Aggregator

A vulnerability has been found in D-Link DAP-1325 and classified as critical. Affected by this vulnerability is the function setDhcpAssignRangeUpdate. The manipulation of the argument lan_ipaddr leads to stack-based buffer overflow. This vulnerability is known as CVE-2023-41213. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DAP-1325 and classified as critical. Affected by this issue is the function SetTriggerAPValidate. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2023-41212. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DAP-1325. It has been classified as critical. Affected is the function setDhcpAssignRangeUpdate. The manipulation of the argument lan_ipaddr leads to stack-based buffer overflow. This vulnerability is traded as CVE-2023-41214. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in D-Link DAP-1325. Affected is the function SetSetupWizardStatus. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2023-44409. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in D-Link DAP-1325. Affected by this vulnerability is the function SetAPLanSettings. The manipulation of the argument IPAddr leads to stack-based buffer overflow. This vulnerability is known as CVE-2023-44408. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in D-Link DAP-1325. Affected by this issue is the function SetAPLanSettings. The manipulation of the argument Gateway leads to stack-based buffer overflow. This vulnerability is handled as CVE-2023-44407. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in D-Link DAP-1325. This affects the function SetAPLanSettings. The manipulation of the argument DeviceName leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2023-44406. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in D-Link DAP-1325 and classified as critical. This vulnerability affects the function get_value_of_key. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2023-44405. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in D-Link DAP-1325 and classified as critical. This issue affects the function get_value_from_app. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2023-44404. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in D-Link DAP-1325. It has been classified as critical. Affected is the function SetWLanRadioSettings of the component HNAP. The manipulation of the argument Channel leads to command injection. This vulnerability is traded as CVE-2023-44403. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in realmag777 HUSKY Plugin up to 1.3.6.1 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2024-43121. The attack may be initiated remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 据研究人员发现，一款名为“KoSpy”的新型安卓间软件谍与朝鲜威胁组织有关联，该组织已通过至少五个恶意应用渗透至谷歌应用商店和第三方应用商店APKPure。 Lookout研究人员表示，这款间谍软件归属于朝鲜威胁组织APT37（又名“ScarCruft”）。自2022年3月起，这一行动便已启动，且威胁组织一直在积极开发该恶意软件，以更新样本。 该间谍软件行动主要针对韩语和英语用户，通过伪装成文件管理器、安全工具和软件更新程序来实施攻击。 Lookout确定的五款应用为：휴대폰 관리자（手机管理器）、File Manager（文件管理器，包名com.file.exploer）、스마트 관리자（智能管理器）、카카오 보안（Kakao安全）和Software Update Utility（软件更新工具）。   这些恶意应用至少提供部分承诺的功能，但在后台加载KoSpy间谍软件。唯一例外的是Kakao Security，它仅显示一个虚假的系统窗口，同时请求访问高风险权限。 KoSpy应用界面 根据之前与朝鲜行动相关的IP地址、用于分发Konni恶意软件的域名，以及与另一个朝鲜赞助的威胁组织APT43的基础设施重叠情况，该行动被归咎于APT37。 一旦在设备上激活，KoSpy会从Firebase Firestore数据库中检索一个加密的配置文件，以躲避检测。 随后，它连接到实际的命令与控制（C2）服务器，并运行检查以确保它不在模拟器中运行。该恶意软件可以从C2服务器获取更新的设置、额外的可执行有效载荷，并通过一个“开关”动态地激活或停用。 KoSpy的数据收集能力包括： 截获短信和通话记录 实时追踪受害者的GPS位置 读取并窃取本地存储文件 利用设备麦克风录制音频 利用设备摄像头拍摄照片和视频 捕获设备屏幕截图 通过安卓辅助功能服务记录按键操作 每个应用使用独立的Firebase项目和C2服务器进行数据窃取，且数据在传输前使用硬编码的AES密钥进行加密。 尽管这些间谍软件应用已从谷歌应用商店和APKPure下架，但用户需要手动卸载它们，并使用安全工具进行扫描，以彻底清除设备上的任何感染残留。在严重情况下，建议进行出厂重置。 谷歌应用商店保护功能也能阻止已知的恶意应用，因此在已更新的安卓设备上启用该功能有助于抵御KoSpy。 谷歌发言人向BleepingComputer确认，Lookout确定的所有KoSpy应用都已从谷歌应用商店下架，相关的Firebase项目也已关闭。 “使用地区语言表明这是有针对性的恶意软件。在任何用户安装之前，2024年3月发现的最新恶意软件样本已从谷歌应用商店中移除，”谷歌告诉BleepingComputer。 “谷歌应用商店保护会自动保护安装了谷歌应用商店服务的安卓用户，使其免受已知版本的此类恶意软件的侵害，即使应用来自Play商店之外的来源。”   消息来源：Bleeping Computer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

人物访谈第六期: 自律计划责任感，伴我破浪向远方。系统软件安全实验室优秀博士生邬梦莹人物访谈。

人物访谈第六期: 自律计划责任感，伴我破浪向远方。系统软件安全实验室优秀博士生邬梦莹人物访谈。

人物访谈第六期: 自律计划责任感，伴我破浪向远方。系统软件安全实验室优秀博士生邬梦莹人物访谈。

人物访谈第六期: 自律计划责任感，伴我破浪向远方。系统软件安全实验室优秀博士生邬梦莹人物访谈。

人物访谈第六期: 自律计划责任感，伴我破浪向远方。系统软件安全实验室优秀博士生邬梦莹人物访谈。