Aggregator

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. DragonForce Ransomware Group is Targeting Saudi Arabia   Massive Botnet Targets M365 with Stealthy Password Spraying Attacks   Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2   #StopRansomware: Ghost (Cring) Ransomware   […]

This post first appeared on blog.netwrix.com and was written by Tyler Reese.
Microsoft Identity Manager (MIM) has long been a cornerstone of identity and access management for many organizations. It integrates seamlessly with on-premises systems like Active Directory, SAP, Oracle, and other LDAP and SQL platforms to ensure consistent user identities across multiple environments. However, with Microsoft’s focus shifting toward cloud-first solutions like Entra ID, MIM’s mainstream … Continued

A vulnerability classified as problematic has been found in Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4. This affects the function tagged_addr_ctrl_set of the component ptrace. The manipulation leads to uninitialized pointer. This vulnerability is uniquely identified as CVE-2024-57874. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.7. This issue affects some unknown processing of the component megaraid_sas. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2024-57807. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.173/6.1.119/6.6.65/6.12.4. It has been rated as problematic. This issue affects the function of_clk_get_by_name of the file soc-imx8m.c. The manipulation leads to state issue. The identification of this vulnerability is CVE-2024-56787. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4 and classified as problematic. This issue affects some unknown processing of the file arch/mips/boot/dts/loongson/ls7a-pch.dtsi of the component Loongson64. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-56785. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. This issue affects some unknown processing of the component nft_socket. The manipulation leads to reachable assertion. The identification of this vulnerability is CVE-2024-56783. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Gundaz Aghayev 写道: 微软在 4 年前宣布他们对域前置的反对立场，声称“作为一家致力于为善提供技术的公司…支持支持自由和开放沟通的某些用例是一个重要的考虑因素。然而域前置也受到从事非法活动的不良行为者和威胁行为者的滥用…在某些情况下，不良行为者会配置他们的 Azure 服务来实现这一点…我们正在改变我们的政策，以确保在 Azure 中停止和阻止域前置。”
在多次通知和警告之后，达摩克利斯之剑终于落下。微软去年底通知用户，旧的 Azure CDN 将于 2025 年 1 月 15 日终止，建议用户迁移到类似 Azure Front Door 服务。在新 的Azure Front Door 服务下，用户只能得到唯一的专有域名，如 snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net，有效地阻止了利用域前置的可能性。
本年 2 月 1 日，Azure CDN彻底停止工作。
Tor Project 在 3 周前从源代码库删除内置的 meek-azure 网桥，它被另一个 CDN77 上的 meek 网桥替代。

犹他州有可能成为美国第一个在公共自来水系统中禁止添加氟的州。去年有一项研究报告饮用水氟含量超过推荐限制两倍与儿童较低的 IQ 值相关。在饮用水中加入低浓度氟被广泛视为上世纪公共卫生领域最大的成就之一。氟通过补充正常磨损中流失的矿物质去加固牙齿和减少龋齿。该研究汇总了加拿大、中国、印度、伊朗、巴基斯坦和墨西哥进行的研究，其结论是每升饮用水含氟量超过 1.5 毫克与儿童 IQ 值较低相关。研究人员并没有建议饮用水不要加氟。此外汇总的大部分研究质量较低，且主要在美国之外进行，如中国等国饮用水中的氟含量要高得多。去年澳大利亚发表的另一项研究没有发现儿童早期接触氟与认知发育问题有关联。主要公共卫生组织如美国儿科学会、美国牙科协会和疾控中心（CDC）都支持在饮用水中添加氟。美国牙科协会督促犹他州州长不要签署禁止添加氟的 HB0081 法案。

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day Microsoft disrupted a global cybercrime ring abusing Azure […]

轻薄是新时代折叠屏旗舰手机的「入场券」。

#勒索病毒 #BlackBasta #Ransomware BlackBasta勒索病毒攻击

Konni APT组织攻击样本分析

A vulnerability was found in Linux Kernel up to 6.1.121/6.6.67/6.12.6. It has been classified as problematic. This affects the function ocelot_ifh_set_basic in the library lib/packing.c of the file net/dsa/tag_ocelot.c of the component mscc. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2024-56717. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.121/6.6.67/6.12.6. This issue affects the function list_del of the component smc. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-56718. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Kevon Adonis WP Abstracts Plugin up to 2.7.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-50411. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Jules Colle Conditional Fields for Contact Form 7 Plugin up to 2.4.15 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-50412. It is possible to launch the attack remotely. There is no exploit available.