Aggregator

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world. At the beginning of the year, […]

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate device

国内で確認されている、LinkedInを初期感染経路とする不正アクセスに関連して、JPCERT/CCが2019年ごろから確認している攻撃事案を紹介しています。

值蛇年春节到来之际，我们精选过去一年公众号30多篇技术文章和科研论文，整理制作成一本600多页的电子书，作为一份特别的新年礼物，献给每一位热爱技术的你。愿大家乘风破浪，勇往直前！

为国产化产业大局的建立尽最大能力添砖加瓦。

长航体系背景介绍长航总局的职能长江航务管理局隶属于中华人民共和国交通运输部，是遵照国务院国发198350号文件精神，根据政企分开、港航分管的原则，在原长江航运管理局的基础上于1984年组建的，2002

#勒索病毒 #AvosLocker #Linux AvosLocker恶意病毒攻击 AvosLocker 是一个勒索软件即服务 (RaaS) 团伙，于 2021 年中期首次出现。此后，该团伙因针对关键基础设施（包括金融服务、关键制造业和政府设施领域）的攻击而臭名昭著，因采用双重勒索策略而闻名,该组织首先窃取数据，然后再对其进行加密，然后该组织表示除非受害者支付赎金，否则将在专门的泄露网站上对外发布数据，最初，AvosLocker 组织主要针对 Windows 系统，但他们随后也通过针对 VMware ESXi 的勒索软件的 Linux 版本来扩大其影响范围。

#勒索病毒 #Babuk #Ransomware Babuk勒索病毒攻击 Babuk 勒索软件于 2021 年出现，因针对目标行业（尤其是医疗保健、制造业、物流和公共服务领域，包括关键基础设施）发起高调攻击而恶名远播。 Babuk 可以针对多种硬件和软件平台进行编译。编译是通过勒索软件构建器配置的。Windows 和 Linux 的 ARM 是最常用的版本，但随着时间的推移，也观察到了 ESX 和 32 位较旧的 PE 可执行文件。

#勒索病毒 #AIDS #Ransomware 全球最早的勒索病毒以及勒索病毒攻击活动 勒索病毒属于恶意软件的一种病毒类型，这种病毒并不是现在才有的，早在1989年哈佛大学博士学位的生物学家约瑟夫波普Joseph Popp开发了一款软件，并向世界卫生组织艾滋病会议的参加者分发了20000张受感染的磁盘，以艾滋病信息-入门软盘命名，当软盘插入电脑就会感染该勒索病毒，弹出勒索提示信息框，受害者必须在巴拿马的邮政邮箱向PC Cyborg Corporation发送189美元，以解锁电脑的访问权限，这就是最早的勒索病毒以及勒索攻击活动。

#勒索病毒 #一重勒索 #二重勒索 #三重勒索 #四重勒索 #Ransomware 揭秘勒索病毒黑客组织的勒索手段 你了解勒索病毒黑客组织的几种勒索手段吗？一重勒索，二重勒索，三重勒索，四重勒索分别是什么？以后要出去装逼的时候，不要被人笑话连这都不懂，还大谈勒索病毒攻击防御

The Joint Cyber Defense Collaborative playbook seeks to establish a "a unified approach" on how to handle AI-related cybersecurity threats.

A Threat Actor Claims to be Selling Access to an Unidentified US Law Firm

Prestige Maintenance USA has Fallen Victim to MEDUSA Ransomware

Command Injection affecting Windows nodes via nodes/*/logs/query API

A vulnerability was found in Gestionale Amica Prodigy 1.7 and classified as critical. Affected by this issue is some unknown functionality of the file RemoteBackup.Service.exe. The manipulation leads to permission issues. This vulnerability is handled as CVE-2021-35312. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in ClickHeat up to 1.14. This issue affects some unknown processing of the file index.php. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2015-4659. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in EventPrime Plugin up to 3.4.2 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality of the component Booking Payment Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-1321. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Tutor LMS Plugin up to 2.6.1 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-1751. It is possible to launch the attack remotely. There is no exploit available.