Aggregator

A vulnerability, which was classified as very critical, has been found in Microsoft Internet Explorer up to 6. Affected by this issue is some unknown functionality in the library urlmon.dll. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2006-1189. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Drupal up to 6.5. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2008-6170. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 微软认可了一个以EncryptHub身份活动的独狼黑客，他发现了Windows中的两个安全漏洞，并于上个月报告了这些漏洞。这位黑客被描述为一个“矛盾”的个体，他在网络安全领域有着合法的职业生涯，同时也涉足网络犯罪。 瑞典安全公司Outpost24 KrakenLabs发布了一项新的深入分析，揭露了这位新兴网络犯罪分子的身份。大约十年前，这位黑客离开了他在乌克兰哈尔科夫的家乡，搬到了罗马尼亚海岸附近的一个新地方。 微软将这两个漏洞归功于一个名为“SkorikARI with SkorikARI”的用户，据评估这是EncryptHub的另一个用户名。这两个漏洞已在上个月的Patch Tuesday更新中被修复，具体如下： – CVE-2025-24061（CVSS评分：7.8）- 微软Windows Mark-of-the-Web（MotW）安全功能绕过漏洞 – CVE-2025-24071（CVSS评分：6.5）- 微软Windows文件资源管理器欺骗漏洞 EncryptHub还被追踪为LARVA-208和Water Gamayun，他在2024年中期因利用一个虚假的WinRAR网站分发各种恶意软件而受到关注，这些恶意软件托管在一个名为“encrypthub”的GitHub存储库中。 最近几周，这位威胁行为者被归因于微软管理控制台（CVE-2025-26633，CVSS评分：7.0，也称为MSC EvilTwin）的零日漏洞利用，以交付信息窃取器和以前未记录的后门，名为SilentPrism和DarkWisp。 据PRODAFT估计，在过去九个月的运营中，EncryptHub已经攻陷了超过618个高价值目标，涵盖多个行业。 “我们调查过程中分析的所有数据都指向一个单独的个体的行为，”Outpost24的高级威胁情报分析师Lidia Lopez告诉《黑客新闻》。 “然而，我们不能排除与其他威胁行为者合作的可能性。在一个用于监控感染统计数据的Telegram频道中，还有另一个拥有管理权限的Telegram用户，这表明可能有其他没有明确组织隶属关系的人提供合作或帮助。” Outpost24表示，他们能够从“由于糟糕的操作安全实践导致的演员自我感染”中拼凑出EncryptHub的在线足迹，从而揭示了其基础设施和工具的新方面。 这位个体被认为在搬到罗马尼亚附近的一个未指明地点后保持低调，通过在线课程自学计算机科学，同时在业余时间寻找与计算机相关的工作。 然而，这位威胁行为者的所有活动在2022年初突然停止，这与俄乌战争的开始相吻合。Outpost24表示，他们发现的证据表明，他当时被监禁。 “释放后，他恢复了求职，这次提供自由职业的网络和应用程序开发服务，这获得了一些关注，”该公司在报告中表示。“但薪酬可能不够，短暂尝试漏洞赏金计划后未获成功，我们相信他在2024年上半年转向了网络犯罪。” EncryptHub在网络犯罪领域的早期尝试之一是Fickle Stealer，这是Fortinet FortiGuard Labs在2024年6月首次记录的一种基于Rust的信息窃取恶意软件，通过多个渠道分发。 在最近与安全研究员g0njxa的一次采访中，这位威胁行为者声称Fickle“在StealC或Rhadamantys（拼写错误）永远无法工作的系统上提供结果”，并且它“通过高质量的企业防病毒系统”。他们还表示，这个窃取器不仅被私下共享，而且还是他们另一个名为EncryptRAT的产品的“核心”部分。 “我们能够将Fickle Stealer与之前与EncryptHub相关的别名联系起来，”Lopez说。“此外，与该活动相关的其中一个域名与他合法自由职业工作的基础设施相匹配。从我们的分析来看，我们估计EncryptHub的网络犯罪活动始于2024年3月左右。Fortinet在6月的报告可能标志着这些行动的首次公开记录。” EncryptHub还被发现广泛依赖OpenAI的ChatGPT来协助恶意软件开发，甚至利用它来帮助翻译电子邮件和消息，并作为一种忏悔工具。 “EncryptHub的案例突显了糟糕的操作安全仍然是网络犯罪分子最严重的弱点之一，”Lopez指出。“尽管技术复杂，但基本错误——如密码重复使用、暴露的基础设施以及将个人活动与犯罪活动混为一谈——最终导致了他的曝光。”   消息来源：The Hacker News； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, has been found in Adobe Experience Manager up to 6.5.19. This issue affects some unknown processing of the component Form Field Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-26122. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Experience Manager up to 6.5.19. This vulnerability affects unknown code of the component Form Field Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-26098. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Commerce up to 2.4.6-p4/2.4.5-p6/2.4.4-p7/2.4.7-beta3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2024-20758. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Commerce up to 2.4.6-p4/2.4.5-p6/2.4.4-p7/2.4.7-beta3. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-20759. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.1/19.2. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-20766. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Dell Alienware Command Center. Affected is an unknown function. The manipulation leads to insufficient isolation of symbolic constant definitions. This vulnerability is traded as CVE-2024-0159. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Photoshop Desktop up to 24.7.2/25.3.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-20770. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in 2fly Gift Delivery System 6.0. Affected is an unknown function of the file 2fly_gift.php. The manipulation of the argument gameid leads to sql injection. This vulnerability is traded as CVE-2009-2915. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

在数字化浪潮席卷全球的今天，网络安全不再是”如果发生攻击”的问题，而是”何 […]

新闻速览 •损失已达百亿美元，汽车行业网络安全形势日益严峻 •Oracle因云数据泄露事件面临集体诉讼，或影响 […]

新闻速览 •ATT隐私框架实施存歧视，苹果公司被法国竞争管理局罚款1.5亿欧元 •密码学专家王晓峰夫妇神秘消失 […]

想象一下，一个初级程序员敲下几行自然语言描述，几秒钟后，一个完整的OAuth2授权服务——约2000行精确无误 […]

A vulnerability, which was classified as critical, has been found in Piwigo. Affected by this issue is the function rate_picture. The manipulation of the argument rate leads to sql injection. This vulnerability is handled as CVE-2014-9115. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Sunder Windows rootkit modeled after Lazarus Group’s FudModule rootkit. Reference this version of Sunder for an example of the appid.sys driver exploit, which was utilized by Lazarus Group FudModule rootkit. Sunder’s vulnerable driver in this GitHub repository...

The post Sunder: Windows rootkit designed to work with BYOVD exploits appeared first on Penetration Testing Tools.