Aggregator

A vulnerability classified as critical has been found in Apache Airflow. This affects an unknown part of the component Hive Provider. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2022-41131. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Insyde Kernel up to 5.5 on Intel and classified as critical. Affected by this vulnerability is an unknown functionality of the component SetupUtility Driver. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2022-35407. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Mitel MiCollab up to 9.6.0.13 and classified as critical. Affected by this issue is some unknown functionality of the component Web Conferencing. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2022-41326. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Fusiondirectory 1.3. It has been rated as problematic. This issue affects some unknown processing of the file /fusiondirectory/index.php. The manipulation of the argument message/plug leads to cross site scripting. The identification of this vulnerability is CVE-2022-36180. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in NdkAdvancedCustomizationFields 3.5.0. This vulnerability affects unknown code of the file rotateimg.php. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2022-40842. Access to the local network is required for this attack. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Appalti & Contratti 9.12.2. This issue affects some unknown processing. The manipulation of the argument idPagina leads to cross site scripting. The identification of this vulnerability is CVE-2022-44787. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in MyBB 1.8.31. It has been classified as problematic. Affected is an unknown function of the component Post Attachments Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-43708. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in MyBB 1.8.31. Affected is an unknown function of the component MyCode Visual Editor. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-43707. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Microweber 1.2.15. It has been rated as critical. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Host leads to injection. This vulnerability is handled as CVE-2022-33012. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Backdrop CMS 1.23.0. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-42094. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Backdrop CMS 1.23.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-42097. The attack can be launched remotely. There is no exploit available.

舆情治理与计算传播重点实验室于2024年7月由四川省社科联批准设立，是四川省第二批哲学社会科学重点实验室之一。实验室以“发挥智库作用，服务公安实战”为定位，主要有三个研究方向：“公安舆情研判与处置、开源情报分析、认知战与舆论战”。

本年度项目选题围绕“反恐理论研究”“反恐机制研究”“反恐实证研究”和“反恐国际合作研究”等领域。各类项目申报选题应符合申报指南所列研究方向。

本年度项目选题围绕“开源情报理论机制研究”“开源情报法规政策研究”“开源情报技术发展研究”“开源情报实践应用研究”和“开源情报国内国际合作研究”等领域。各类项目申报选题应围绕开源情报相关内容展开。

HackerNews 编译，转载请注明出处： 乌克兰最大的家居建材零售商Epicentr表示，其遭受的大规模网络攻击导致全国数十家门店运营中断，关键IT系统（包括收银机和物流服务）瘫痪。 本周一，乌克兰各地Epicentr门店的顾客因结账系统宕机无法购物，许多人反映无法接收订单、访问公司应用和网站。这家运营70多个购物中心（总面积超220万平方米）的零售商周二声明证实遭受定向攻击：“恶意行为者的蓄意攻击对公司基础设施造成严重后果。” 该公司未将事件归因于任何特定组织，也未明确黑客如何入侵系统或其最终目标，同时未确认攻击是否涉及勒索软件。截至周二下午，多数门店已恢复运营，但部分系统仍存在故障。Epicentr承认会计系统持续存在问题，关键财务记录和注册信息丢失，导致目前无法生成法定财务与税务报告。 Epicentr警告商品配送（尤其在线订单）可能出现延迟，顾客在其购物中心可能遭遇包裹追踪与自提服务问题。该公司雇佣29,000名员工，是乌克兰最大私营企业之一。 这是近月乌克兰企业遭遇的第三起重大网络攻击：2025年1月，该国农业巨头MHP报告“史上最严重”网络事件（未指明责任方）；3月，疑似俄罗斯黑客攻击国有铁路公司Ukrzaliznytsia，致使其在线售票服务中断。 除网络攻击外，Ukrzaliznytsia和Epicentr还屡遭俄罗斯导弹袭击。自全面入侵开始以来，Epicentr已损失10个购物中心（总面积超177,500平方米）。 乌克兰在持续战争背景下面临网络攻击浪潮：2024年，最大电信运营商Kyivstar遭毁灭性攻击致服务中断数日；近期乌当局报告国家登记系统遭攻击，涉及含生物识别、税务及房产数据的敏感数据库；2025年1月，某数据中心遭入侵，影响多家大型国企、国家邮政局及能源公司。 大型零售商全球范围内成恶意黑客首要目标。英国玛莎百货（Marks & Spencer）已应对网络攻击约一周。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

From OTAs to review aggregators to generative AI, new tools are bypassing first-party content. The result is a distorted customer journey and a growing gap in your visibility into user behavior, with clear implications for brand control and revenue.

The post The Great E-Scrape: How AI Summaries and Agentic Queries Are Sidelining Your Site appeared first on Security Boulevard.

HackerNews 编译，转载请注明出处： 安全研究人员发现一款伪装成合法WordPress插件的危险恶意软件变种。该恶意软件名为“WP-antymalwary-bot.php”，可让攻击者持久访问受感染网站、注入恶意代码，并能向网站访问者推送远程广告。 Wordfence威胁情报团队在2025年1月22日的常规网站清理中发现，该恶意软件模仿真实插件的结构，包含标准格式和元数据。但它具有多个特别危险的后门功能：紧急登录所有管理员（emergency_login_all_admins）功能允许攻击者使用GET请求和硬编码密码以管理员身份登录；执行管理员命令（execute_admin_command）功能通过REST API接收命令并无权限检查地执行，使攻击者能将PHP代码注入主题头部或清除插件缓存。 该插件最令人担忧的是自我复制特性。若被删除，它会通过修改后的wp-cron.php文件重新安装。该文件在网站被访问时运行，成为隐秘的再感染渠道：将恶意插件重新写入系统并自动激活。 恶意软件每分钟都会与位于塞浦路斯的命令与控制（C2）服务器通信，发送受感染网站的URL和时间戳。这种利用WordPress内置调度器的报告功能属于非常规策略，用于维护被入侵网站的数据库。 根据Wordfence，WP-antymalwary-bot.php的主要感染迹象包括： 包含check_plugin或emergency_login的异常GET请求 被篡改的wp-cron.php文件 主题header.php文件中的代码注入 通过base64解码URL插入的JavaScript广告 近期变种显示其复杂程度提升，允许动态更新广告推送URL（部分实现仍不完整），表明该恶意软件正在积极开发中并可能持续改进。 为降低感染风险，网站管理员应： 定期审计已安装插件和主题 移除未使用或可疑文件 监控未经授权的修改 确保文件完整性 禁用直接文件编辑功能 使用强管理员凭证和多因素认证（MFA） 实施定期异地备份 部署可靠的安全插件或防火墙       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in librenms up to 22.9.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-3561. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Phpgurukul Blood Donor Management System 1.0. This affects an unknown part of the component Add Blood Group Name Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-40470. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function formSetVirtualSer. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2022-44169. The attack needs to be approached within the local network. There is no exploit available.