Aggregator

CVE-2023-20645 | MediaTek MT8797 ril out-of-bounds (ALPS07628609 / EUVD-2023-24824)

Vuldb Updates
3 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in MediaTek MT6739, MT6761, MT6762, MT6763, MT6765, MT6769, MT6771, MT6779, MT6785, MT6789, MT6873, MT6875, MT6877, MT6879, MT6895, MT6983, MT8791, MT8791T and MT8797. This issue affects some unknown processing of the component ril. The manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2023-20645. The attack can only be performed from a local environment. No exploit is available. It is suggested to install a patch to address this issue.
vuldb.com

恶意 Nx 包泄露 2349 项 GitHub、云服务及 AI 凭证​

HackerNews
3 months 2 weeks ago
HackerNews 编译,转载请注明出处: nx构建系统的维护者已向用户发出供应链攻击警报,此次攻击导致恶意版本的流行npm软件包及具有数据收集功能的辅助插件被发布。 维护者在周三发布的公告中表示:“恶意版本的nx软件包以及一些辅助插件包被发布到npm,其中包含扫描文件系统、收集凭证并将其作为用户账户下的仓库发布到GitHub的代码。” Nx是一个开源、与技术无关的构建平台,旨在管理代码库。它被宣传为“AI优先的构建平台,将从编辑器到CI(持续集成)的一切连接起来”。该npm软件包每周下载量超过350万次。 受影响软件包及版本列表如下。这些版本现已从npm注册表中移除。nx软件包的入侵发生在2025年8月26日。 nx 21.5.0, 20.9.0, 20.10.0, 21.6.0, 20.11.0, 21.7.0, 21.8.0, 20.12.0 @nx/devkit 21.5.0, 20.9.0 @nx/enterprise-cloud 3.2.0 @nx/eslint 21.5.0 @nx/js 21.5.0, 20.9.0 @nx/key 3.2.0 @nx/node 21.5.0, 20.9.0 @nx/workspace 21.5.0, 20.9.0 项目维护者表示,问题的根本原因源于2025年8月21日添加的一个存在漏洞的工作流程,该流程引入了使用特别制作的拉取请求(PR)标题来注入可执行代码的能力。虽然在该工作流程被发现在恶意环境中可利用后,“master”分支中的流程“几乎立即”被恢复,但评估认为威胁行为者针对仍包含该工作流程的过时分支发起了PR以发动攻击。 nx团队表示:“pull_request_target触发器被用作一种方式,在PR创建或修改时触发操作运行。然而,被忽略的是警告信息:与标准的pull_request触发器不同,此触发器以提升的权限运行工作流程,包括具有读/写仓库权限的GITHUB_TOKEN。” 据信,GITHUB_TOKEN被用来触发“publish”工作流程,该流程负责使用npm令牌将nx软件包发布到注册表。 但由于PR验证工作流程以提升的权限运行,“publish工作流程”在“nrwl/nx”仓库上被触发运行,同时引入了恶意更改,使得将npm令牌外泄到攻击者控制的webhook[.]site端点成为可能。 nx团队解释说:“作为bash注入的一部分,PR验证工作流程触发了publish.yml的运行,并附带此恶意提交,将我们的npm令牌发送到一个陌生的webhook。我们相信这就是攻击者获取用于发布恶意版本nx的npm令牌的方式。” 换句话说,如果提交了恶意的PR标题,注入漏洞就能实现任意命令执行,而pull_request_target触发器则通过提供具有仓库读/写权限的GITHUB_TOKEN来授予提升的权限。 这些恶意版本的软件包中被发现包含一个安装后脚本(postinstall script),该脚本在软件包安装后被激活,用于扫描系统以查找文本文件、收集凭证,并将详细信息作为Base64编码的字符串发送到用户账户下包含名称“s1ngularity”的公开可访问的GitHub仓库。 维护者补充说:“恶意安装后脚本还修改了.zshrc和.bashrc文件(这些文件在终端启动时运行),以包含sudo命令,该命令会提示用户输入系统密码,如果提供,将立即关闭机器。” 尽管GitHub已开始归档这些仓库,但遇到这些仓库的用户仍应假设已遭入侵,并轮换GitHub和npm的凭证及令牌。还建议用户停止使用恶意软件包,并检查.zshrc和.bashrc文件中的任何不熟悉的指令并将其删除。 nx团队表示,他们还采取了补救措施,包括轮换其npm和GitHub令牌、审计组织内所有GitHub和npm活动以查找可疑活动,以及更新nx的发布访问权限以要求双因素认证(2FA)或自动化。 Wiz研究人员Merav Bar和Rami McCarthy表示,超过1000个被泄露的GitHub令牌中,有90%仍然有效,还有数十个有效的云凭证和npm令牌。据称,恶意软件通常在开发者机器上运行,通常是通过nx Visual Studio Code扩展。GitGuardian检测到多达1346个包含“s1ngularity-repository”字符串的仓库。 在2349个不同的被泄露秘密中,绝大多数是GitHub OAuth密钥和个人访问令牌(PAT),其次是Google AI、OpenAI、Amazon Web Services、OpenRouter、Anthropic Claude、PostgreSQL和Datadog的API密钥和凭证。 云安全公司发现,该有效负载仅能在Linux和macOS系统上运行,会系统性地搜索敏感文件并提取凭证、SSH密钥和.gitconfig文件。 该公司表示:“值得注意的是,该活动通过使用危险标志提示已安装的AI CLI工具来窃取文件系统内容,利用受信任的工具进行恶意侦察。” StepSecurity表示,此事件是首例已知的攻击者将开发者AI助手(如Claude、Google Gemini和Amazon Q)转变为供应链利用工具并绕过传统安全边界的案例。 Socket表示:“在作用域nx软件包中的恶意软件与nx软件包中的恶意软件之间存在一些差异。首先,AI提示不同。在这些软件包中,AI提示更基本一些。这个LLM提示的范围也远没有那么广泛,主要针对加密钱包密钥和秘密模式以及特定目录,而@nx中的提示则会抓取任何有趣的文本文件。” Aikido的Charlie Eriksen表示,使用LLM客户端作为枚举受害机器上秘密的载体是一种新颖的方法,并为防御者提供了关于攻击者未来可能方向的洞察。 StepSecurity的Ashish Kurmi说:“鉴于nx生态系统的流行度以及AI工具滥用的新颖性,此事件凸显了供应链攻击不断演变的复杂性。对于任何安装了受感染版本的用户来说,立即采取补救措施至关重要。”       消息来源: thehackernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

CVE-2002-2276 | Ultimate PHP Board UPB 1.0 Error Message add.php Path information disclosure (Nessus ID 12198 / ID 10925)

Vuldb Updates
3 months 2 weeks ago
A vulnerability identified as problematic has been detected in Ultimate PHP Board UPB 1.0. The impacted element is an unknown function of the file add.php of the component Error Message Handler. Performing manipulation results in information disclosure (Path). This vulnerability is reported as CVE-2002-2276. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2002-2272 | Apache Tomcat up to 4.1.12 mod_jk Transfer-Encoding memory corruption (EDB-22068 / Nessus ID 11519)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Apache Tomcat up to 4.1.12. It has been classified as problematic. This vulnerability affects unknown code of the component mod_jk. The manipulation of the argument Transfer-Encoding leads to memory corruption. This vulnerability is listed as CVE-2002-2272. The attack may be initiated remotely. In addition, an exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2002-2287 | phpBB Advanced Quick Reply Hack 1.0.0/1.1.0 quick_reply.php phpbb_root_path code injection (EDB-22017 / ID 10900)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in phpBB Advanced Quick Reply Hack 1.0.0/1.1.0. It has been declared as critical. The impacted element is an unknown function of the file quick_reply.php. Such manipulation of the argument phpbb_root_path leads to code injection. This vulnerability is listed as CVE-2002-2287. The attack may be performed from a remote location. In addition, an exploit is available.
vuldb.com

CVE-2002-2288 | Mambo Site Server 4.0.11 Error Message index.php Path information disclosure (EDB-22087 / ID 10934)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Mambo Site Server 4.0.11. It has been rated as problematic. This affects an unknown function of the file index.php of the component Error Message Handler. Performing manipulation results in information disclosure (Path). This vulnerability is cataloged as CVE-2002-2288. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

加密货币公司冻结 4700 万美元的浪漫诱饵基金

HackerNews
3 months 2 weeks ago
HackerNews 编译,转载请注明出处: 多家加密货币公司联合行动,成功阻止了通过“浪漫诱骗”诈骗手段窃取的近5000万美元资金落入犯罪分子手中。 区块链分析公司Chainalysis表示,其与加密货币交易所Binance、OKX以及稳定币公司Tether合作,查封了这笔资金。Chainalysis利用其调查工具,识别出与东南亚某“浪漫诱骗”组织相关的数个地址。 这类骗局通常结合情感欺骗和投资欺诈:诈骗者在约会网站上寻找目标人群,通过建立信任进行“情感培养”,随后说服受害者参与某种虚假的投资骗局。 Chainalysis识别出诈骗者用于接收来自数百个受害者钱包付款的五个钱包——其中一些钱包在2022年11月至2023年7月期间发送了超过100万美元。 Chainalysis解释称:“资金转移后,诈骗者将所得收益发送至一个归集钱包,该钱包又将4690万美元的USDT(Tether)转移到三个中间地址。随后,这些资金又流向了五个不同的钱包。” Tether随后将调查结果分享给一家亚太地区的执法机构,并应其要求于2024年6月冻结了资金。目前尚不清楚为何时隔较久才公开此次行动。 Tether首席执行官Paolo Ardoino告诉Chainalysis:“与以太币和比特币等其他加密货币不同,Tether拥有冻结已知非法资金的技术能力。我们致力于与全球执法机构合作,冻结与‘杀猪盘’诈骗及各种非法活动相关的资金,最终目标是为受害者挽回损失。” 然而,这并非首次此类行动。2023年11月,Tether和OKX曾宣布与美国司法部(DOJ)合作,冻结了约2.25亿美元的USDT,这些资金与东南亚一个涉及浪漫骗局的国际人口贩卖集团有关。 “浪漫诱骗”呈上升趋势 “浪漫诱骗”正成为网络犯罪分子日益猖獗的牟利手段。Chainalysis二月份的一份报告显示,2024年与此相关的损失同比增长了40%,占加密货币诈骗总金额的三分之一。 报告还指出,2024年,“浪漫诱骗”诈骗者接收的存款数量同比增长了210%,表明受害者数量在不断增长。 今年三月,美国当局和区块链分析公司TRM Labs宣布,他们已查封了正准备流向“浪漫诱骗”诈骗者的820万美元资金。 此类犯罪通常由东南亚大型诈骗园区内遭受人口贩卖、失去自由的人员实施。根据Chainalysis的说法,Huione Guarantee等在线市场也为这种犯罪提供了便利,该市场自2021年以来已处理了超过490亿美元的加密货币交易。       消息来源: infosecurity-magazine; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Weaponized ScreenConnect RMM Tool Tricks Users into Downloading Xworm RAT

Cyber Security News
3 months 2 weeks ago

In a sophisticated campaign uncovered during a recent Advanced Continual Threat Hunt (ACTH) by Trustwave’s SpiderLabs team, threat actors weaponized a legitimate remote management tool, ScreenConnect, to deploy the Xworm Remote Access Trojan (RAT) through a deceptive, multi-stage infection chain. By abusing fake AI-themed content and manipulating digital signatures, the attackers bypassed Endpoint Detection and […]

The post Weaponized ScreenConnect RMM Tool Tricks Users into Downloading Xworm RAT appeared first on Cyber Security News.

Guru Baran

CVE-2024-36899 | Linux Kernel up to 6.6.30/6.8.9 cdev gpio_chrdev_release use after free (95ca7c90eaf5/ca710b5f40b8/02f6b0e1ec7e / Nessus ID 207776)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.6.30/6.8.9 and classified as critical. This affects the function gpio_chrdev_release of the component cdev. Such manipulation leads to use after free. This vulnerability is listed as CVE-2024-36899. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2024-36898 | Linux Kernel up to 6.1.90/6.6.30/6.8.9 gpiolib allocation of resources (Nessus ID 209785 / WID-SEC-2024-1259)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.1.90/6.6.30/6.8.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the component gpiolib. Executing manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2024-36898. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2024-36900 | Linux Kernel up to 6.1.90/6.6.30/6.8.9 hns3 initialization (Nessus ID 209785 / WID-SEC-2024-1259)

Vuldb Updates
3 months 2 weeks ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.90/6.6.30/6.8.9. Affected is an unknown function of the component hns3. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2024-36900. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2024-36896 | Linux Kernel up to 6.1.90/6.6.30/6.8.9 USB port.c disable_store null pointer dereference (WID-SEC-2024-1259)

Vuldb Updates
3 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.90/6.6.30/6.8.9. This impacts the function disable_store of the file port.c of the component USB. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2024-36896. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.
vuldb.com

Managed ad