Aggregator

How a scam hunter got scammed (Lock and Code S06E17)

不安全
5 months 3 weeks ago
反诈骗专家Julie-Anne Kearns在TikTok上以@staysafewithmjules身份普及防骗知识,并揭露骗子策略。尽管如此,她去年也遭遇了伪装成HMRC邮件的骗局。在Lock and Code播客中,她分享了自己的被骗经历、对受害者指责现象的看法以及识别网络骗局的关键警示信号。

A New macOS Malware Is Using “ClickFix” to Steal Passwords and Crypto Wallets

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

Researchers at CrowdStrike have identified a new macOS infection campaign deploying a malware strain known as Shamos. This trojan is a variant of Atomic macOS Stealer (AMOS), a notorious Mac infostealer, and is being...

The post A New macOS Malware Is Using “ClickFix” to Steal Passwords and Crypto Wallets appeared first on Penetration Testing Tools.

ddos

​​俄企高管手机遭仿冒杀毒软件实时监控,间谍程序伪装安全局工具窃密​

HackerNews
5 months 3 weeks ago
HackerNews 编译,转载请注明出处: 俄罗斯移动安全公司Dr. Web最新报告披露,新型安卓间谍软件“Android.Backdoor.916.origin”伪装成俄罗斯联邦安全局(FSB)开发的杀毒工具,针对本国企业高管发起定向攻击。该恶意软件具备窃听对话、调用摄像头实时监控、记录键盘输入及窃取通讯应用数据等多项监控功能。 自2025年1月首次发现以来,该恶意软件已迭代多个版本,表明其处于持续开发中。研究人员根据分发诱饵、感染方式及仅提供俄语界面的特性,判定其专为针对俄罗斯企业设计。 攻击者采用两种主要伪装策略:一款名为“GuardCB”的应用冒充俄罗斯中央银行,另两款变体“SECURITY_FSB”和“ФСБ”(FSB)则仿冒俄罗斯情报机构的官方软件。Dr. Web强调:“其界面仅支持俄语,表明该程序完全针对俄罗斯用户。文件名中出现的‘SECURITY_FSB’等标识进一步证实,网络犯罪分子试图将其伪装成与俄执法机构相关的安全程序”。 尽管该程序缺乏实际安全功能,但通过模拟杀毒软件界面阻止用户卸载。用户点击“扫描”后,界面会以30%的概率随机生成1至3个虚假威胁报告以博取信任。 安装后,恶意软件会索要多项高危权限: 地理位置访问 短信及媒体文件读取 摄像头与录音调用 无障碍服务控制 后台持续运行权限 随后启动多项服务连接命令控制(C2)服务器,接收包括以下指令: 窃取短信、联系人、通话记录、地理位置及存储图像 激活麦克风窃听、摄像头监控及屏幕流捕捉 捕获通讯应用与浏览器内容(Telegram、WhatsApp、Gmail、Chrome及Yandex应用) 执行远程命令、维持持久化访问并启用自我保护机制 Dr. Web发现该恶意软件可切换多达15个托管服务提供商,虽当前未激活此功能,但表明其具备高弹性设计。       消息来源: bleepingcomputer; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Weaponizing Filenames: Trellix Uncovers Stealthy Linux Malware Delivering VShell Backdoor

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

Researchers at Trellix have uncovered an unusual attack scheme targeting Linux systems, where the key element is not a malicious payload hidden within a file, but the file name itself inside an archive. The...

The post Weaponizing Filenames: Trellix Uncovers Stealthy Linux Malware Delivering VShell Backdoor appeared first on Penetration Testing Tools.

ddos

Windows 11 Update Brings Android App Continuity and New Lock Screen Features

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

Microsoft has released a new test build of Windows 11, Insider Preview Build 26200.5761 (KB5064093), for participants in the Windows Insider Program on the Dev Channel. The update introduces several notable features and improvements...

The post Windows 11 Update Brings Android App Continuity and New Lock Screen Features appeared first on Penetration Testing Tools.

ddos

Revenge of the Coder: Ex-Employee Jailed for Digital Sabotage and a Malicious “Kill Switch”

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

A former employee has been convicted of deliberately orchestrating digital sabotage against his own company. The U.S. Department of Justice announced that 55-year-old Davis Lu, a Chinese national residing in Houston, was sentenced to...

The post Revenge of the Coder: Ex-Employee Jailed for Digital Sabotage and a Malicious “Kill Switch” appeared first on Penetration Testing Tools.

ddos

美国 CISA 警告:苹果零日漏洞正被用于针对性网络攻击

HackerNews
5 months 3 weeks ago
HackerNews 编译,转载请注明出处: 美国网络安全与基础设施安全局(CISA)要求联邦机构于9月11日前修复影响苹果手机、iPad及MacBook的高危漏洞CVE-2025-43300。苹果公司8月21日声明称:“已收到报告,该漏洞可能已被用于针对特定目标个体的极其复杂的攻击。”CISA于次日将该漏洞列入“已知被利用漏洞目录”,并给出8.8分(满分10分)的高危评级。 苹果未回应漏洞具体利用方式的问询。安全研究机构Qualys经理马尤雷什·达尼解释称,该漏洞存在于苹果ImageIO框架中——这是iOS、iPadOS和macOS系统处理多格式图像的核心组件。“此漏洞属于零点击攻击,用户无需任何操作即可触发。恶意构造的图像文件可通过消息、邮件或网页内容传播。”达尼表示。 两周前的黑帽安全会议上,Censys研究员艾丹·霍兰德指出:因苹果系统自动拦截未知发件人链接,攻击者已转向利用恶意图片作为突破口。2025年苹果已修复多个零日漏洞,多数被归因于复杂间谍软件供应商。多家相关企业因针对苹果系统的定向攻击面临国际制裁与诉讼。达尼补充称,2023年的BLASTPASS攻击链(CVE-2023-41064与CVE-2023-41061)同样针对ImageIO框架,用于部署NSO集团的飞马间谍软件。 Tenable高级研究工程师萨特南·纳兰表示,苹果极少在安全公告中使用“极其复杂的攻击”这类表述。他指出:“虽然普通用户成为攻击目标的可能性较低,但风险始终存在。苹果希望公众重视威胁并立即采取行动。”       消息来源: therecord; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Fraudsters Evolve: How Money Mules Are Using Starlink and AI to Launder Funds

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

Over the past two years, the banking sector across the Middle East, Turkey, and Africa has witnessed a marked evolution in cash-out schemes driven by so-called “money mules.” According to Group-IB, drawing on data...

The post Fraudsters Evolve: How Money Mules Are Using Starlink and AI to Launder Funds appeared first on Penetration Testing Tools.

ddos

The Marshal Madness: A Decade of Futile Patches for a Ruby Vulnerability

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

Since the introduction of serialization through the Marshal module in the Ruby programming language, developers and security experts have been drawn into a protracted game of “bypass and patch.” The history of these vulnerabilities...

The post The Marshal Madness: A Decade of Futile Patches for a Ruby Vulnerability appeared first on Penetration Testing Tools.

ddos

Scoring Insecurity: Study Reveals Chaos in Vulnerability Ranking Systems

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

Against the backdrop of the rapidly growing number of vulnerabilities confronting companies worldwide, researchers from the Rochester Institute of Technology, the University of Hawaiʻi, and Leidos have conducted the most extensive comparative study to...

The post Scoring Insecurity: Study Reveals Chaos in Vulnerability Ranking Systems appeared first on Penetration Testing Tools.

ddos

美国警告科技公司勿遵守欧洲和英国的“审查”法律

HackerNews
5 months 3 weeks ago
HackerNews 编译,转载请注明出处: 美国联邦贸易委员会(FTC)主席安德鲁·弗格森于8月21日(周四)警告科技公司,若为遵守欧盟及英国关于平台内容的规定而审查美国用户或削弱数据安全,可能面临FTC追责。这位由特朗普任命的FTC主席在致多家企业首席执行官的函件中,批评外国试图实施“审查”并破坏加密技术对用户数据的保护。 弗格森在信中指出,“为遵守外国法律而审查美国人”可能违反《联邦贸易委员会法》第5条——该法案禁止商业领域的不公平或欺骗行为。尽管该法律传统上用于起诉消防安全虚假宣传或借贷公司隐藏费用等行为,但弗格森强调:“美国消费者不会合理预期自己会因取悦外国政府而遭审查,此类行为可能构成欺骗。” 信中重申了保守派普遍存在的担忧:“美国人因表达硅谷少数精英不认同的观点而遭审查甚至驱逐出平台。”弗格森特别点名欧盟《数字服务法》和英国《在线安全法》,以及英国政府试图获取苹果iCloud加密数据的举动,认为这些要求可能导致企业违反第5条。 威斯敏斯特官员已准备就网络安全法与副总统JD·万斯交锋,尤其在万斯谴责欧洲国家试图监管言论自由之后。包括4chan、Gab和KiFi Farms在内的极端平台迄今公开拒绝遵守英国法规。英国互联网服务提供商(ISP)或将被要求封锁这些网站。Gab公司法律团队援引特朗普总统第14149号行政令驳斥英方要求,声明称:“美国政策确保任何政府机构不得协助审查美国公民,并将动用关税打击数字审查制度。” 本周早些时候,美国高级情报官员透露,英国政府已在万斯干预下放弃对苹果iCloud加密数据的争议性法律要求。弗格森在信中警告:“外国势力强加审查并削弱端到端加密的行为,将侵蚀美国人自由并使其面临外国政府监控、身份盗用及欺诈等风险。”他邀请各企业首席执行官会面,共同商讨“如何在全球监管压力下履行对美国消费者的隐私安全承诺及法律义务”。       消息来源: therecord; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Silent Access: Critical Flaw in Microsoft Copilot Bypasses All Audit Logs

Penetration Testing Tools - Metepreter.org
5 months 3 weeks ago

While Microsoft has been vigorously promoting its Copilot AI product line, promising users greater convenience and productivity, a troubling flaw has been uncovered in the M365 ecosystem—one that undermines the very foundations of security...

The post Silent Access: Critical Flaw in Microsoft Copilot Bypasses All Audit Logs appeared first on Penetration Testing Tools.

ddos

Managed ad