Aggregator

Hawkeye(鹰眼)一款基于goalang开发的安全工具，旨在帮助安全工程师上机排查时能够快速的定位问题，提供排查思路。

Hawkeye(鹰眼)一款基于goalang开发的安全工具，旨在帮助安全工程师上机排查时能够快速的定位问题，提供排查思路。

1. IntroductionAccording to Ultraboard Games, the mancala game has existed for about 7000 years. Th

主站 分类 漏洞 工具 极客

CrowdStrike近日发出一则提醒，称一个网络钓鱼活动冒充自己发布虚假招聘，以借此向受害者传播门罗币加密货币矿工 （XMRig） 。

主站 分类 漏洞 工具 极客

网络安全研究人员发现了一种针对 macOS 的新型信息窃取恶意软件变种，隐蔽性更强，名为Banshee Stealer。

A vulnerability was found in Jeg Elementor Kit Plugin up to 2.6.9 on WordPress. It has been rated as problematic. This issue affects the function sg_content_template. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-8899. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables and classified as very critical. Affected by this issue is some unknown functionality of the component Touch Pal Application. The manipulation leads to configuration. This vulnerability is handled as CVE-2018-11922. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Wired Infrastructure and Networking. It has been classified as critical. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2018-11952. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Mobile up to SD 850 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2017-18306. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Mobile up to SD 850. It has been classified as problematic. This affects an unknown part of the component Audio Playback. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2017-18307. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. It has been declared as critical. This vulnerability affects unknown code of the file /sys/kernel/debug/ipa/ip4_nat of the component IPA Driver. The manipulation leads to buffer over-read. This vulnerability was named CVE-2018-5852. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Qualcomm Snapdragon Mobile 9206 LTE Modem/APQ8037/SD626/SD820/SD821. Affected by this vulnerability is an unknown functionality of the component QSEE. The manipulation leads to improper access controls. This vulnerability is known as CVE-2016-10408. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in FreePBX 17.0.19.17. Affected is an unknown function of the file /module_admin/upload.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-53564. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Open Robotics ROS2. Affected by this issue is the function nav2_amcl. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-30962. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

“海莲花”组织在GitHub投毒进行攻击；EAGERBEE后门更新组件对中东地区展开攻击；韩国2024 年 12 月 APT 攻击威胁趋势报告

2025.01.03~01.09 攻击团伙情报“海莲花”组织在GitHub投毒进行攻击EAGERBEE后门更新组件对中东地区展开攻击韩国 2024 年 12 月 APT 攻击威胁趋势报告攻击行动或事件

HackerNews 编译，转载请注明出处： 北美最大的物质使用障碍（SUD）治疗与康复服务提供商BayMark健康服务公司，已向数量未公开的患者发出通知，告知他们2024年9月发生的一次数据泄露事件中，攻击者盗走了他们的个人及健康信息。 这家总部位于德克萨斯州的组织，在35个美国州和3个加拿大省份的400多个服务点，每天为超过7.5万名患者提供针对物质使用和精神健康障碍的药物辅助治疗（MAT）服务。 BayMark在向受影响个体邮寄的数据泄露通知信中透露，公司于2024年10月11日在IT系统出现故障后得知此次泄露事件。后续调查显示，攻击者在2024年9月24日至10月14日期间访问了BayMark的系统。 BayMark在其网站上发布的一份声明中解释称：“2024年10月11日，我们得知一起事件导致我们部分IT系统运营中断。我们立即采取措施保护系统安全，在第三方取证专家的协助下展开调查，并通知了执法部门。” “我们的调查发现，2024年9月24日至10月14日期间，未经授权的第三方访问了BayMark系统上的一些文件。随后，我们对这些文件进行了审查和分析。” 此次事件中泄露的文件包含了每位受影响患者的多种数据，包括他们的姓名以及： 社会保险号 驾驶证号 出生日期 所接受的服务及服务日期 保险信息 治疗医生以及治疗和/或诊断信息 对于在此次事件中可能泄露了社会保险号或驾驶证号的患者，BayMark现正提供为期一年的Equifax身份监测服务，费用全免。 今日早些时候，BleepingComputer联系BayMark发言人寻求更多关于此次泄露事件的信息，包括受影响患者的总数，但对方未立即回应置评请求。 虽然这家医疗服务提供商没有提供关于9月攻击的更多细节，但RansomHub勒索软件团伙在10月声称对此次泄露事件负责，称他们从BayMark被攻破的系统中窃取了1.5TB的文件。这些数据随后被上传到了威胁行为者的暗网泄露网站上。 BayMark在RansomHub泄露网站上的条目（BleepingComputer） RansomHub勒索软件即服务（RaaS）运营（前称Cyclops和Knight）几乎一年前，即2024年2月浮出水面，专注于基于数据盗窃的勒索，而非加密受害者的系统。 自那以来，它已声称对包括Rite Aid药店连锁、佳士得拍卖行、美国电信运营商Frontier Communications、计划生育协会性健康非营利组织、川崎摩托欧洲分公司、博洛尼亚足球俱乐部以及石油服务巨头哈里伯顿在内的多个知名受害者负责。 在BlackCat/ALPHV勒索软件运营在窃取2200万美元后通过退出诈骗关闭之后，RansomHub还泄露了Change Healthcare被盗的数据。 自浮出水面以来，FBI表示，截至2024年8月，RansomHub勒索软件附属组织已攻破了美国政府、关键基础设施和医疗保健等关键基础设施领域的200多家受害者。 BayMark健康服务公司发出数据泄露通知之际，美国卫生与公众服务部（HHS）已提议对《1996年健康保险流通与责任法案》（HIPAA）进行修订，以加强患者健康数据的安全保护，以应对近年来影响医院和美国人的大规模医疗保健安全泄露事件激增的情况。 10月，UnitedHealth确认，在2月影响超过1亿人的Change Healthcare勒索软件攻击之后，公司遭遇了近年来最大的医疗保健数据泄露事件。   消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文