Aggregator

有赞支付被处罚2787万元，系年内支付行业第二笔超大罚金，具体违规行为包括未严格落实开户实名制审核要求；违反账户管理规定等。

近期，有攻击者利用虚假的求职面试和编码测试诱骗开发人员下载运行恶意软件。该活动被称为 VMConnect， 疑似与朝鲜 Lazarus 集团有关 。 针对 Python 开发人员的虚假编码测试 恶意行为者会伪装成知名金融服务公司（包括 Capital One 等美国大公司）的招聘人员，试图诱导开发人员下载恶意软件。 然后利用虚假的求职面试和编码测试诱骗受害者执行恶意软件，恶意软件通常隐藏在编译好的 Python 文件中或嵌入在压缩文件中。恶意软件随后从缓存的编译文件中执行，因此很难被发现。 ReversingLabs 的研究人员发现，攻击者会使用 GitHub 存储库和开源容器来托管其恶意代码。这些代码通常会伪装成编码技能测试或密码管理器应用程序，代码附带的 README 文件包含诱骗受害者执行恶意软件的说明。这些文件往往使用 “Python_Skill_Assessment.zip ”或 “Python_Skill_Test.zip ”等名称。 他们发现，恶意软件包含在经过修改的 pyperclip 和 pyrebase 模块文件中，这些文件也经过 Base64 编码，以隐藏下载程序代码。这些代码与 VMConnect 活动早期迭代中观察到的代码相同，后者向 C2 服务器发出 HTTP POST 请求以执行 Python 命令。 在一次事件中，研究人员成功识别出一名受到攻击者欺骗的开发人员。攻击者伪装成Capital One的招聘人员，然后通过LinkedIn个人资料和开发人员取得联系，并向他提供了一个GitHub的链接作为一项题目。当被要求推送更改时，假冒的招聘人员指示他分享截图，以证明任务已经完成。 安全研究人员随后访问的 .git 文件夹中的日志目录中包含一个 HEAD 文件，该文件显示了克隆该仓库并实施所需功能的开发人员的全名和电子邮件地址。 研究人员立即与该开发人员取得了联系，并确认他于今年 1 月感染了恶意软件，而该开发人员并不知道自己在此过程中执行了恶意代码。 虽然此事件已经追溯到了几个月前，但研究人员认为，目前有足够的证据和活动线索表明该活动仍在继续。7 月 13 日，他们又发现了一个新发布的 GitHub 存储库，与之前事件中使用的存储库相吻合，但使用的是不同的账户名。 通过进一步调查，研究人员发现这个“尘封”的GitHub 账户在他们与受害者建立联系的同一天又活跃了起来，并认为威胁行为者可能仍保留着对受感染开发人员通信的访问权限。研究人员还认为，被联系的开发人员可能与恶意活动有关联。   转自Freebuf，原文链接：https://www.freebuf.com/news/410804.html 封面来源于网络，如有侵权请联系删除

唯一上榜《财富》的网络安全企业

期待你的加入！

比赛时间：2024.9.13 - 2024.9.30

A vulnerability, which was classified as very critical, has been found in SmartCode VNC Manager 3.6. Affected by this issue is the function connectasyncex in the library scvncctrl.dll of the component ActiveX Control. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2007-2526. The attack may be launched remotely. Furthermore, there is an exploit available.

Масштабная полицейская операция завершилась изъятием подозрительной техники и денежных средств.

A vulnerability, which was classified as problematic, was found in IBM Cognos Business Intelligence 10.2/10.2.1/10.2.1.1/10.2.2. This affects an unknown part. The manipulation leads to credentials management (Credentials). This vulnerability is uniquely identified as CVE-2017-1764. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in IBM WebSphere Application Server 3.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure (File). This vulnerability is known as CVE-2017-1681. It is possible to launch the attack on the local host. There is no exploit available.

法国 AI 创业公司 Mistral AI 发布了其首个多模模型 Pixtral 12B，具有语言和视觉处理能力，它能识别图像但不能生成图像。用户可通过 Hugging Face 和 GitHub 访问其源代码，源码采用 Apache 2.0 许可，用户可以不受限制的下载、微调和使用。Pixtral 12B 有 120 亿参数，模型大小 24GB。它是基于文本模型 Nemo 12B，应该能执行为图像添加文字描述和计算照片中物体数量等任务。Mistral 没有披露使用了哪些图像去训练模型。

CVE-2024-21096是一个中等严重性的漏洞，它影响Oracle MySQL Server产品中的mysqldump组件。

自10日早上8点到11日晚上8点，火灾持续了整整36小时，仍未完全扑灭。

В рамках инициативы предлагаются технологии обработки данных и оценка рисков конфиденциальности.

The British government announced on Thursday it had designated the data center sector as a part of

A vulnerability was found in HTML5 Video Player Plugin up to 2.5.32 on WordPress. It has been rated as critical. This issue affects the function h5vp_ajax_handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-7727. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Post Grid and Gutenberg Blocks Plugin 2.2.87/2.2.88/2.2.89/2.2.90 on WordPress. Affected is an unknown function. The manipulation leads to incorrect privilege assignment. This vulnerability is traded as CVE-2024-8253. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in HTML5 Video Player Plugin up to 2.5.34 on WordPress. Affected by this vulnerability is an unknown functionality of the component Options Update Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-7721. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Gallagher Command Centre Server. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to inclusion of functionality from untrusted control sphere. The identification of this vulnerability is CVE-2024-43690. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in dset up to 3.1.3. Affected is the function dset. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-21529. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in wpdelicious WP Delicious Plugin up to 1.6.9 on WordPress. It has been rated as critical. This issue affects the function save_edit_profile_details of the file wp-config.php of the component Path Validation Handler. The manipulation leads to file inclusion. The identification of this vulnerability is CVE-2024-7626. The attack may be initiated remotely. There is no exploit available.