublish CMS 1.9.9.9.9d/1.9999d index2.php target path traversal (EDB-6678 / XFDB-45673)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Fastpublish CMS 1.9.9.9.9d/1.9999d. It has been classified as critical. Affected is an unknown function of the file index2.php. The manipulation of the argument target leads to path traversal. This vulnerability is traded as CVE-2008-4519. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2015-2854 | Blue Coat SSL Visibility Appliance up to 3.8.3 WebUI input validation (VU#498348 / XFDB-103491)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Blue Coat SSL Visibility Appliance up to 3.8.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component WebUI. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2015-2854. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

野蛮fuzz:快照与代码覆盖率

不安全
2 months 2 weeks ago
一介绍上次我们写博客时,我们有一个简单的模糊测试器,它会测试一个故意有漏洞的程序,该程序会对文件进行一些检查,如果输入文件通过了检查,它会继续进行下一个检查,如果输入通过了所有检查,程序就会发生段错误

Check Point Research 揭露2024 年第三季度品牌网络钓鱼趋势

嘶吼
2 months 2 weeks ago

2024 年 11月,领先的云端 AI 网络安全平台提供商 Check Point® 软件技术有限公司(纳斯达克股票代码:CHKP)的威胁情报部门 Check Point Research (CPR) 发布了其最新的 2024 年第三季度品牌网络钓鱼排行榜。本报告揭示了网络犯罪分子在企图诱骗和窃取个人信息或支付凭证时最常冒充的品牌,强调了网络钓鱼攻击在当今数字化环境中持续构成风险。

 

在第三季度,Microsoft 仍是最常被冒充的品牌,在所有品牌网络钓鱼攻击中占比 61%。Apple 蝉联第二,占比 12%;谷歌跃居第三,占比 7%。此外,阿里巴巴首次进入前十榜单,列居第七;Adobe 重返排行榜,位列第八,这是它自 2022 年第二季度以来首次上榜。技术行业仍是最常被冒充的行业,其次是社交网络和银行业,这说明主要在线服务提供商时刻不能放松警惕。

 

Check Point 软件技术公司数据事业部经理 Omer Dembinsky 指出:“网络钓鱼攻击持续肆虐表明,大家亟需提高安全意识并增强安全措施。用户必须保持警惕,核实电子邮件来源,避免点击可疑链接,并采用多重身份验证 (MFA) 来保护其个人和财务信息免受网络威胁。”

 

主要网络钓鱼品牌

 

以下是 2024 年第三季度按照在网络钓鱼攻击中的总出现率进行排名的十大最常被冒充的品牌:

1. Microsoft - 61%

2. Apple - 12%

3. 谷歌 - 7%

4. Facebook - 3%

5. WhatsApp - 1.2%

6. Amazon - 1.2%

7. 阿里巴巴 - 1.1%

8. Adobe - 0.8%

9. Twitter - 0.8%

10. 阿迪达斯 - 0.6%

针对 WhatsApp 用户的网络钓鱼骗局

经确认,一个新的网络钓鱼网站 whatsapp-io.com 对 WhatsApp 用户构成了严重威胁。该网站现已无法访问,其设计模仿了 WhatsApp 安全中心。它打着解决账户异常问题的幌子引诱用户输入个人信息,包括电话号码和所在国家或地区。该网站背后是一场大规模欺诈活动。在同一时间段内,还有多个类似的域名被注册和曝光,例如 whatsapp-as.com、whatsapp-ia.com 及 whatsapp-li.com。

 


阿里巴巴仿冒攻击

另一起值得关注的案例是恶意网络钓鱼网站 alibabashopvip\.com 冒充阿里巴巴电子商务零售品牌,该网站使用越南语,意在通过模仿阿里巴巴官方品牌和提供假冒产品来欺骗用户,诱使访客登录或注册,进而窃取其个人信息和付款信息。值得注意的是,阿里巴巴在本季度首次进入前十榜单。

 

随着针对知名品牌的网络钓鱼攻击日益增多,用户必须及时了解最新动态并积极采取在线安全防护措施,确保设备配有最新的安全软件,并对未经请求的通信保持警惕,从而显著降低遭受网络攻击的风险。 

Check Point

Mobile Security Framework (MobSF): Automated mobile application pen-testing framework

Penetration Testing Tools - Metepreter.org
2 months 2 weeks ago

Mobile Security Framework Mobile Security Framework (MobSF) is an intelligent, all-in-one open-source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security...

The post Mobile Security Framework (MobSF): Automated mobile application pen-testing framework appeared first on Penetration Testing Tools.

ddos

Managed ad