Aggregator

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

8 months 1 week ago

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption

The Hacker News

CVE-2003-0478 | Bahamut IRCd 1.2.3/1.4.35 Debug Mode format string (EDB-22839 / Nessus ID 11783)

Vuldb Updates

8 months 1 week ago

A vulnerability, which was classified as critical, was found in Bahamut IRCd 1.2.3/1.4.35. Affected is an unknown function of the component Debug Mode. The manipulation leads to format string. This vulnerability is traded as CVE-2003-0478. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

vuldb.com

0ktapus威胁组织对130多家企业发起网络攻击

嘶吼

8 months 1 week ago

据悉，针对 Twilio 和 Cloudflare 员工的攻击与大规模网络钓鱼活动有关，该活动导致 130 多个组织的 9,931 个帐户遭到入侵。

研究人员表示，这些活动与针对身份和访问管理公司 Okta 的攻击有关，该公司为威胁者取了 0ktapus 的绰号。

Group-IB 研究人员在最近的一份报告中写道：“威胁者的主要目标是从目标组织的用户那里获取 Okta 身份凭证和多因素身份验证 (MFA) 代码。”这些用户收到的短信包含模仿其组织的 Okta 身份验证页面的钓鱼网站链接。

受影响的有 114 家美国公司，另有其他 68 个国家也受到了影响。Group-IB 高级威胁情报分析师表示，攻击范围仍不得而知。

0ktapus 黑客想要什么

根据 Group-IB 分析的受损数据分析，0ktapus 攻击者的攻击目标是电信公司。虽然不确定威胁者如何获得用于 MFA 相关攻击的电话号码列表，但研究人员认为，0ktapus 攻击者的攻击目标大概率是电信公司。

接下来，攻击者通过短信向目标发送钓鱼链接。这些链接指向模仿目标雇主使用的 Okta 身份验证页面的网页。然后，受害者被要求提交 Okta 身份凭证以及员工用于保护其登录信息的多因素身份验证 (MFA) 代码。

在附带的技术博客中，Group-IB 的研究人员解释说，最初主要针对软件即服务公司的攻击只是多管齐下的攻击的第一阶段。0ktapus 的最终目标是访问公司邮件列表或面向客户的系统，以期促进供应链攻击。

在 Group-IB 发布报告的几个小时内，DoorDash 公司透露，它遭受了一次具有 0ktapus 式攻击所有特征的攻击。

爆炸半径：MFA 攻击

DoorDash 在博客文章中透露：“未经授权的一方利用窃取的供应商员工凭证访问了我们的一些内部工具。”根据该帖子，攻击者继续窃取客户和送货员的个人信息，包括姓名、电话号码、电子邮件和送货地址。

Group-IB 报告称，攻击者在攻击过程中破解了 5,441 个 MFA 代码。虽然 MFA 等安全措施看起来很安全，但很明显，攻击者可以用相对简单的工具攻破它们。

为了缓解 0ktapus 的活动，研究人员建议人们应注意 URL 和密码的安全，并使用符合 FIDO2 的安全密钥进行 MFA。无论使用哪种 MFA，都应该向用户传授针对其 MFA 形式实施的常见攻击类型、如何识别这些攻击以及如何应对。

胡金鱼

How hybrid workforces are reshaping authentication strategies

Help Net Security

8 months 1 week ago

In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity. Given the rise of hybrid and remote workforces, how have authentication challenges evolved, and what strategies are being employed to maintain secure access without compromising productivity? The shift to hybrid and remote work … More →

The post How hybrid workforces are reshaping authentication strategies appeared first on Help Net Security.

Mirko Zorz

COVID-19 影响到了月球

Solidot

8 months 1 week ago

COVID-19 疫情在地球上引发了混乱，一项新研究表明，它的影响可能超出了地球范围。科学家利用 NASA月球勘测轨道飞行器（Lunar Reconnaissance Orbiter, LRO）收集的数据，分析了月球六个地点的表面温度。他们对 2017 年至 2023 年的温度数据进行了研究，发现 2020 年 4 月至 5月的温度异常下降，范围在 8K 到 10K 之间。其中，最低温度出现在风暴洋（Oceanus Procellarum）中的一个地点，降至 96K（约-177˚C）。这一变化似乎与疫情期间的全球封锁相吻合。COVID-19 的第一波疫情在 2020 年 3 月席卷全球，各国政府颁布了严格的封锁令以遏制病毒的传播。到 4 月全球约一半的人口被要求或命令待在家中。研究人员推测，这一降温现象可能是由于封锁期间地球释放的辐射热量减少，从而减少大气中散失至太空的热量。全球封锁减少了工业活动、交通和矿业等会产生温室气体的活动，研究表明，全球二氧化碳排放量在 2020 年 4 月初比 2019 年的平均下降了约17%。

Google 测试支持扩展的 Chrome for Android

Solidot

8 months 1 week ago

Google 正在开发支持扩展的 Chrome for Android。Google 测试的是针对 Chromebook 的 Chrome for Android 的“桌面”构建版本，Chromebook 笔电使用的浏览器正逐渐转向 Chrome for Android，移动设备可能会受益于 Google 的这项工作。Chrome for Android 目前不支持扩展，支持扩展的移动浏览器如 Firefox for Android，它支持广告屏蔽扩展如 uBlock。

CVE-2024-47910 | SonarSource SonarQube up to 9.9.4 LTA/10.4 GitHub Integration access control

Vuldb Updates

8 months 1 week ago

A vulnerability was found in SonarSource SonarQube up to 9.9.4 LTA/10.4. It has been classified as critical. This affects an unknown part of the component GitHub Integration. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-47910. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-47911 | SonarSource SonarQube 10.4.x/10.5.x API Endpoint group-memberships sql injection

Vuldb Updates

8 months 1 week ago

A vulnerability was found in SonarSource SonarQube 10.4.x/10.5.x. It has been declared as critical. This vulnerability affects unknown code of the file authorizations/group-memberships of the component API Endpoint. The manipulation leads to sql injection. This vulnerability was named CVE-2024-47911. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-47841 | Wikimedia CSS Extension up to 1.39.8/1.41.2/1.42.1 on Mediawiki path traversal

Vuldb Updates

8 months 1 week ago

A vulnerability was found in Wikimedia CSS Extension up to 1.39.8/1.41.2/1.42.1 on Mediawiki. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-47841. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-47849 | Wikimedia Cargo Extension 3.6.0 on Mediawiki sql injection

Vuldb Updates

8 months 1 week ago

A vulnerability was found in Wikimedia Cargo Extension 3.6.0 on Mediawiki and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-47849. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-47848 | Wikimedia PageTriage Extension up to 1.39.8/1.41.2/1.42.1 on Mediawiki information disclosure

Vuldb Updates

8 months 1 week ago

A vulnerability was found in Wikimedia PageTriage Extension up to 1.39.8/1.41.2/1.42.1 on Mediawiki. It has been classified as problematic. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-47848. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-47913 | Wikimedia AbuseFilter Extension up to 1.39.8/1.41.2/1.42.1 on MediaWiki API improper authorization (Nessus ID 208215)

Vuldb Updates

8 months 1 week ago

A vulnerability classified as critical has been found in Wikimedia AbuseFilter Extension up to 1.39.8/1.41.2/1.42.1 on MediaWiki. Affected is an unknown function of the component API. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2024-47913. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-9455 | WP Cleanup and Basic Functions Plugin up to 2.2.1 on WordPress SVG File Upload cross site scripting

Vuldb Updates

8 months 1 week ago

A vulnerability classified as problematic has been found in WP Cleanup and Basic Functions Plugin up to 2.2.1 on WordPress. Affected is an unknown function of the component SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-9455. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-9385 | Themify Builder Plugin up to 7.6.2 on WordPress cross site scripting

Vuldb Updates

8 months 1 week ago

A vulnerability classified as problematic was found in Themify Builder Plugin up to 7.6.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9385. The attack can be launched remotely. There is no exploit available.

vuldb.com

官方建议国内 AI 公司不要依赖英伟达芯片

Solidot

8 months 1 week ago

官方非正式的建议国内 AI 公司优先采购华为的 AI 加速器而不是英伟达芯片。英伟达占据了 AI 芯片市场的八成以上份额，包括华为在内的中国公司尚未开发出能与英伟达芯片相抗衡的产品。官方尚未禁止英伟达为中国大陆市场专门开发的规避美国出口控制的 AI 芯片 H20 GPU，知情人士表示截至今年 8 月中国大陆公司的 H20 订单尚未受到限制。英伟达拒绝对此报道置评。

Websites are losing the fight against bot attacks

Help Net Security

8 months 1 week ago

The discovery that 95% of advanced bot attacks go undetected points to a weakness in current detection and mitigation strategies. This suggests that while some organizations may have basic defenses, they are ill-equipped to handle more sophisticated attacks, such as those leveraging AI and machine learning to mimic human behavior. These statistics highlight the need for organizations to prioritize and strengthen their security measures against bot attacks. 65% of websites are unprotected against simple bot … More →

The post Websites are losing the fight against bot attacks appeared first on Help Net Security.

Help Net Security

CVE-2024-46077 | itsourcecode Online Tours and Travels Management System 1.0 travellers.php cross site scripting

Vuldb Updates

8 months 1 week ago

A vulnerability, which was classified as problematic, has been found in itsourcecode Online Tours and Travels Management System 1.0. This issue affects some unknown processing of the file travellers.php. The manipulation of the argument val-username/val-email/val-suggestions/val-digits/state_name leads to cross site scripting. The identification of this vulnerability is CVE-2024-46077. The attack may be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-46078 | itsourcecode Sports Management System 1.0 player.php delete_category id sql injection

Vuldb Updates

8 months 1 week ago

A vulnerability, which was classified as critical, was found in itsourcecode Sports Management System 1.0. Affected is the function delete_category of the file sports_scheduling/player.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-46078. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-37868 | itsourcecode Online Discussion Forum 1.0 sendreply.php image unrestricted upload

Vuldb Updates

8 months 1 week ago

A vulnerability has been found in itsourcecode Online Discussion Forum 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file sendreply.php. The manipulation of the argument image leads to unrestricted upload. This vulnerability is known as CVE-2024-37868. The attack can be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2024-37869 | itsourcecode Online Discussion Forum 1.0 poster.php image unrestricted upload

Vuldb Updates

8 months 1 week ago

A vulnerability was found in itsourcecode Online Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file poster.php. The manipulation of the argument image leads to unrestricted upload. This vulnerability is handled as CVE-2024-37869. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

Aggregator

Managed ad