Космические похороны по цене iPhone. Как попутные запуски SpaceX сделали орбиту доступной для мёртвых
Аппарат выведут на солнечно-синхронную орбиту около 550 км и обещают, что его можно будет «поймать» в ночном небе
Aggregator
GhostPoster攻势再起:17款恶意浏览器扩展伪装潜伏 累计下载量超84万
2 months 1 week ago
研究人员在 Chrome、Firefox 和 Edge 应用商店中又发现了17款与GhostPoster攻击活动相关的恶意扩展,这些扩展的累计安装量已高达84万次。
GhostPoster 活动最早由Koi Security的研究人员在2025年12月披露。当时他们发现了17款扩展,这些扩展将恶意 JavaScript 代码隐藏在其 Logo 图片中,用于监控浏览器活动并植入后门。
该恶意代码会从外部资源获取经过高度混淆的载荷(Payload),进而追踪受害者的浏览活动、劫持主流电商平台的联盟营销链接,并注入不可见的 iframe 以实施广告欺诈和点击欺诈。
LayerX的一份新报告指出,尽管该活动已被曝光,但仍在持续进行,以下 17 款扩展均为其最新成员:
·Google Translate in Right Click – 522,398 次安装
·Translate Selected Text with Google - 159,645 次安装
·Ads Block Ultimate – 48,078 次安装
·Floating Player – PiP Mode – 40,824 次安装
·Convert Everything – 17,171 次安装
·Youtube Download – 11,458 次安装
·One Key Translate – 10,785 次安装
·AdBlocker – 10,155 次安装
·Save Image to Pinterest on Right Click – 6,517 次安装
·Instagram Downloader – 3,807 次安装
·RSS Feed – 2,781 次安装
·Cool Cursor – 2,254 次安装
·Full Page Screenshot – 2,000 次安装
·Amazon Price History – 1,197 次安装
·Color Enhancer – 712 次安装
·Translate Selected Text with Right Click – 283 次安装
·Page Screenshot Clipper – 86 次安装
研究人员称,该活动最初起源于 Microsoft Edge 应用商店,随后扩展至 Firefox 和 Chrome。
LayerX 发现,上述部分扩展自 2020 年起就已存在于浏览器插件商店中,这表明这是一场成功的长期潜伏行动。
扩展上传时间轴
虽然其规避检测和激活后的功能与 Koi 之前记录的大致相同,但 LayerX 在“Instagram Downloader”扩展中发现了一个更高级的变种。
该变种的不同之处在于,它将恶意的“预加载逻辑”转移到了扩展的后台脚本中,并将捆绑的图像文件不仅用作图标,还作为隐蔽的载荷容器。
解码图像文件的有效载荷
在运行时,后台脚本会扫描图像的原始字节以寻找特定的分隔符(>>>>),提取隐藏数据并存储在本地扩展存储中,随后将其 Base64 解码并作为 JavaScript 执行。
这种分阶段的执行流程表明,该恶意软件正朝着更长的潜伏期、模块化以及更强的抗静态和行为检测能力方向进化。
新发现的这些扩展目前已从 Mozilla 和 Microsoft 的插件商店中下架。然而,此前已在浏览器中安装了这些扩展的用户可能仍面临风险。
胡金鱼
《中国信息安全》杂志2026年第1期目录
2 months 1 week ago
欢迎订阅《中国信息安全》杂志!
中国信息安全测评中心主任彭涛:策马奔腾续写网络安全事业发展新篇章
2 months 1 week ago
2025 年是“十四五”圆满收官之年,也是“十五五”接续开启的关键之年。回顾这一年的铿锵足迹,在以习近平同志为核心的党中央坚强领导下,我们踔厉奋发、逢山开路、遇水架桥,克服重重艰难险阻,同大国比拼、同风险较量。
CSTIS:关于防范MuddyWater组织网络攻击的风险提示
2 months 1 week ago
近日,工业和信息化部网络安全威胁和漏洞信息共享平台(CSTIS)监测发现,MuddyWater组织近期针对政府、军事、电信、能源等机构实施网络攻击,窃取系统凭证、机密文件等敏感数据。
攻击者通过鱼叉邮件投递双重伪装载荷,一类是伪装成PDF文档的可执行文件(如“xxx.pdf.exe”),另一类则在DOC文档中嵌入恶意宏代码。一旦受害者误启PDF文档,伪装文档将立即释放UDPGangster后门(MuddyWater组织的UDP后门,支持远程控制、窃密等)到本地。对于嵌入恶意宏代码的DOC文档,一旦打开,宏代码将会被静默执行并从自身解密释放后续载荷,将其保存为txt文件后重命名为装载UDPGangster的novaservice.exe可执行文件。攻击载荷成功在内存部署后门后,UDPGangster会将自身复制为SystemProc.exe,并通过写入注册表HKCU\...\UserShellFolders\Startup实现自动启动。同时,MuddyWater组织采用动态C2连接策略,优先读取本地配置文件,失败则回退至硬编码C2地址。后门程序会收集主机名、工作组、系统版本及用户名等数据,加密回传至服务端,最终建立对目标主机的远程控制。
建议相关单位及用户立即禁用Office宏执行策略,阻断恶意文档释放攻击载荷;部署邮件网关动态沙箱,深度检测伪装PDF的可执行文件及带宏文档;实时监控注册表路径HKCU\Software\...\UserShellFolders\Startup异常写入,清除SystemProc.exe后门持久化项。
相关IOC信息
MD5:
07502104c6884e6151f6e0a53966e199
409d02d6153af220e527fd72256ee3a5
561b2983d558283c446ff674ff6138c3
7bfbc76c7eeb652d73b85c99ee83b339
9e06b36f4da737b8d699a6846c2540e9
a39f74247367e0891f18b7662c8e69b5
a546d2363a4b94e361d0874b690c853b
a9235540208fa6a25614c24a59e19199
aa75a0baebc93d4ca7498453ef64128a
bed77abc7e12230439c0b53dd68ffaf7
d84812961fc7cd8340031efd7b5508a8
dd6af28d1a03193fc76001b04d5827cc
de14abbda6a649d9ec90a816847f95db
e09a720574a6594b1444ebc1d6cca969
e5dd608292b6f421b0c108816d25fc5e
SHA256:
7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53
aea51eaafacd03ade98875b107481d46a8f79ea9d903172b2ed8458c785a8273
d766a8ff123449a8c87fb3570c885439ccfd7d6151847d6d1f44ee7a59c4845c
ff62c294a2bcfee0d291b15ff1fd1733d08ab901281acf9c089f4662b4002a69
SHA1:
0543e6c36ca89e5d3e13656af0d1b4af0b7585c9
7bb0d162bbaa462c516502d1db56818d24ad825f
903e97ee731796fde34153c71eb718a1015ba358
d00280f07f2159adb16d8f76b7838e3e86773a7e
关联域名:
157[.]20[.]182[.]75[:]1269
64[.]7[.]198[.]12[:]1259
关联IP地址:
157[.]20[.]182[.]75
64[.]7[.]198[.]12
文章来源自:网络安全威胁和漏洞信息共享平台
胡金鱼
【黑产大数据】2025年数据泄露风险态势报告
2 months 1 week ago
2025 年数据泄露持续高位运行,黑产在组织形态、攻击路径与数据交易方式上全面升级,高价值金融数据成为黑产核心目标。
从现网到靶场:2025云上AI安全事件深度复盘
2 months 1 week ago
本文聚焦现网真实安全事件,深度复盘2025年典型云上AI安全事件,还原真实攻击路径并给出安全防护建议
JVN: dr_flacにおける整数オーバーフローの脆弱性
2 months 1 week ago
dr_flacには整数オーバーフローの脆弱性が存在します。
CVE-2020-11979 | Oracle Retail Assortment Planning 16.0.3 Custom Workbooks temp file (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability was found in Oracle Retail Assortment Planning 16.0.3. It has been classified as critical. This impacts an unknown function of the component Custom Workbooks. The manipulation leads to creation of temporary file in directory with insecure permissions.
This vulnerability is listed as CVE-2020-11979. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2020-11979 | Oracle Retail Service Backbone 14.1.3/15.0.3/16.0.3 RSB kernel injection (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability identified as critical has been detected in Oracle Retail Service Backbone 14.1.3/15.0.3/16.0.3. Impacted is an unknown function of the component RSB kernel. This manipulation causes injection.
This vulnerability is registered as CVE-2020-11979. Remote exploitation of the attack is possible. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2020-11979 | Oracle Retail Store Inventory Management 14.1.3.9/15.0.3.0/16.0.3.0 SIM Integration injection (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability labeled as critical has been found in Oracle Retail Store Inventory Management 14.1.3.9/15.0.3.0/16.0.3.0. The affected element is an unknown function of the component SIM Integration. Such manipulation leads to injection.
This vulnerability is documented as CVE-2020-11979. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2020-11979 | Oracle Communications Unified Inventory Management 7.4.0/7.4.1 Apache Ant temp file (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability marked as critical has been reported in Oracle Communications Unified Inventory Management 7.4.0/7.4.1. Affected is an unknown function of the component Apache Ant. This manipulation causes creation of temporary file in directory with insecure permissions.
The identification of this vulnerability is CVE-2020-11979. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2020-11979 | Oracle API Gateway 11.1.2.4.0 temp file (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability classified as critical has been found in Oracle API Gateway 11.1.2.4.0. This impacts an unknown function of the component Oracle API Gateway. The manipulation leads to creation of temporary file in directory with insecure permissions.
This vulnerability is documented as CVE-2020-11979. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2020-11979 | Oracle Endeca Information Discovery Studio 3.2.0.0 temp file (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability was found in Oracle Endeca Information Discovery Studio 3.2.0.0. It has been classified as critical. This issue affects some unknown processing of the component Studio. The manipulation leads to creation of temporary file in directory with insecure permissions.
This vulnerability is uniquely identified as CVE-2020-11979. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2020-11979 | Oracle Retail Advanced Inventory Planning 14.1 Operations / Maintenance temp file (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability was found in Oracle Retail Advanced Inventory Planning 14.1 and classified as critical. This affects an unknown function of the component Operations / Maintenance. Executing a manipulation can lead to creation of temporary file in directory with insecure permissions.
This vulnerability is tracked as CVE-2020-11979. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2020-11979 | Oracle Financial Services Analytical Applications Infrastructure injection (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability labeled as critical has been found in Oracle Financial Services Analytical Applications Infrastructure 8.0.6/8.0.7/8.0.8/8.0.9/8.1.0. This vulnerability affects unknown code of the component Infrastructure. Such manipulation leads to injection.
This vulnerability is listed as CVE-2020-11979. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2020-11979 | Oracle Enterprise Repository 11.1.1.7.0 Security Subsystem injection (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability marked as critical has been reported in Oracle Enterprise Repository 11.1.1.7.0. Impacted is an unknown function of the component Security Subsystem. The manipulation leads to injection.
This vulnerability is referenced as CVE-2020-11979. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2020-11979 | Oracle Retail Financial Integration 14.1.3/15.0.3/16.0.3 PeopleSoft Integration injection (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability was found in Oracle Retail Financial Integration 14.1.3/15.0.3/16.0.3. It has been classified as critical. Affected by this issue is some unknown functionality of the component PeopleSoft Integration. Performing a manipulation results in injection.
This vulnerability is identified as CVE-2020-11979. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2020-11979 | Oracle Retail Integration Bus 14.1.3/15.0.3/16.0.3 RIB Kernal injection (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability was found in Oracle Retail Integration Bus 14.1.3/15.0.3/16.0.3. It has been declared as critical. This affects an unknown part of the component RIB Kernal. Executing a manipulation can lead to injection.
This vulnerability is tracked as CVE-2020-11979. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2020-11979 | Oracle Banking Platform up to 2.8.0 Installer injection (EUVD-2021-0549 / WID-SEC-2024-0794)
2 months 1 week ago
A vulnerability was found in Oracle Banking Platform up to 2.8.0 and classified as critical. This affects an unknown function of the component Installer. Such manipulation leads to injection.
This vulnerability is uniquely identified as CVE-2020-11979. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com