Aggregator

当创业公司威马汽车（WM Motor）去年 10 月申请破产时，该公司的车载系统、车钥匙、以及相关 APP 和小程序都停止了工作。在引发广泛关注之后，威马汽车向车主们道歉，暂时恢复了系统的

Hackread报道，近期Cisco Talos（思科威胁情报团队）发现，BlackByte勒索软件正在对全球企业发起新一轮攻击。BlackByte组织利用VMware ESXi虚拟机监控程序中最近被修补的漏洞，通过VPN访问发动攻击。 思科建议各组织实施多因素认证（MFA）并加强安全措施以降低风险。 被利用的漏洞为CVE-2024-37085，它允许攻击者绕过身份验证并控制易受攻击的系统。除了这个漏洞之外，还观察到BlackByte组织使用受害者授权的远程访问机制，例如VPN。这种策略使得BlackByte在可见性较低的情况下运营，并逃避安全监控系统。 另一个令人担忧的事态发展是该组织使用被盗的Active Directory凭据来传播其勒索软件。这意味着他们可以更快、更有效地在网络内传播感染，从而增加潜在的损害。 思科团队研在8月28日星期三研究结果发布前，与Hackread分享了他们的发现。研究人员认为，BlackByte实际活动比公共数据泄露网站上显示的更活跃。网站只显示了他们成功发起攻击的一小部分，可能掩盖了他们行动的真实范围。 BlackByte针对的5个最主要目标行业：制造业；运输/仓储；专业人士、科学和技术服务；信息技术；公共行政。 研究人员建议各个组织优先考虑修补系统，包括VMware ESXi虚拟机管理程序，为所有远程访问和云连接实施多因素身份验证（MFA），应审核VPN配置，并限制对关键网段的访问。 限制或禁用NTLM的使用，并选择更安全的身份验证方法也非常重要。部署可靠的端点检测和响应（EDR）解决方案可以大大提高安全性。 此外，全面的安全策略应包括主动威胁情报和事件响应能力，以有效保护系统免受BlackByte和类似攻击等威胁。   转自E安全，原文链接：https://mp.weixin.qq.com/s/Ep_KcP3AmAOSGjzs3IZU3w 封面来源于网络，如有侵权请联系删除

A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contact_name leads to cross site scripting. This vulnerability is handled as CVE-2024-8337. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2024-8336. The attack can be launched remotely. Furthermore, there is an exploit available.

面临宏观经济环境的不确定性， 该公司亏损额度同比显著减少，这一变化表明奇安信的盈利能力正在逐步提升。

主站 分类 漏洞 工具 极客

A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. This vulnerability is traded as CVE-2024-8335. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #399338 / VDB-276212

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The identification of this vulnerability is CVE-2024-8334. The attack may be initiated remotely. There is no exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. It is recommended to apply a patch to fix this issue.

Submit #399039 / VDB-276211

Submit #399005 / VDB-276210

Submit #398805 / VDB-276209

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes). using exploits previously used by surveillance software vendors NSO Group and Intellexa. The circumstance suggests that the nation-state actors […]

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. This vulnerability was named CVE-2024-8332. The attack can be initiated remotely. There is no exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. It is recommended to apply a patch to fix this issue.

https://github.com/CGCL-codes/PathEval

Submit #398804 / VDB-276208

Submit #398803 / VDB-276208

Системы видеонаблюдения все чаще подключаются к интернету, что делает их уязвимыми для кибератак. Эта статья рассказывает о ключевых угрозах для таких систем и лучших практиках по их защите, чтобы обеспечить безопасность данных и минимизировать риски.

XSS LABS 靶场是一个专注于跨站脚本攻击（Cross-Site Scripting，XSS）教育和训练的平台。

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. This vulnerability is uniquely identified as CVE-2024-8331. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.