Aggregator

与 Konni 组织相关的多阶段恶意软件活动分析；UTG-Q-017：“短平快”体系下的高级窃密组织；APT-C-27（黄金鼠）新攻击武器曝光；TaxOff组织利用Chrome零日漏洞发动攻击

与 Konni 组织相关的多阶段恶意软件活动分析；UTG-Q-017：“短平快”体系下的高级窃密组织；APT-C-27（黄金鼠）新攻击武器曝光；TaxOff组织利用Chrome零日漏洞发动攻击

Incident Is Largest Health Data Breach Reported So Far to Feds in 2025
Yale New Haven Health System is notifying more than 5.5 million patients that their information was potentially among data stolen in a March hack. The incident, which is among several other recent major hacks, ranks is the largest health data breach reported to federal regulator so far this year.

Void Dokkaebi Campaigns Using Russia for Cryptocurrency Theft
North Korean hackers look north toward Russia for the internet infrastructure behind the many online scams that Pyongyang has built to funnel stolen cash into the rouge nation. Void Dokkaebi hackers participate in the North Korean scam of social engineering IT job seekers.

Hackers Deploying Infostealers for Data and Credential Theft
Hacks targeting cloud infrastructure rose significantly last year, with attackers exploiting misconfiguration and single sign-on features to deploy infostealers for data and credential theft. Hackers target centralized cloud assets secured with single sign-ons.

Experts Say White House AI Plan May Spur Innovation But Leave School Data at Risk
The White House issued an executive order Wednesday to expand the use of new artificial intelligence tools in U.S. K–12 schools, drawing expert warnings over the lack of cybersecurity safeguards to prevent data leaks or misuse by AI firms for model training.

JSRC官网报告提交页面全新升级！

活动时间：2025.4.25 10:00  ~ 2025.5.11 24:00

JSRC官网报告提交页面全新升级！

活动时间：2025.4.25 10:00  ~ 2025.5.11 24:00

HackerNews 编译，转载请注明出处： 2025年第一季度，多达159个CVE编号被标记为实际遭到利用，高于2024年第四季度的151个。 VulnCheck在与《The Hacker News》共享的报告中表示：“我们持续观察到漏洞被快速利用的现象，28.3%的漏洞在其CVE公开后1天内即遭利用。”这意味着有45个安全漏洞在公开当天就被武器化用于真实攻击。另有14个漏洞在1个月内被利用，还有45个漏洞在一年内遭到滥用。 VulnCheck表示，大部分被利用漏洞存在于内容管理系统（CMS），其次是网络边缘设备、操作系统、开源软件和服务器软件。具体分类如下： 内容管理系统（CMS）（35个） 网络边缘设备（29个） 操作系统（24个） 开源软件（14个） 服务器软件（14个） 该时期被攻击的主要厂商及产品包括：微软Windows（15个漏洞）、博通VMware（6个）、Cyber PowerPanel（5个）、Litespeed Technologies（4个）和TOTOLINK路由器（4个）。 VulnCheck指出：“平均每周披露11.4个KEV漏洞，每月53个。虽然CISA KEV本季度新增80个漏洞，但其中仅有12个此前没有公开的利用证据。”在159个漏洞中，25.8%被发现正在等待或接受NIST国家漏洞数据库（NVD）分析，3.1%被赋予新的“延期”状态。 根据Verizon最新发布的《2025年数据泄露调查报告》，作为数据泄露初始访问途径的漏洞利用量增长34%，占所有入侵事件的20%。谷歌旗下Mandiant收集的数据也显示，漏洞利用连续第五年成为最常观察到的初始感染途径，而窃取凭证已超越钓鱼攻击成为第二大初始访问途径。 Mandiant表示：“在确定初始感染途径的入侵事件中，33%始于漏洞利用。这比2023年（漏洞利用占入侵初始途径的38%）有所下降，但与2022年（32%）基本持平。”尽管攻击者试图逃避检测，防御者在识别入侵方面的能力仍在持续提升。 全球驻留时间中位数（即攻击者从入侵到被检测到在系统中停留的天数）达到11天，较2023年增加1天。     消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic has been found in Rukovoditel 3.2.1. Affected is an unknown function of the file /index.php?module=help_pages/pages&entities_id=24 of the component Add Announcement Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability is traded as CVE-2022-44944. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Rukovoditel 3.2.1. Affected by this vulnerability is an unknown functionality of the file /index.php?module=help_pages/pages&entities_id=24 of the component Add Page Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability is known as CVE-2022-44946. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Rukovoditel 3.2.1. Affected by this issue is some unknown functionality of the file /index.php?module=entities/listing_types&entities_id=24 of the component Highlight Row Handler. The manipulation of the argument Note leads to cross site scripting. This vulnerability is handled as CVE-2022-44947. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Rukovoditel 3.2.1. This affects an unknown part of the file at/index.php?module=entities/entities_groups of the component Entities Group Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-44948. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Rukovoditel 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /index.php?module=entities/fields&entities_id=24 of the component Add New Field Handler. The manipulation of the argument Short Name leads to cross site scripting. This vulnerability was named CVE-2022-44949. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1 and classified as problematic. This issue affects some unknown processing of the file /index.php?module=entities/fields&entities_id=24. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2022-44950. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?module=entities/forms&entities_id=24 of the component Add New Form Tab Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is traded as CVE-2022-44951. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?module=configuration/application. The manipulation of the argument Copyright Text leads to cross site scripting. This vulnerability is known as CVE-2022-44952. The attack can be launched remotely. There is no exploit available.