电力企业 | 安全建设框架
新型电力网络安全架构思路
Aggregator
Просмотры YouTube в России упали на 52% за лето
4 months 1 week ago
Исследование Vigo выявило десятикратное замедление загрузки видеохостинга.
CVE-2007-2609 | gnuedu scripts/lom_update.php ETCDIR code injection (EDB-3876 / XFDB-34174)
4 months 1 week ago
A vulnerability was found in gnuedu. It has been classified as critical. This affects an unknown part of the file scripts/lom_update.php. The manipulation of the argument ETCDIR leads to code injection.
This vulnerability is uniquely identified as CVE-2007-2609. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Live Patching as a Growth Enabler for Your Infrastructure
4 months 1 week ago
Yesterday, as I was preparing this article, I had the opportunity to present at a TuxCare webinar, where we introduced live patching. Throughout the presentation, we discussed various characteristics of this patching methodology. While reflecting on these aspects, I realized that one particular point deserves more attention — the role of live patching as a […]
The post Live Patching as a Growth Enabler for Your Infrastructure appeared first on TuxCare.
The post Live Patching as a Growth Enabler for Your Infrastructure appeared first on Security Boulevard.
Joao Correia
Nudge Security unveils SSPM capabilities to strengthen SaaS security
4 months 1 week ago
Nudge Security unveiled new SSPM (SaaS security posture management) capabilities for its SaaS security and governance platform. This enhancement creates the industry’s most comprehensive solution of its kind, combining SaaS discovery, security posture management, spend management, third-party risk, and identity governance in a single, self-service offering that deploys in minutes. As digital identities become prime targets for cyber threats, organizations are prioritizing efforts to strengthen and monitor identity infrastructure. Nudge Security’s SSPM capabilities enable IT and security … More →
The post Nudge Security unveils SSPM capabilities to strengthen SaaS security appeared first on Help Net Security.
Industry News
OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
4 months 1 week ago
Breach Roundup: Mexico in Hacker Spotlight
4 months 1 week ago
Also: Critical WHOIS Vulnerability Exposes Internet Security Flaw in .mobi Domains
This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
UK Labels Data Centers as Critical National Infrastructure
4 months 1 week ago
British Government Says Data Centers Are 'Essential for Functioning of Society'
The U.K. government on Thursday designated data centers as part of its critical national infrastructure in a move intended to prevent the loss of sensitive user data during disruptive cyberattacks. A newly announced data center security team will monitor and anticipate potential cyberthreats.
The U.K. government on Thursday designated data centers as part of its critical national infrastructure in a move intended to prevent the loss of sensitive user data during disruptive cyberattacks. A newly announced data center security team will monitor and anticipate potential cyberthreats.
GPS Modernization Stalls as Pentagon Faces Chip Shortages
4 months 1 week ago
New Report Warns of Continued Delays and Deficiencies in Federal GPS Modernization
The Space Force is suffering from years of delays, setbacks and shortcomings in its Global Positioning System modernization program, according to a Government Accountability Office report, which found major deficiencies and testing issues that could hinder the United States competitiveness in space.
The Space Force is suffering from years of delays, setbacks and shortcomings in its Global Positioning System modernization program, according to a Government Accountability Office report, which found major deficiencies and testing issues that could hinder the United States competitiveness in space.
Kernel Mode Under the Microscope at Windows Security Summit
4 months 1 week ago
Company Focused on Safe Deployment Practices, Reducing Kernel Mode Dependencies
Cutting kernel mode dependencies and adopting safe deployment practices will make endpoint systems more resilient and secure for Windows customers. Tuesday's meeting came two months after a faulty CrowdStrike update disrupted 8.5 million Windows machines and caused $5.4 billion in direct losses.
Cutting kernel mode dependencies and adopting safe deployment practices will make endpoint systems more resilient and secure for Windows customers. Tuesday's meeting came two months after a faulty CrowdStrike update disrupted 8.5 million Windows machines and caused $5.4 billion in direct losses.
独立开发变现周刊(第149期) : 每月收入100万美元的 AI 写作 SaaS
4 months 1 week ago
分享独立开发、产品变现相关内容,每周五发布。目录1、Follow:新一代信息汇集查看器2、【增长技巧】一个小改变收入增长80%3、Videco:AI驱动的个性化互动视频工具4、3个月内将Submagi
伪装“黑神话悟空修改器”传播木马的活动分析
4 months 1 week ago
1 概述
近日,安天CERT通过网络安全监测发现利用“黑神话悟空修改器”传播恶意代码的活动,攻击者将自身的恶意代码程序与《黑神话:悟空》第三方修改器“风灵月影”捆绑在一起,再通过在社媒发布视频等方式引流,诱导玩家下载。玩家一旦下载了带有恶意代码的修改器版本,在运行修改器的同时,也将在后台自动运行恶意代码,导致计算机被控制,产生隐私泄露、经济损失等风险。
《黑神话:悟空》作为国产首款3A游戏大作,千万玩家在线狂欢,尽享盛宴。但玩家尽情在痛殴游戏中的BOSS(或被BOSS痛殴)的时候,也要小心网络中的妖魔鬼怪、恶意代码。祝玩家在游戏中都成为齐天大圣,在上网时也擦亮火眼金睛,穿上金甲战衣。
经验证,安天智甲终端防御系统(简称IEP)可实现对捆绑的恶意代码的有效查杀。
2 样本传播渠道
1.利用视频图文引流,携带恶意钓鱼网址
攻击者在视频网站、博客等平台发布视频、图文等格式钓鱼内容,并在其中附带捆绑木马的游戏修改器下载链接,诱导用户下载并执行恶意程序。
图 2‑1通过视频网站引流钓鱼网址
图 2‑2通过发帖引流钓鱼网址
2.警惕利用闲鱼、淘宝等购物平台传播捆绑木马
《黑神话:悟空》的大量“修改器”上架闲鱼、淘宝平台,售价在1~10元左右,这些修改器很多都标注称是“风灵月影”,但实际上,该修改器均为完全免费软件,在风灵月影的网站上就可免费下载。攻击者可能会将携带恶意代码的《黑神话:悟空》修改器挂到购物网站上引流,请广大用户谨慎购买。
图 2‑3 闲鱼、淘宝平台售卖大量修改器
3 样本分析
3.1样本标签
表 3‑1二进制可执行文件
病毒名称
Trojan/Win32.PoolInject
原始文件名
黑神话悟空修改器.exe
MD5
2C00D2DA92600E70E7379BCAFF6D10B1
处理器架构
Intel 386 or later, and compatibles
文件大小
6.88 MB (7,215,452 字节)
文件格式
BinExecute/Microsoft.EXE[:X86]
时间戳
2022-12-14 13:40:00 UTC
数字签名
无
加壳类型
无
编译语言
Visual C/C++
VT首次上传时间
2024-08-25 06:21:11 UTC
VT检测结果
44/75
3.2样本分析
样本是一个Advanced Installer安装包,执行时会在桌面释放“Black Myth Wukong v1.0 Plus 35 Trainer.exe”并执行,该文件为正常修改器程序。另外还会启动msi文件的安装。该安装包可使用/extract参数解包。
图 3‑1样本安装包
msi文件设置了执行条件,不支持虚拟机中运行。
图 3‑2检测虚拟机环境
其捆绑的恶意程序WindowsSandBoxC.exe存放在streams流中,会在运行正常修改器后执行。
图 3‑3安装包内嵌的恶意程序
样本伪装图标和数字签名为Windows Sandbox组件,但与实际系统组件无关。
图 3‑4伪装的图标和数字签名
样本使用ZeroMQ库在进程内传递数据。攻击者对样本中的载荷下载地址中的符号进行了替换,实际的载荷下载地址为https[:]//a-1324330606.cos.accelerate.myqcloud[.]com/a和https[:]//xyz-1324330606.cos.accelerate.myqcloud[.]com/xyz。相关地址为腾讯云对象存储服务。
图 3‑5利用ZeroMQ进行通信
相关下载代码如下所示。
图 3‑6下载载荷
目前该载荷下载地址已失效,但通过情报关联,可以发现其后续载荷还通过相同对象云存储账号下的多个位置下载了载荷。
图 3‑7关联后续载荷
通过对其载荷下载地址中的腾讯云COS存储桶ID进行关联搜索,可发现近期在该腾讯云存储账号中还出现过多次恶意载荷,包括与目前活跃的“游蛇”(又称银狐)组织相关的攻击样本。
此外还发现多个其他软件被捆绑的样本,他们的行为中包含下载多个云存储文件,以及类似%ProgramFiles%\Adobe\
图 3‑8更多被捆绑的样本
安天智甲终端防御系统(简称IEP)可实现对捆绑的恶意代码的有效查杀。
建议企业用户部署专业的终端安全防护产品,对本地新增和启动文件进行实时检测,并周期性进行网内病毒扫描。安天智甲终端安全系列产品(以下简称“智甲”)依托安天自研威胁检测引擎和内核级主动防御能力,可以有效查杀本次发现病毒样本。
智甲可对本地磁盘进行实时监测,对新增文件自动化进行病毒检测,对发现病毒可在其落地时第一时间发送告警并进行处置,避免恶意代码启动。
图 3-9发现病毒时,智甲第一时间捕获并发送告警
智甲还为用户提供统一管理平台,管理员可通过平台集中查看网内威胁事件详情,并批量进行处置,提高终端安全运维效率。
图 3-10通过智甲管理中心查看并完成威胁事件处置
4 loCs
2C00D2DA92600E70E7379BCAFF6D10B1
308D7792233286B2AE747DA9F9343487
http://tgfile.1258012.xyz/cac1be36221
https://a-1324330606.cos.accelerate.myqcloud.com/a
https://xyz-1324330606.cos.accelerate.myqcloud.com/xyz
安天
CVE-2024-42039 | Huawei HarmonyOS/EMUI SystemUI Module information disclosure
4 months 1 week ago
A vulnerability was found in Huawei HarmonyOS and EMUI. It has been classified as problematic. Affected is an unknown function of the component SystemUI Module. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2024-42039. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-45441 | Huawei HarmonyOS/EMUI System Service Module denial of service
4 months 1 week ago
A vulnerability was found in Huawei HarmonyOS and EMUI. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component System Service Module. The manipulation leads to denial of service.
This vulnerability is known as CVE-2024-45441. An attack has to be approached locally. There is no exploit available.
vuldb.com
CVE-2024-45450 | Huawei HarmonyOS/EMUI Software Update information disclosure
4 months 1 week ago
A vulnerability classified as problematic has been found in Huawei HarmonyOS and EMUI. This affects an unknown part of the component Software Update Handler. The manipulation leads to information disclosure.
This vulnerability is uniquely identified as CVE-2024-45450. Attacking locally is a requirement. There is no exploit available.
vuldb.com
CVE-2024-8412 | LinuxOSsk Shakal-NG up to 1.3.3 comments/views.py next redirect (Issue 202)
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect.
This vulnerability is traded as CVE-2024-8412. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-8391 | Eclipse Vert.x up to 4.5.9 gRPC Server allocation of resources
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in Eclipse Vert.x up to 4.5.9. Affected is an unknown function of the component gRPC Server. The manipulation leads to allocation of resources.
This vulnerability is traded as CVE-2024-8391. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-45314 | dpgaspar Flask-AppBuilder up to 4.5.0 /login web browser cache containing sensitive information (GHSA-fw5r-6m3x-rh7p)
4 months 1 week ago
A vulnerability was found in dpgaspar Flask-AppBuilder up to 4.5.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login. The manipulation leads to use of web browser cache containing sensitive information.
This vulnerability is handled as CVE-2024-45314. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-45389 | CloudCannon pagefind up to 1.1.0 document.currentScript.src cross site scripting
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in CloudCannon pagefind up to 1.1.0. Affected is an unknown function. The manipulation of the argument document.currentScript.src leads to cross site scripting.
This vulnerability is traded as CVE-2024-45389. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-45390 | blakeembrey js-template up to 1.1.x code injection
4 months 1 week ago
A vulnerability has been found in blakeembrey js-template up to 1.1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection.
This vulnerability is known as CVE-2024-45390. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com