Aggregator

CVE-2024-45509 | MISP up to 2.4.196 Bookmark BookmarksController.php access control

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability, which was classified as critical, was found in MISP up to 2.4.196. Affected is an unknown function of the file app/Controller/BookmarksController.php of the component Bookmark Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-45509. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-45527 | REDCap 14.7.0 New Project Action index.php project title cross site scripting

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in REDCap 14.7.0. This issue affects some unknown processing of the file index.php?logout=1 of the component New Project Action Handler. The manipulation of the argument project title leads to basic cross site scripting. The identification of this vulnerability is CVE-2024-45527. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2017-6979 | Apple watchOS up to 3.2.1 IOSurface race condition (HT207800 / EDB-42555)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Apple watchOS up to 3.2.1. It has been declared as critical. This vulnerability affects unknown code of the component IOSurface. The manipulation leads to race condition. This vulnerability was named CVE-2017-6979. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2014-5812 | Viedemerde VDM Officiel 5.0 X.509 Certificate cryptographic issues (VU#582497)

Vuldb Updates
2 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Viedemerde VDM Officiel 5.0. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-5812. Access to the local network is required for this attack. There is no exploit available.
vuldb.com

Damn Vulnerable UEFI: Simulate real-world firmware attacks

Help Net Security
2 months 2 weeks ago

Damn Vulnerable UEFI (DVUEFI) is an open-source exploitation toolkit and learning platform for unveiling and fixing UEFI firmware vulnerabilities. Simulate real-world firmware attacks DVUEFI was created to assist ethical hackers, security researchers, and firmware enthusiasts in beginning their journey into UEFI firmware security by providing examples to explore potential vulnerabilities. The project is engineered to simulate real-world firmware attacks, offering an environment for practicing and refining exploitation techniques. DVUEFI includes a comprehensive, ever-growing catalog of … More →

The post Damn Vulnerable UEFI: Simulate real-world firmware attacks appeared first on Help Net Security.

Help Net Security

CVE-2017-6979 | Apple tvOS up to 10.2.0 IOSurface race condition (HT207801 / EDB-42555)

Vuldb Updates
2 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Apple tvOS up to 10.2.0. This issue affects some unknown processing of the component IOSurface. The manipulation leads to race condition. The identification of this vulnerability is CVE-2017-6979. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2007-1790 | Kaqoo Auction Software leave_feedback.inc.php install_root code injection (EDB-3607 / XFDB-33335)

Vuldb Updates
2 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Kaqoo Auction Software. Affected by this issue is some unknown functionality of the file include/display/leave_feedback.inc.php. The manipulation of the argument install_root leads to code injection. This vulnerability is handled as CVE-2007-1790. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2017-6979 | Apple iOS up to 10.3.1 IOSurface access control (HT207798 / EDB-42555)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Apple iOS up to 10.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component IOSurface. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2017-6979. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2017-6978 | Apple macOS up to 10.12.4 Accessibility Framework memory corruption (HT207797 / EDB-42056)

Vuldb Updates
2 months 2 weeks ago
A vulnerability classified as critical was found in Apple macOS up to 10.12.4. Affected by this vulnerability is an unknown functionality of the component Accessibility Framework. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-6978. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

为什么所有账户(甚至测试账户)都需要强密码

嘶吼
2 months 2 weeks ago

强密码是保护用户帐户的关键——即使是已经忘记的帐户。黑客也会寻找任何方法来访问用户的环境或窃取数据,甚至利用早已被遗忘的陈旧或不活跃的帐户。

旧账户很容易被忽视,但它们仍然可以为黑客提供初始访问路线,并为他们提供扩大活动的平台。每个有权访问用户基础设施的账户都很重要。

保护测试账户

测试环境(例如在创建新软件或网站功能时生成的环境)是黑客的首要目标。犯罪分子可以利用这些帐户轻松访问数据:例如,用于开发测试环境的真实客户信息。他们甚至可以利用这些环境作为跳板,访问其他更具特权的帐户。黑客可以利用管理员或特权帐户造成更大的破坏。

当熟练的攻击者获得具有登录凭据的任何用户帐户的访问权限(即使是具有非常低访问权限的旧测试帐户)时,他们可以将其用作扩展访问权限和提升权限的平台。

例如,他们可以在具有相似权限级别的帐户之间水平移动,或者垂直跳转到具有更多权限的帐户,例如 IT 团队帐户或管理员帐户。

微软漏洞利用测试账户

今年 1 月,微软表示其公司网络遭到俄罗斯黑客的攻击。名为 Midnight Blizzard 的攻击者窃取了电子邮件和附加文件。

微软表示,只有“极小一部分”公司电子邮件账户遭到入侵,但其中确实包括高层领导以及网络安全和法律团队的员工。

攻击者使用“密码喷洒攻击”入侵,这是一种暴力破解技术,涉及对多个账户尝试相同的密码。这次攻击没有利用微软系统或产品的漏洞。

相反,这就像猜测未使用的测试帐户上的弱密码或已知被破解的密码一样简单。用该软件巨头的话来说,攻击者“使用密码喷洒攻击来破坏传统的非生产测试租户帐户并获得立足点”。

这就强调了确保所有帐户(而不仅仅是管理员或特权帐户)获得最高级别保护的重要性。

至关重要的是,企业应避免在测试账户上使用弱凭据或默认凭据;在 PoC 之后,应停用测试账户/环境;并且应正确隔离测试账户和类似环境。

如何使用强密码确保所有账户安全

那么用户可以采取什么措施来保护自己的所有帐户——即使是在非活动环境中时。

·Active Directory 审计:保持对未使用和不活跃帐户以及其他与密码相关的漏洞的可见性至关重要。

·多因素身份验证:MFA 是抵御黑客的重要防御措施,即使密码被泄露,也能为您提供额外的防御层。

防御措施越多越好,可以从双因素身份验证开始。例如,输入密码后通过一次性密码确认。然而,最强大的 MFA 不止两个步骤,可能还包括生物识别方法,例如面部扫描或指纹。

如果用户在账户(甚至是测试账户)中建立了 MFA,安全性将大大提高。但是,请注意 MFA 仍然可以被规避,密码泄露仍然是最常见的起点。

·加强密码策略:有效的密码是抵御黑客的重要第一道防线。用户·的密码策略应阻止最终用户创建包含常见基本术语或键盘行列(如“qwerty”或“123456”)的弱密码。

最好的方法是强制使用长而独特的密码或密码短语,同时使用自定义词典来阻止与特定组织和行业相关的任何术语。

升级所有帐户的密码安全性

毫无疑问,人们面对的是一群非常老练的网络犯罪分子,他们会利用任何弱点来破坏用户的系统、窃取用户的数据、造成经济损失甚至毁掉声誉。这些犯罪分子往往采用新技术来实施密码喷洒攻击和其他暴力破解方法。

然而,尽管这些技术为黑客提供了新的攻击途径,但它也是建立防御的关键。借助密码策略和密码审计器等工具,用户可以检测帐户中的漏洞,甚至是不知道的漏洞。所以,建议所有人都应该勤加利用相关安全工具以保护自己的账户。

胡金鱼

Telegram is NOT an Encrypted Messaging App, Must-See Documentaries

Security Boulevard
2 months 2 weeks ago

In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app’s encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including ‘LulaRich’ about the LuLaRoe leggings company and ‘Class […]

The post Telegram is NOT an Encrypted Messaging App, Must-See Documentaries appeared first on Shared Security Podcast.

The post Telegram is NOT an Encrypted Messaging App, Must-See Documentaries appeared first on Security Boulevard.

Tom Eston

Ransomware crisis deepens as attacks and payouts rise

Help Net Security
2 months 2 weeks ago

During the second quarter, new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit, and some additional lesser-known factions, led a series of attacks that eclipsed the first quarter of this year by 16% and the second quarter of 2023 by 8%, according to Corvus Insurance. These new threat actors emerged following the international law enforcement’s takedown of LockBit and BlackCat. Ransomware: Most frequently targeted industries (Source: Corvus Insurance) Ransomware demands and payouts Based on … More →

The post Ransomware crisis deepens as attacks and payouts rise appeared first on Help Net Security.

Help Net Security

CVE-2017-6977 | Apple macOS up to 10.12.4 Speech Framework memory corruption (HT207797 / Nessus ID 100270)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Apple macOS up to 10.12.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Speech Framework. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-6977. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems

The Hackers News
2 months 2 weeks ago
Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx
The Hacker News

Keeping up with automated threats is becoming harder

Help Net Security
2 months 2 weeks ago

98% of organizations attacked by bots in the past year lost revenue as a result, according to Kasada. Web scraping (web crawling) is a significant threat followed closely by account fraud, with more than one third of IT/IS specialists reporting their organizations experienced over 5% revenue loss due to each. Source: Kasada Traditional bot mitigation solutions are falling short Kasada’s report surveyed security and technology professionals at companies already using bot management, of which 67% … More →

The post Keeping up with automated threats is becoming harder appeared first on Help Net Security.

Help Net Security

Managed ad