Aggregator

A vulnerability classified as critical was found in Microsoft SQL Server. This vulnerability affects unknown code of the component Native Client OLE DB Provider. The manipulation leads to integer overflow. This vulnerability was named CVE-2024-37336. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment -- presumably with the password needed to view the file included in the body of the email.

freki Freki is a free and open-source malware analysis platform. Goals Facilitate malware analysis and reverse engineering; Provide an easy-to-use REST API for different projects; Easy deployment (via Docker); Allow the addition of new...

The post freki: Malware analysis platform appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 威胁行为者正在利用 PHP 中的一个严重安全漏洞来投放加密货币挖矿程序和远程访问木马（RAT），例如 Quasar RAT。 该漏洞被指派了 CVE 标识符 CVE-2024-4577，是指影响运行在 CGI 模式的 Windows 系统上的 PHP 的参数注入漏洞，可能允许远程攻击者运行任意代码。 网络安全公司 Bitdefender 表示，自去年年底以来，观察到针对 CVE-2024-4577 的利用尝试激增，其中中国台湾地区（54.65%）、中国香港地区（27.06%）、巴西（16.39%）、日本（1.57%）和印度（0.33%）的集中度较高。 大约 15% 的检测到的利用尝试涉及使用“whoami”和“echo <test_string>”等命令进行基本漏洞检查。另外 15% 围绕用于系统侦察的命令，例如进程枚举、网络发现、用户和域信息以及系统元数据收集。 Bitdefender 技术解决方案总监 Martin Zugec 指出，检测到的攻击中大约有 5% 最终部署了 XMRig 加密货币挖矿程序。 “另一个较小的活动涉及部署 Nicehash 挖矿程序，这是一个允许用户出售计算能力以换取加密货币的平台，”Zugec 补充道。“挖矿进程伪装成合法应用程序，例如 javawindows.exe，以逃避检测。” PHP 漏洞用于部署 Quasar 远程访问木马 其他攻击被发现利用该漏洞交付开源的 Quasar RAT 等远程访问工具，以及使用 cmd.exe 执行托管在远程服务器上的恶意 Windows 安装程序（MSI）文件。 在某种程度上是一个有趣的变化，这家罗马尼亚公司还观察到试图修改易受攻击服务器上的防火墙配置，目的是阻止访问与漏洞利用相关的已知恶意 IP 地址。 这种不寻常的行为引发了竞争对手加密劫持集团为争夺易受攻击资源的控制权，并阻止他们再次针对自己控制的目标的可能性。这也与关于加密劫持攻击的历史观察结果一致，即在部署自己的有效载荷之前终止竞争对手的挖矿进程。 这一发展紧随思科 Talos 公布自今年年初以来针对日本组织的攻击中利用 PHP 漏洞的活动细节之后。 建议用户更新其 PHP 安装到最新版本以防范潜在威胁。 “由于大多数活动一直在使用 LOLBAS 工具，组织应考虑将 PowerShell 等工具的使用限制在环境中的特权用户（如管理员）内。”Zugec 说。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in openvswitch and classified as problematic. Affected by this issue is some unknown functionality of the component LLDP Packet Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2020-27827. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in lldpd up to 1.0.12. It has been classified as problematic. Affected is the function sonmp_decode of the component SONMP Packet Decoder. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2021-43612. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in lldpd up to 1.0.16. Affected is an unknown function of the file daemon/protocols/cdp.c of the component CDP PDU Packet Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2023-41910. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Intel 82599 Ethernet Controller. Affected is an unknown function of the component Control Flow Management. The manipulation leads to denial of service. This vulnerability is traded as CVE-2021-33061. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Linux Kernel up to 5.18.12. This affects the function cgroup_migrate_add_src. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-49647. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.10.131/5.15.55/5.18.12. Affected is the function proc_douintvec_minmax. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-49640. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1. This issue affects some unknown processing of the component pfifo_tail_enqueue. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-21702. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.15.55/5.18.12. This vulnerability affects the function READ_ONCE. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-49633. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.4.206/5.10.131/5.15.55/5.18.12. Affected is the function READ_ONCE. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-49631. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.18.12 and classified as problematic. Affected by this vulnerability is the function READ_ONCE. The manipulation leads to information disclosure. This vulnerability is known as CVE-2022-49638. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.18.13. Affected by this vulnerability is an unknown functionality. The manipulation leads to state issue. This vulnerability is known as CVE-2022-49611. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.131/5.15.55/5.18.12. It has been rated as problematic. This issue affects the function READ_ONCE. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2022-49629. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

俾路支解放军（BLA）近年来的活动明显升级，引起国际社会广泛关注。