Aggregator

Wordfence安全研究员披露重要信息 据Wordfence安全研究员István Márton披露，一个关键的认证绕过了漏洞被暴露在了WordPress的Really Simple Security（以前称为Really Simple SSL）插件中，如果此漏洞被利用，攻击者可以远程获得易受攻击网站的完全管理权限。 这个漏洞，被追踪为CVE-2024-10924（CVSS评分：9.8），影响插件的免费和付费版本。该软件安装在超过400万个WordPress网站上。 这个漏洞是可以脚本化的，意味着它可以被转换成大规模的自动化攻击，针对WordPress网站。 起因是一处不正确的用户检查错误处理 这个漏洞在2024年11月6日披露，在一周后发布的9.1.2版本中已被修补。可能是有被滥用的风险促使插件维护者与WordPress合作，在公开披露之前强制更新了所有运行此插件的网站。 根据Wordfence的说法，这个认证绕过漏洞存在于9.0.0至9.1.1.1版本中，起因是在一个名为“check_login_and_get_user”的函数中不正确的用户检查错误处理，添加双因素认证的一个特性做得不够安全，使得未经认证的攻击者可以在双因素认证启用时，通过一个简单的请求获得对任何用户账户的访问权限，包括管理员账户。 如果被利用，将失去所有网站管理权限 成功利用这个漏洞可能会有严重的后果，因为它可能允许恶意行为者劫持WordPress网站，并进一步将它们用于犯罪目的。 这一信息是Wordfence在透露了WPLMS学习管理系统（WordPress LMS，CVE-2024-10470，CVSS评分：9.8）中的另一个关键缺陷几天后发布的，该缺陷可能允许未经认证的威胁者读取和删除任意文件。 具体来说，4.963之前的版本由于文件路径验证和权限检查不足，这使得未经认证的攻击者能够读取和删除服务器上的任何任意文件，包括网站的wp-config.php文件。删除wp-config.php文件会使网站进入设置状态，允许攻击者通过将其连接到他们控制的数据库来发起对网站的接管。     转自Freebuf，原文链接：https://www.freebuf.com/news/415637.html 封面来源于网络，如有侵权请联系删除

Onapsis announced the Onapsis Secure RISE Accelerator, helping organizations execute their RISE with SAP transformation with confidence. The new offering reduces security and compliance obstacles with a structured, bundled solution that simplifies and accelerates an organization’s project planning and execution with SAP-endorsed technology, threat insights and comprehensive SAP cybersecurity expertise and best practices. As companies increasingly choose the RISE with SAP program to move to the cloud and modernize their SAP environments, security and compliance … More →

The post Onapsis Secure RISE Accelerator streamlines security elements of modern SAP deployments appeared first on Help Net Security.

2 digitale rechercheurs van de Koninklijke Marechaussee doen onderzoek naar mogelijke oorlogsmisdrijven in Oekraïne. Dat gebeurt nu voor de vijfde keer sinds mei 2022 en wederom op verzoek van Oekraïne. De forensisch experts zijn vandaag begonnen. Ze voeren hun werk uit onder de vlag van het Internationaal Strafhof. 

抗生素耐药性正日益成为一个严重的健康问题。每年有逾百万人死于耐药性感染，预计到 2050 年死亡人数将会达到两百万。根据发表在《Science Advances》期刊上的一项研究，加州圣迭戈的研究人员找到了耐药菌的一个致命弱点，可能有助于抑制抗生素耐药性的形成。研究团队调查了名为枯草芽孢杆菌(Bacillus subtilis)的常见细菌，观察为何耐药菌株相对于非耐药菌株并不能占据优势。研究人员发现，耐药菌细胞必需成分核糖体对矿物质镁异常贪婪，而 ATP 分子也亟需镁，这导致了双方对有限的资源展开了激烈内部竞争，最终导致耐药细菌有着较低的生长和传播率。这一发现提出了一种不使用传统抗生素对抗耐药菌的新方法。科学家可通过操纵细菌环境中的镁含量，在不伤害有益菌的情况下阻断耐药菌。

Расследование длилось годы, но привело к неожиданному финалу.

cwe_checker是一套用于检测常见错误类别（例如空指针取消引用和缓冲区溢出）的检查工具。

ReasonLabs launched Online Security platform for Android and iOS, available for download on the Google Play Store and Apple App Store. This marks a significant milestone in ReasonLabs’ mission to deliver a comprehensive security platform that empowers over 25 million users with protection for their devices, identities, and privacy. ReasonLabs’ platform, already recognized for its identity and device protection delivered on desktops, now extends its availability to mobile devices. Americans lost more than $12.5 billion … More →

The post ReasonLabs launches Online Security platform for Android and iOS appeared first on Help Net Security.

主站 分类 漏洞 工具 极客

VeriClouds and Enzoic signed an agreement to bring our customers a more innovative service under the Enzoic brand.

The post Enzoic Acquires VeriClouds appeared first on Security Boulevard.

Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.

Recent activity from the state-sponsored group Volt Typhoon, from the People’s Republic of China (PRC), has prompted federal agencies — including the Cybersecurity and Infrastructure Security Agency (CISA) and international partners — to issue urgent warnings and advisories. This increase in activity from advanced persistent threat (APT) actors targeting U.S. critical infrastructure highlights the need for increased vigilance from state and local governments. Since U.S. critical infrastructure is owned and operated by both public sector and private sector organizations, the threat is a concern for government agencies as well as corporate enterprises.

Volt Typhoon is a sophisticated threat group, typically gaining initial access to targets by exploiting unpatched vulnerabilities, including zero-day flaws, as well as through phishing techniques. Once initial access is gained, Volt Typhoon stays persistent for as long as possible, blending in with normal traffic and operating systems. This is achieved through “living off the land” (LOTL) techniques, leveraging native operating system tools to evade detection and favoring manual operations over automated manual scripts, further enhancing their adaptability within the environment.

State and local governments (SLG) have real options though, thanks to the Tenable Security Response Team’s examination of Volt Typhoon’s tactics, techniques and procedures (TTP). Additionally, with the Fiscal Year 2024 State and Local Cybersecurity Grant Program (SLCGP) Notice of Funding Opportunity (NOFO) open for eligible applicants through December 3, SLG officials can apply for funding to strengthen the security of critical infrastructure against malicious threats and to bolster the resilience of the services that state and local governments provide to their communities.

Based on the Tenable Security Response Team’s findings, Tenable recommends state and local government officials consider the following measures to address, patch and mitigate the identified Volt Typhoon vulnerabilities. In addition to these recommendations, implementing cyber hygiene best practices is essential for effective defense.

Patching known vulnerabilities and identifying affected systems

State and local government agencies have the tools and capabilities to protect themselves against the vast majority of attacks, including those from APT actors. Too many entities, however, are failing to take even the minimum steps to protect themselves and their communities.

Let’s start with the basics: it’s critical to have holistic exposure management capabilities that concentrate on discovering and remediating publicly disclosed CVEs. Exposure management combines the people, processes and technologies needed to effectively reduce cyber risk. Technologies such as vulnerability management, web application security, cloud security, identity security, attack path analysis and attack surface management are used to help organizations understand the full breadth and depth of their exposures and take the actions needed to reduce them through remediation and incident response workflows. This proactive approach gives organizations the power to identify and patch known vulnerabilities before they can be exploited.

By implementing proactive exposure management measures, state and local officials can significantly strengthen their resilience against cyberattacks and better protect their communities.

Given the heightened activity by Volt Typhoon, advisories have been released by the respective vendors for specific patching and mitigation tactics for the CVEs commonly exploited; learn more here.

If you are unsure whether your systems have been affected by Volt Typhoon or another APT, Tenable offers several solutions to help identify potential exposures and attack paths, as well as identify systems vulnerable to the CVEs noted in the research linked above.

Implementing cyber hygiene best practices

Basic cyber hygiene practices, including asset management, vulnerability management and identity and access management are crucial in today's digital landscape. State and local governments need to ensure they have visibility across their entire attack surface, including their IT, internet of things (IoT) and operational technology (OT) assets to know where they are exposed. This is critical when a vulnerability is discovered, especially as state-sponsored groups like Volt Typhoon are continuing to target U.S. critical infrastructure.

Understanding Volt Typhoon's TTPs equips state and local governments with valuable insights to enhance their cybersecurity posture. By implementing proactive exposure management measures, state and local officials can significantly strengthen their resilience against cyberattacks and better protect their communities.

If you want to learn more about Volt Typhoon and the Tenable Security Response Team’s research, review the findings here.

Learn more

• Read the blog Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
• Read the joint cybersecurity advisory People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
• Get up to speed on the U. S. Department of Homeland Security (DHS) Notice of Funding Opportunity (NOFO) Fiscal Year 2024 State and Local Cybersecurity Grant Program

The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at

Hornetsecurity launched DMARC Manager, an advanced tool addresses the complex challenges organisations face in managing DMARC, DKIM, and SPF configurations, especially for those operating across multiple domains. As email threats such as fraud and impersonation attacks continue to rise, the need for robust email authentication practices has never been more critical. DMARC Manager is designed to empower administrators and CISOs by providing an intuitive solution for setting up and maintaining best practices in email authentication. … More →

The post Hornetsecurity DMARC Manager protects against fraud and phishing attacks appeared first on Help Net Security.

Critical Authentication Flaw Impacts Both Free and Pro Users
A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in.