Aggregator

1. RansomHub勒索团伙公布新的受害公司 2. Cactus公布了新的受害公司 3. Qilin勒索团伙公布受害公司数据

1. RansomHub勒索团伙公布新的受害公司 2. Cactus公布了新的受害公司 3. Qilin勒索团伙公布受害公司数据

总结推荐本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

HackerNews 编译，转载请注明出处： 英国工程巨头 IMI 周四向伦敦证券交易所（LSE）提交了一份简短通知，称其成为了网络攻击的受害者。 “[IMI] 目前正在应对一起涉及公司系统未经授权访问的网络安全事件，”该公司向 LSE 表示。 该公司尚未透露其面临的事件类型，但表示已聘请外部网络安全专家进行调查并控制攻击。 “与此同时，公司正在采取必要措施以遵守监管义务，”IMI 说。 这家工程巨头表示，将在适当的时候提供更多信息，并在回复 SecurityWeek 的询问时拒绝透露有关事件性质和影响的进一步细节。 此次攻击的披露大约是在另一家英国工程公司史密斯集团（Smiths Group）披露影响其某些系统的网络攻击一周后。 “我们目前正在进行一起涉及系统未经授权访问的网络事件。我们一旦意识到这一活动，就迅速隔离了受影响的系统并启动了业务连续性计划，”史密斯集团上周表示。 目前尚不清楚这两起攻击中是否使用了勒索软件，以及黑客是否试图对这两家工程巨头进行敲诈。SecurityWeek 尚未看到任何已知的勒索软件组织声称对这些事件负责。   消息来源：Security Week, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Kyocera/UTAX-TA/Olivetti Mobile Print up to 3.2.0.230119 on Android. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of resource. This vulnerability is known as CVE-2023-25954. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Zoho ManageEngine ADManager Plus. This affects the function ChangePasswordAction. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2023-29084. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in TigerGraph Enterprise Free Edition 3.x. This vulnerability affects the function gsql_server. The manipulation leads to permission issues. This vulnerability was named CVE-2023-22950. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in lmxcms 1.4.1. This issue affects some unknown processing of the file index.php. The manipulation of the argument setbook leads to sql injection. The identification of this vulnerability is CVE-2023-29598. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in AM Presencia 3.7.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Login Form. The manipulation of the argument user leads to sql injection. This vulnerability is known as CVE-2023-27779. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in MZ Automation libiec61850 1.5.1 and classified as critical. Affected by this issue is the function ControlObjectClient_setOrigin of the file /client/client_control.c. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2023-27772. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Dmidecode up to 3.4. It has been classified as problematic. This affects an unknown part of the component dump-bin. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2023-30630. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in TigerGraph Enterprise Free Edition 3.x. Affected by this issue is some unknown functionality of the component SSH Private Key Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-22948. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Talend Data Catalog 7.3-20210930/8.0-20220907. This issue affects some unknown processing of the file /MIMBWebServices/license. The manipulation leads to xml external entity reference. The identification of this vulnerability is CVE-2023-26263. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zoho ManageEngine ADManager Plus up to 7180. It has been classified as critical. Affected is an unknown function of the component Proxy Setting Handler. The manipulation leads to command injection. This vulnerability is traded as CVE-2023-29084. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Talend Data Catalog 7.3-20210930. This vulnerability affects unknown code of the component License Parser. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2023-26264. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Web指纹识别是网络安全攻防的关键技术，本文解析指纹识别技术现状，剖析Wappalyzer等主流工具，并展望AI大模型驱动的未知资产识别，助力企业精准防护，提升安全能力

Web指纹识别是网络安全攻防的关键技术，本文解析指纹识别技术现状，剖析Wappalyzer等主流工具，并展望AI大模型驱动的未知资产识别，助力企业精准防护，提升安全能力

HackerNews 编译，转载请注明出处：   一项针对DeepSeek苹果iOS版移动应用的最新审计发现，该应用存在严重安全漏洞，最主要的问题是其在网络传输过程中未对敏感数据进行加密，可能导致数据被拦截或篡改，带来安全隐患。   此次评估由网络安全公司NowSecure进行，审计结果显示，DeepSeek应用不仅未遵循最佳安全实践，还收集了大量用户和设备数据。   “DeepSeek iOS应用在互联网传输部分注册信息和设备数据时未进行加密，”NowSecure指出，“这使得这些数据在网络流量中暴露于被动和主动攻击之下。”   进一步拆解分析表明，该应用在用户数据加密方面存在多个安全漏洞，包括使用不安全的对称加密算法（3DES）、硬编码的加密密钥以及重复使用初始化向量（IV），增加了数据泄露的风险。   此外，DeepSeek的数据传输至由字节跳动旗下云计算和存储平台Volcano Engine管理的服务器，而字节跳动正是TikTok的母公司。   “DeepSeek iOS应用完全禁用了iOS平台级别的安全防护机制——App Transport Security（ATS），该机制旨在防止敏感数据通过未加密渠道传输。”NowSecure警告称，“由于该防护被关闭，应用会在互联网上传输未加密的数据。”   这一发现进一步加剧了外界对该人工智能（AI）聊天机器人服务的担忧。尽管DeepSeek在多个市场迅速登顶iOS和Android应用商店榜单，但其安全性问题仍然备受争议。   网络安全公司Check Point的报告显示，黑客正利用DeepSeek的AI引擎，以及阿里巴巴Qwen和OpenAI ChatGPT，开发信息窃取工具、生成不受限制的内容，并优化大规模垃圾信息分发的脚本。   “随着攻击者运用越狱等高级技术绕过防护措施，开发信息窃取软件、进行金融诈骗和垃圾邮件分发，企业亟需实施主动防御措施，以应对AI技术被滥用带来的安全威胁。”Check Point表示。   本周早些时候，美联社披露，DeepSeek官方网站将用户登录信息发送至中国移动，而该公司已被美国政府禁止在美运营。   与TikTok类似，DeepSeek的中国背景引发美国政界担忧，部分议员正推动在政府设备上全面禁用该应用，理由是其可能向中国政府提供用户数据。   值得注意的是，澳大利亚、意大利、荷兰、台湾和韩国等多个国家，以及印度和美国的政府机构（包括国会、NASA、海军、五角大楼和德州政府）均已禁止在政府设备上使用DeepSeek。   与此同时，DeepSeek的迅速走红也让其成为恶意攻击的目标。中国网络安全公司XLab向《环球时报》透露，该应用上月底遭遇了持续性的分布式拒绝服务（DDoS）攻击，攻击源包括Mirai僵尸网络hailBot和RapperBot。   此外，网络犯罪分子也在利用DeepSeek的热度设立仿冒页面，传播恶意软件、虚假投资骗局和加密货币诈骗，进一步加剧了该应用面临的安全风险。   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Zeroboard 4.1 Pl2. It has been classified as critical. This affects an unknown part. The manipulation of the argument _zb_path leads to improper privilege management. This vulnerability is uniquely identified as CVE-2002-1704. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Apple tvOS. Affected by this issue is some unknown functionality of the component Web Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-24166. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.