Aggregator
西方非政府组织在吉尔吉斯斯坦的操控分析
1 year 7 months ago
这份资料是关于西方非政府组织在吉尔吉斯斯坦操控情况的分析报告,强调了西方国家在吉尔吉斯斯坦的活动及其对该国政
量子革命:未来战争的隐形利剑
1 year 7 months ago
随着人工智能技术的迅猛发展,人类社会已经进入了一个全新的智能时代。
Windows driver zero-day exploited by Lazarus hackers to install rootkit
1 year 7 months ago
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. [...]
Lawrence Abrams
适用于macOS的多个微软应用程序发现库注入漏洞,用户数据安全受威胁
1 year 7 months ago
研究人员建议,macOS 可以引入用户提示来降低这一风险。这将允许用户决定是否加载特定的第三方插件,从而提供一种更可控的访问授权方式。
俄罗斯网络犯罪组织利用假冒品牌网站传播 DanaBot 和 StealC 恶意软件
1 year 7 months ago
卡巴斯基研究人员揭露了一项复杂的信息窃取活动,该活动冒充合法品牌来分发DanaBot和StealC等恶意软件。 据称,该活动集群由俄语网络犯罪分子策划,代号为“Tusk”,包含多个子活动,利用平台的声誉诱骗用户使用虚假网站和社交媒体账户下载恶意软件。 卡巴斯基研究人员 Elsayed Elrefaei 和 AbdulRhman Alfaifi表示:“所有活跃的子活动都在 Dropbox 上托管初始下载程序。” “该下载程序负责向受害者的机器提供其他恶意软件样本,这些样本大多是信息窃取程序(DanaBot 和 StealC)和剪辑程序。” 迄今为止,已发现 19 个子攻击活动中,其中三个目前仍在活跃。“Tusk”这个名字指的是攻击者在与初始下载器相关的日志消息中使用的“Mammoth”一词。值得注意的是,Mammoth是俄罗斯电子犯罪集团经常用来指代受害者的俚语。 这些活动还因使用网络钓鱼手段欺骗受害者提供其个人和财务信息而闻名,这些信息随后在暗网上出售或用于未经授权访问他们的游戏账户和加密货币钱包。 三个子活动中的第一个名为 TidyMe,模仿 peerme[.]io,在 tidyme[.]io(以及 tidymeapp[.]io 和 tidyme[.]app)上托管一个相似的网站,该网站会诱使用户点击下载适用于 Windows 和 macOS 系统的恶意程序。可执行文件由 Dropbox 提供。 该下载器是一个 Electron 应用程序,启动时会提示受害者输入显示的 CAPTCHA,然后显示主应用程序界面,同时在后台秘密获取并执行另外两个恶意文件。 此次活动中观察到的有效载荷都是Hijack Loader构件,它们最终会启动 StealC 窃取恶意软件的变种,能够收集广泛的信息。 第二个子活动 RuneOnlineWorld(“runeonlineworld[.]io”)使用一个模拟大型多人在线(MMO)游戏 Rise Online World 的虚假网站来分发类似的下载程序,为受感染主机上的 DanaBot 和 StealC 铺平道路。 在这次活动中,通过 Hijack Loader 分发的还有一种基于 Go 的剪切板监视恶意软件,该恶意软件旨在监视剪贴板内容,并使用攻击者控制的比特币钱包替换受害者复制的钱包地址,以执行欺诈交易。 活跃活动的最后一项是 Voico,它冒充名为 YOUS(yous[.]ai)的 AI 翻译项目,并使用名为 voico[.]io 的恶意对应项目来传播初始下载程序,在安装时,该下载程序会要求受害者填写包含其凭证的注册表,然后将信息记录在控制台上。 最终的有效载荷表现出与第二个子活动类似的行为,唯一的区别是,在这种情况下使用的 StealC 恶意软件与不同的命令和控制 (C2) 服务器进行通信。 “这些活动表明,网络犯罪分子的威胁持续不断且不断演变,他们善于模仿合法项目来欺骗受害者。对网络钓鱼等社会工程技术的依赖,加上多阶段恶意软件传递机制,凸显了威胁行为者的先进能力。”研究人员表示,“通过利用用户对知名平台的信任,这些攻击者有效地部署了一系列恶意软件,旨在窃取敏感信息,破坏系统,并最终获取经济利益。” 转自军哥网络安全读报,原文链接:https://mp.weixin.qq.com/s/a777eGTYEUHDwa5qfuODsw 封面来源于网络,如有侵权请联系删除
内容转载
Windows 0day(CVE-2024-38193)攻击与朝鲜 Lazarus APT 有关
1 year 7 months ago
Gen Threat Labs 的安全研究人员认为,微软上周修补的一个被利用的0day漏洞与朝鲜的 Lazarus APT 组织有关。 该漏洞被编号为CVE-2024-38193,并被微软标记为“积极利用”,允许在最新的 Windows 操作系统上获得 SYSTEM 权限。 Gen 是 Norton、Avast、LifeLock 和 Avira 等消费品牌的集合,该公司发布了一条简短的说明,称此次攻击与 Lazarus 通过使用 FudModule rootkit 相关联。但是,该公司并未发布任何指标或技术文档来支持这种关联。 “6 月初,Luigino Camastra 和 Milanek 发现 Lazarus 组织正在利用 Windows 中一个关键部分 AFD.sys 驱动程序中隐藏的安全漏洞。该漏洞使他们能够未经授权访问敏感系统区域。我们还发现他们使用一种名为 Fudmodule 的特殊恶意软件来隐藏他们的活动,不让安全软件发现。”该公司表示,但没有提供更多细节。 Avast 之前曾将 FudModule 记录为 Lazarus APT 工具包的一部分,该工具包包含可追溯至二月份的管理员到内核的 Windows 0day漏洞。 这是微软在 8 月补丁日安全更新中发现的六个0day漏洞之一。安全专家还认为,朝鲜 APT 组织正在利用第二个漏洞 ( CVE-2024-38178 ) 来攻击韩国受害者。 该漏洞是 Windows 脚本引擎中的一个内存损坏漏洞,如果经过身份验证的客户端被诱骗点击链接,则会导致远程代码执行攻击。要成功利用此漏洞,攻击者首先需要准备目标,使其在 Internet Explorer 模式下使用 Edge。 Ahn 实验室和韩国国家网络安全中心报告了此脚本引擎0day漏洞,表明该漏洞被用于国家级 APT 攻击。微软并未发布 IOC(攻击指标)或任何其他数据来帮助防御者寻找感染迹象。 转自军哥网络安全读报,原文链接:https://mp.weixin.qq.com/s/OgFKCyYGQd221n52-E4Vww 封面来源于网络,如有侵权请联系删除
内容转载
俄勒冈州动物园售票服务遭黑客攻击,118000 人信息被盗
1 year 7 months ago
俄勒冈州动物园通知大约 118000 人,称他们的姓名和支付卡信息在其在线售票服务中被盗。 6 月 26 日发现了该数据泄露事件,泄露的数据包括姓名、支付卡号、CVV 等。动物园称2023年12月20日至2024年6月26日期间的交易可能受到影响。 该动物园在提交给缅因州总检察长办公室的监管文件中表示:“为防止产生其他的影响,俄勒冈动物园审查了这段期间的所有交易,确定了所有支付卡信息可能受到影响的人。” 据该动物园称,威胁者通过重定向处理俄勒冈州动物园在线购票的第三方供应商的交易来实施攻击。动物园立即停用了受影响的网站,并建立了一个新的安全在线购票网站。 另外,该动物园已于8月16日向缅因州动物保护协会发送了书面通知,指出可能有117815只动物受到影响。 “俄勒冈动物园已将此事通报联邦执法部门。并且也在审查其政策和程序,以减少未来发生类似事件的可能性,”动物园表示。 动物园为可能受到影响的个人提供一年的免费信用监控和身份保护服务。 虽然动物园尚未明确透露导致数据泄露的具体网络攻击类型,但该事件可能与俄勒冈州动物园在线票务服务受到网络浏览器感染有关。 网络窃取器也称为数字窃取器、JavaScript 嗅探器或 JS 嗅探器,是一个恶意软件家族,通常会被威胁行为者注入到合法网站上(通常在结帐页面上),以窃取访问者的个人和支付卡信息。 盗取器感染通常难以被发现,俄勒冈州动物园就是一个例子,被盗信息被用于实施各种欺诈行为。迄今为止,网络安全研究人员已经确定了 130 多个数字盗取器家族。 作为美国最古老的动物园之一,成立于 1888 年的俄勒冈动物园归当地大都会政府所有,占地 64 英亩。 消息来源:securityweek,译者:YY; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews
Cybersecurity Consulting: Is It the Right Career for You?
1 year 7 months ago
Explore the Wide Range of Categories and Services and What It Takes to Do the Job
Cybersecurity consulting encompasses a wide array of services and specialties, ranging from high-level strategic guidance to hands-on technical support. Discover the categories and learn how to position yourself as a trusted expert in the cybersecurity consulting field.
Cybersecurity consulting encompasses a wide array of services and specialties, ranging from high-level strategic guidance to hands-on technical support. Discover the categories and learn how to position yourself as a trusted expert in the cybersecurity consulting field.
The Upside-Down, Topsy-Turvy World of Ransomware
1 year 7 months ago
Crowded Leak Site May Be a Weakness and Fewer New Players a Sign of Higher Quality
How many ransomware victims pay their attackers a ransom precisely to avoid having their names listed - or their stolen data dumped - on a ransomware group's data leak blog? We don't know, but leak site posts don't correlate well with security firms' telemetry data.
How many ransomware victims pay their attackers a ransom precisely to avoid having their names listed - or their stolen data dumped - on a ransomware group's data leak blog? We don't know, but leak site posts don't correlate well with security firms' telemetry data.
Balancing AI's Promise and Risks in Cybersecurity
1 year 7 months ago
How to Responsibly Embrace AI's Potential to Strengthen Cybersecurity Defenses
Verizon’s 2024 DBIR shows a gap between generative AI's perceived capabilities and its actual use in cyberattacks, citing skyrocketing gen AI "hype" and very low actual gen AI "mentions" alongside traditional attack types. But it's still essential for security leaders to focus on AI risks now.
Verizon’s 2024 DBIR shows a gap between generative AI's perceived capabilities and its actual use in cyberattacks, citing skyrocketing gen AI "hype" and very low actual gen AI "mentions" alongside traditional attack types. But it's still essential for security leaders to focus on AI risks now.
Why MDR Stalwart eSentire Is Looking to Sell Itself for $1B
1 year 7 months ago
Aging Technology and Rising Competition Have Created a Need for Greater Investment
The owners of eSentire are exploring a potential sale that could value the company at about $1 billion and attract the interest of private equity firms. The company is hoping to command a valuation equivalent to more than seven times its annual recurring revenue of about $150 million.
The owners of eSentire are exploring a potential sale that could value the company at about $1 billion and attract the interest of private equity firms. The company is hoping to command a valuation equivalent to more than seven times its annual recurring revenue of about $150 million.
Securing Your AI: Protecting Against Hidden Threats
1 year 7 months ago
Live Webinar: Enhancing Third-Party Risk Management for a Unified Risk Strategy
1 year 7 months ago
Live Webinar | Breaking Down Barriers: DevSecOps & CSPM
1 year 7 months ago
Live Webinar | Evolving Beyond Legacy: Fast-Tracking Innovation with Modern Identity Security
1 year 7 months ago
Background Check Firm National Public Data Confirms Breach
1 year 7 months ago
1.3 Million Individuals Being Notified Their Social Security Numbers Were Stolen
Background check firm Jericho Pictures, which does business as National Public Data, is notifying 1.3 million individuals that their personal information was stolen via a December 2023 breach of its systems. The stolen information was listed for sale on a cybercrime market beginning in April.
Background check firm Jericho Pictures, which does business as National Public Data, is notifying 1.3 million individuals that their personal information was stolen via a December 2023 breach of its systems. The stolen information was listed for sale on a cybercrime market beginning in April.
Florida-Based Drug Testing Lab Says 300,000 Affected in Hack
1 year 7 months ago
Cybercriminal Gang RansomHub Claims It Leaked 700 Gigabytes of Lab's Stolen Data
Florida drug testing medical laboratory American Clinical Solutions told federal regulators that 300,000 individuals are caught up in a hacking incident now that criminal gang RansomHub has published 700 gigabytes worth of data stolen from the lab's network.
Florida drug testing medical laboratory American Clinical Solutions told federal regulators that 300,000 individuals are caught up in a hacking incident now that criminal gang RansomHub has published 700 gigabytes worth of data stolen from the lab's network.
Building Timely and Truthful LLMs for Security Operations
1 year 7 months ago
NYU's Brennan Lodge on Training Your Own Model With Retrieval Augmented Generation
Many cybersecurity organizations hope generative artificial intelligence and large language models will help them secure the enterprise and comply with the latest regulations. But to date, commercial LLMs have big problems - hallucinations and a lack of timely data, said NYU professor Brennan Lodge.
Many cybersecurity organizations hope generative artificial intelligence and large language models will help them secure the enterprise and comply with the latest regulations. But to date, commercial LLMs have big problems - hallucinations and a lack of timely data, said NYU professor Brennan Lodge.
FBI Confirms Iranian Hack Targeting Trump Campaign
1 year 7 months ago
FBI Says Iran, Russia Ramping Up Influence Operations Ahead of National Vote
The FBI confirmed recent reports that Iran hacked into former President Donald Trump’s campaign, saying in a Monday statement the country was attempting "to stoke discord and undermine confidence" in the U.S. democratic process through online influence operations and other malicious efforts.
The FBI confirmed recent reports that Iran hacked into former President Donald Trump’s campaign, saying in a Monday statement the country was attempting "to stoke discord and undermine confidence" in the U.S. democratic process through online influence operations and other malicious efforts.