Aggregator

A vulnerability has been found in Z-BlogPHP 1.7.3 and classified as problematic. This impacts an unknown function of the file \zb_users\theme\shell\template. The manipulation leads to code injection. This vulnerability is documented as CVE-2024-55529. The attack requires being on the local network. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Grocy up to 4.3.0. The affected element is an unknown function of the component Edit Profile Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2024-55074. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, was found in Pnetlab 5.3.11. Affected is an unknown function of the component URL Handler. Executing manipulation can lead to open redirect. This vulnerability appears as CVE-2024-51112. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in Pnetlab 5.3.11 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-51111. It is possible to initiate the attack remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 美国国务院通过“正义赏金”计划悬赏最高1000万美元，征集有关俄罗斯联邦安全局（FSB）官员帕维尔·亚历山德罗维奇·阿库洛夫（Pavel Aleksandrovich Akulov）、米哈伊尔·米哈伊洛维奇·加夫里洛夫（Mikhail Mikhailovich Gavrilov）和马拉特·瓦列里耶维奇·秋科夫（Marat Valeryevich Tyukov）的情报。这三人被指控入侵美国关键基础设施及全球超过500家能源企业。 指控称，这些FSB官员试图获取并维持“对美国及国际数百家能源企业的未授权持久访问权限，使俄罗斯政府能够破坏这些关键设施”。其攻击范围涵盖135个国家超过380家能源企业，包括石油天然气公司、电力电网运营商、核电站、可再生能源企业以及工程技术服务商。 这三名官员均隶属于FSB第16中心（又名“Dragonfly”、“Berzerk Bear”、“Energetic Bear”和“Crouching Yeti”）。美国司法部早在2021年8月就已对他们提起指控。 两阶段攻击行动 2012至2017年间，Dragonfly APT（高级持续性威胁）组织针对能源行业的工业控制系统（ICS）和监控与数据采集系统（SCADA）发起多轮攻击： 第一阶段（2012-2014）：行动代号“Dragonfly”或“Havex”，采用供应链攻击手段入侵OT网络系统制造商和软件供应商，部署“Havex”恶意植入程序。通过鱼叉式钓鱼和水坑攻击，在美国及海外超过17,000台设备上安装恶意软件，其中包括电力能源企业使用的ICS/SCADA控制器。 第二阶段（2014-2017）：升级为“Dragonfly 2.0”，集中针对500余家欧美能源企业和政府机构（包括美国核管理委员会）的3,300多名ICS/SCADA系统工程师发起定向攻击。 新型攻击手段曝光 2025年8月，FBI警告称俄罗斯关联黑客组织“Static Tundra”正在利用Cisco Smart Install（SMI）中未修复的漏洞（CVE-2018-0171，CVSS评分9.8）和简单网络管理协议（SNMP），攻击全球范围内的老旧网络设备。该漏洞允许攻击者远程执行任意代码或导致设备重启。 Static Tundra与FSB第16中心存在关联，十年来持续通过以下手段实施网络间谍活动： 利用过时协议（SMI、SNMP v1/v2） 部署定制化工具如Cisco “SYNful Knock”恶意固件 建立GRE隧道实现隐蔽通信 窃取数千台美国关键基础设施设备的配置数据 思科Talos团队报告显示，该组织主要针对北美、亚洲、非洲和欧洲的电信、高等教育和制造领域机构，受害者选择标准取决于其对俄罗斯政府的战略价值。 SYNful Knock作为模块化路由器后门，自2015年被Mandiant首次披露以来，持续为攻击者提供持久化访问和情报收集能力。       消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章描述了GitHub显示错误代码521的情况,指出该错误通常由Cloudflare未能及时连接到服务器引起,常见于网络延迟或服务器问题,建议等待或检查网络后再尝试访问。

该 subreddit 专注于数字取证领域，涉及从各种数字设备中恢复和调查材料。用户询问如何高效处理大规模法律保留笔记本电脑的收集工作，并寻求自动化或简化流程的方法。

A vulnerability has been found in Google Android 10.0/11.0/12.0/13.0 and classified as problematic. The impacted element is the function run of the file ChooseTypeAndAccountActivity.java. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2023-20944. Local access is required to approach this attack. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Google Android 10.0 and classified as critical. This affects the function phNciNfc_MfCreateXchgDataHdr of the file phNxpExtns_MifareStd.cpp. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2023-20945. The attack needs to be approached locally. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability, which was classified as critical, was found in Google Android 10.0/11.0/12.0/13.0. The affected element is the function clearApplicationUserData of the file ActivityManagerService.java. Executing manipulation can lead to path traversal. This vulnerability is handled as CVE-2023-20943. It is possible to launch the attack on the local host. There is not any exploit available. A patch should be applied to remediate this issue.

HackerNews 编译，转载请注明出处： 网络安全研究人员警告，海康威视HikCentral软件中存在三个漏洞，该软件是广泛应用于视频监控、门禁控制和集成安全运营的集中管理平台。 这三个漏洞分别是： CVE-2025-39245（基础评分4.7）：部分HikCentral Master Lite版本存在CSV注入漏洞，攻击者可通过恶意CSV数据注入可执行命令。 CVE-2025-39246（基础评分5.3）：部分HikCentral FocSign版本存在未加引号的服务路径漏洞，已认证用户可能通过本地访问实现权限提升。 CVE-2025-39247（基础评分8.6）：部分HikCentral Professional版本存在访问控制漏洞，未认证用户可获取管理员权限。 其中，CVE-2025-39247被评定为高风险等级，它允许未经任何认证的用户完全接管HikCentral Professional系统。当攻击者甚至无需登录即可提升其权限时，他们实质上就掌控了整个环境。这为操纵配置、篡改日志甚至关闭关键监控功能开辟了直接路径。 HikCentral是许多组织安全基础设施的核心。公司依赖它来管理监控摄像头、控制建筑物出入并将来自多个设备的数据集成到一个统一的平台中。攻击者可以利用此权限提升漏洞接管这些功能。一旦攻击者提升了权限，他们就可以以管理员身份操作、安装恶意软件、创建隐藏账户或窃取敏感信息。想象一下这样的场景：攻击者在物理入侵期间关闭摄像头、解锁受限门禁或修改审计日志以隐藏证据。这种场景对受影响组织的安全和业务连续性构成了严重威胁。 受影响的版本及修复版本如下： 产品名称 CVE 编号 受影响版本 修复版本 HikCentral Master Lite CVE-2025-39245 V2.2.1 至 V2.3.2 V2.4.0 HikCentral FocSign CVE-2025-39246 V1.4.0 至 V2.2.0 V2.3.0 HikCentral Professional CVE-2025-39247 V2.3.1 至 V2.6.2 及 V3.0.0 V2.6.3/V3.0.1 运行这些版本的组织应将此披露视为一个警示。 就HikCentral而言，风险更高是因为攻击者甚至无需先进行身份验证。他们可以匿名访问系统，利用该漏洞，并立即获得提升的控制权。这种绕过行为削弱了对标准认证过程的所有信任。 厂商已发布修复指南，最好的应对措施是立即应用更新。HikCentral管理员应： 在应用更新的同时加固环境：限制系统的外部暴露。 检查其部署的版本号：如果版本处于受影响范围内，则需要关注。 下载并安装海康威视在其官方安全公告中提供的最新补丁。       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

错误代码521通常由Cloudflare网络连接问题引起，常见于服务器配置错误或网络中断。解决方法包括检查DNS设置、联系ISP或使用备用DNS服务。

黄金暴涨下的网络暗战：UTG-Q-010组织供应链攻击直插香港金融心脏；Lazarus子组织使用三种RAT针对金融和加密货币领域；APT29通过仿冒网站获取目标的微软设备代码认证；APT37 针对韩国的大规模鱼叉式钓鱼攻击

近期公开了一起供应链攻击，攻击者通过入侵Salesloft的Drift窃取OAuth令牌，成功获取多家顶级网络安全公司Salesforce实例的访问权限。这次攻击被归因于威胁组织GRUB1（UNC6395），与ShinyHunters有关联

当前环境出现异常，需完成验证后方可继续访问。

当前环境出现异常问题,需完成验证后才能继续访问。

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.103/6.6.44/6.10.3. This affects the function ip6table_nat_table_init of the component iptables. Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2024-42269. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.103/6.6.44/6.10.3. This impacts the function iptable_nat_table_init of the component iptables. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2024-42270. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.3. The impacted element is the function cow_file_range_inline of the file fs/btrfs/subpage.c. The manipulation leads to unchecked return value. This vulnerability is traded as CVE-2024-42266. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.103/6.6.44/6.10.3. It has been classified as critical. This vulnerability affects the function mm_fault_error. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-42267. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.