Aggregator

A vulnerability classified as problematic was found in Adobe Connect up to 11.4.7/12.6. Affected by this vulnerability is an unknown functionality of the component Form Field Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-54036. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Connect up to 11.4.7/12.6 and classified as problematic. This vulnerability affects unknown code of the component Form Field Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-54032. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. This vulnerability is known as CVE-2024-12792. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. This vulnerability is handled as CVE-2024-12793. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. This vulnerability is uniquely identified as CVE-2024-12794. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： 据乌克兰计算机应急响应小组（CERT-UA）披露，名为 UAC-0125 的威胁行为者正在利用 Cloudflare Workers 服务，诱使该国军事人员下载伪装成 Army+ 的恶意软件。Army+ 是由乌克兰国防部于 2024 年 8 月推出的一款移动应用，旨在帮助武装部队实现无纸化操作。 访问伪造的 Cloudflare Workers 网站的用户会被提示下载一个名为 Army+ 的 Windows 可执行文件，该文件是使用 Nullsoft Scriptable Install System（NSIS）创建的，NSIS 是一款开源工具，用于为操作系统创建安装程序。 打开该二进制文件后，会显示一个伪装的文件并启动，同时执行一个 PowerShell 脚本，该脚本旨在安装 OpenSSH，生成一对 RSA 密钥对，将公钥添加到“authorized_keys”文件中，并通过 TOR 匿名网络将私钥传输到攻击者控制的服务器上。 该攻击的最终目标是让攻击者能够远程访问受害者的计算机，CERT-UA 表示，目前尚不清楚这些链接是如何传播的。 该机构进一步指出，UAC-0125 与另一个名为 UAC-0002 的威胁群体相关，后者更广为人知的名称包括 APT44、FROZENBARENTS、Sandworm、Seashell Blizzard 和 Voodoo Bear，这是一个与俄罗斯联邦总参谋部第 74455 单位（GRU）有关的高级持续性威胁（APT）组织。 本月早些时候，Fortra 披露其观察到“合法服务滥用”的上升趋势，恶意行为者利用 Cloudflare Workers 和 Pages 托管虚假的 Microsoft 365 登录和人类验证页面，以窃取用户凭证。 该公司表示，Cloudflare Pages 上的钓鱼攻击已增长 198%，从 2023 年的 460 起事件增至 2024 年 10 月中旬的 1,370 起。同样，利用 Cloudflare Workers 的钓鱼攻击也增加了 104%，从 2023 年的 2,447 起事件增至目前的 4,999 起。 该事件发生时，欧洲理事会对 16 名个人和 3 个实体实施制裁，指责其“俄罗斯在国外的破坏性行动”。这些对象包括涉及在欧洲的外部刺杀、爆炸和网络攻击的 GRU 29155 单位，以及参与中非共和国和布基纳法索的亲俄秘密影响操作的“非洲贸易与投资集团”和“非洲倡议”新闻机构，这些机构传播俄罗斯宣传和虚假信息。   消息来源：The Hacker News, 编译：zhongx；   本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

error code: 521

作者：Tobias Becher, Simon Torka 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/pdf/2412.12648 摘要 传统的基于规则的网络安全系统在防御已知恶意软件方面表现出色，但面对新型威胁，它们却显得力不从心。为应对这一挑战，新一代网络安全系统开始融合人工智能技术，尤其是深度学习算法，以提升其识别事件、分析警报和响应安全事件的能力...

Infoblox CEO Scott Harrell Pushes Unified Strategy Amid Hybrid Cloud Convergence
Scott Harrell, CEO of Infoblox, explores the convergence of network operations, security operations and cloud operations to tackle hybrid infrastructure complexities. He introduces Universal DDI and emphasizes a shift toward proactive threat management to counter AI-driven malware.

Feds Warn That Connected Devices Are Prey for Cyberattackers
The security of medical devices has been getting most of the attention from regulators in recent years, but other devices that make up the medical internet of things and operational technology systems are also vulnerable to cyberattacks, federal authorities warned in a new advisory.

Also, CoinLurker Malware Steals Data via Fake Updates
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, LastPass breach linked to $5.4M crypto theft, CoinLurker malware steals data via fake updates, cryptocurrency key to 27 million euro seizure and nearly 800 arrested in crypto-romance scam.

CISA Says 2035 Quantum Deadline Remains Achievable Despite Recent Breakthroughs
The federal government’s 2035 mandate to adopt quantum-resistant encryption remains feasible despite technological advancements in quantum computing, a top official for the U.S. cyber defense agency told ISMG, but experts warn challenges such as bureaucratic delays and financial costs persist.

APT攻击APT29组织利用红队攻击工具包进行复杂网络攻击APT组织Bitter针对土耳其国防部门展开攻击攻击活动针对DrayTek路由器展开的大规模勒索软件攻击活动数据泄露美国德克萨斯理工大学数据泄

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

此前推荐过 Duolingo 的增长探索，文章参见：https://reader.slax.com/s/mbU482b5d2里面提到了，他们最有效的几个策略，分别是连胜、排行榜和通知，并且描述了他们的

连胜必须建立在好产品的基础上。如果你认为产品还不够好，请抵制诱惑，不要在连胜之路上走得过猛。

A vulnerability, which was classified as problematic, has been found in Avast Antivirus Free. This issue affects some unknown processing. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-7236. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Avast Antivirus Free. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-7235. Attacking locally is a requirement. There is no exploit available.