Aggregator

HackerNews 编译，转载请注明出处： 具有俄罗斯背景的黑客组织正利用谷歌“应用密码”功能实施钓鱼攻击，这是一种旨在窃取受害者邮箱访问权限的新型社会工程学手段。 谷歌威胁情报小组与公民实验室披露了这场高度定向攻击的细节，称攻击者主要伪装成美国国务院官员。研究员表示：“2025年4月至6月初期间，该组织持续针对知名学者及俄罗斯批评人士，通过长期建立信任关系与定制化话术，诱使目标创建16位应用密码(ASP)。受害者一旦分享密码，攻击者即可长期访问其邮箱。” 谷歌将攻击归因于UNC6293组织，该团伙疑与俄罗斯背景的APT29黑客集团（又名蓝徽章/舒适熊）相关。与传统制造紧迫感的钓鱼不同，攻击者耗费数周培养信任：他们发送伪装成会议邀请的钓鱼邮件，在抄送栏伪造至少四个“@state.gov”邮箱以增强可信度。公民实验室指出：“受害者可能认为‘若有问题，国务院人员会提醒我’。而攻击者显然掌握国务院邮件服务器不验证地址有效性的漏洞。” 攻击者以“保障内外部安全通讯”为由，诱骗受害者生成应用密码（注：该功能可使低安全性设备绕过双重认证访问谷歌账户）。在目标同意会面后，向其发送伪造的国务院云平台访问指南PDF。谷歌威胁情报组确认，攻击者借此建立邮件客户端持久访问权限，终极目标是监控受害者往来邮件。 谷歌表示还监测到以乌克兰为主题的同类攻击，攻击者主要使用住宅代理和云服务器隐藏行踪，谷歌已采取防护措施。UNC6293与APT29的关联基于其自年初实施的一系列创新攻击：包括利用设备验证码和入网验证钓鱼窃取Microsoft 365账户。微软上月披露，自2025年4月以来，俄罗斯背景黑客通过虚假会议链接诱导受害者发送OAuth授权码。该恶意链接会返回设备注册令牌，使黑客设备获得目标组织网络访问权限。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

当下，我们唯一需要的就是以积极的心态，保持一点耐心、专注和坚持。

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Also, Researchers Exploit Tesla Wall Connector Via Charging Cable
This week: Chinese Salt Typhoon hackers hit Viasat, researchers hacked a Tesla charger, Sitecore CMS flaws, Krispy Kreme disclosed hacking damage, Archetyp Market taken down. Episource disclosed a ransomware hack and Spain ruled out cyberattack for the April Iberian blackout.

Erie Insurance and Philadelphia Insurance Still Recovering From Separate Attacks
Statements by Erie Indemnity Co. and Philadelphia Insurance Companies indicate that voluntary decisions to disconnect their systems from the network - not ransomware encryption - have disrupted operations over the past 10 days since the carriers were hit with separate cyberattacks.

Passengers' Nuisance Claim Against CrowdStrike Barred by Airline Deregulation Act
A judge dismissed a suit against CrowdStrike over its 2024 outage, ruling the claims by airline passengers are preempted by the Airline Deregulation Act. The plaintiffs claimed damages for negligence and public nuisance. But the court found those claims were inseparable from the airlines' services.

Government Says Bill Will 'Pump 10 Billion Pounds' Into Economy
The UK government passed the Data Use and Access Bill that will introduce a host of privacy changes intended at making data processing more lenient with a motive to promote economic growth. Whether the EU will continue to find British law adequate enough is an open question.

Name: Season V, US Cyber Open Beginner's Game Room CTF (an PlayCyber event.)
Date: June 6, 2025, 9:30 p.m. — 19 June 2025, 23:59 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://www.uscybergames.com/
Rating weight: 0
Event organizers: Play Cyber

Name: Season V, US Cyber Open Competitive CTF (an PlayCyber event.)
Date: June 9, 2025, 8 p.m. — 19 June 2025, 23:59 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://www.uscybergames.com/
Rating weight: 0
Event organizers: Play Cyber

Name: DHM 2025 (an DHM event.)
Date: June 18, 2025, 8 a.m. — 19 June 2025, 17:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Germany, Heilbronn
Offical URL: https://hacking-meisterschaft.de/
Rating weight: 25.00
Event organizers: NFITS

走进美国联邦政府网络安全守门员的台前幕后。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.7.1. Affected by this issue is the function k_ascii of the file drivers/tty/vt/keyboard.c. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2020-13974. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.10.4. It has been classified as very critical. This affects the function mwifiex_cmd_802_11_ad_hoc_start of the file drivers/net/wireless/marvell/mwifiex/join.c of the component SSID Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2020-36158. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Google Android. This affects the function uvc_scan_chain_forward of the file uvc_driver.c. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2020-0404. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function nvmet_tcp_free_crypto of the file drivers/nvme/target/tcp.c of the component NVMe-oF Subsystem. The manipulation leads to double free. This vulnerability is known as CVE-2023-5178. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as very critical, has been found in Linux Kernel. Affected by this issue is the function io_uring of the component Local Privilege Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-3910. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Linux Kernel. This vulnerability affects the function compare_netdev_and_ip of the file drivers/infiniband/core/cma.c of the component RDMA. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2023-2176. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Linux Kernel up to 6.7.3 on RHEL. Affected by this vulnerability is the function ipoib_mcast_join_task of the component ipoib. The manipulation leads to excessive iteration. This vulnerability is known as CVE-2023-52587. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function vhost_net_set_backend of the file drivers/vhost/net.c. The manipulation leads to use after free. The identification of this vulnerability is CVE-2023-1838. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.8-rc2. Affected is the function scsi_host_busy of the component scsi. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-26627. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.