Aggregator

主站 分类 漏洞 工具 极客

Fortinet修复了多个严重漏洞，其中包含一个自2024年11月起就在野外被利用的零日漏洞。

主站 分类 漏洞 工具 极客

#科技资讯 继微软之后谷歌也因为提供 AI 服务而涨价，Google Workspace 从 12 美元涨价 14 美元 / 月 / 用户。无论用户是否使用 AI 功能都需要支付这额外

HackerNews 编译，转载请注明出处： 一个由13,000台米克罗提克（MikroTik）设备组成的新发现僵尸网络，利用域名服务器记录中的配置错误，绕过电子邮件保护，通过伪造大约20,000个网络域名传播恶意软件。 该威胁行为者利用了用于列出所有被授权代表一个域名发送电子邮件的服务器的发件人策略框架（SPF）的DNS记录配置不当。 据DNS安全公司英飞凌（Infoblox）称，这起恶意垃圾邮件活动于2024年11月末活跃。部分电子邮件假冒DHL快递公司，发送包含ZIP压缩包的虚假货运发票，而该压缩包内含有恶意有效载荷。 ZIP附件中是一个JavaScript文件，该文件组装并运行一个PowerShell脚本。该脚本与之前与俄罗斯黑客相关的域名上的威胁行为者的命令和控制（C2）服务器建立连接。 “许多垃圾邮件的标题揭示了大量域名和SMTP服务器IP地址，我们意识到，我们发现了一个由大约13,000台被劫持的米克罗提克设备组成的庞大网络，它们都是一个大型僵尸网络的一部分”，英飞凌解释道。 英飞凌解释说，大约20,000个域名的SPF DNS记录被配置为过于宽泛的“+all”选项，这允许任何服务器代表这些域名发送电子邮件。 “这实际上使SPF记录失去了意义，因为它为伪造和未经授权的电子邮件发送打开了大门”，英飞凌指出。 更安全的选择是使用“-all”选项，它将电子邮件发送限制为域名指定的服务器。 僵尸网络操作概述（来源：英飞凌） 入侵方法尚不清楚，但英飞凌表示，他们“看到了各种受影响的版本，包括最近的[米克罗提克]固件版本”。 米克罗提克路由器以其强大性能而闻名，威胁行为者瞄准它们，以创建能够进行非常强大攻击的僵尸网络。 就在去年夏天，云服务提供商OVHcloud指责一个由被攻破的米克罗提克设备组成的僵尸网络发动了一次大规模拒绝服务攻击，峰值达到创纪录的每秒8.4亿个数据包。 尽管敦促米克罗提克设备所有者更新系统，但由于补丁更新速度非常慢，许多路由器在很长一段时间内仍然存在漏洞。 本案中的僵尸网络将这些设备配置为SOCKS4代理，以发动分布式拒绝服务（DDoS）攻击、发送网络钓鱼电子邮件、数据外泄，并普遍帮助掩盖恶意流量的来源。 “尽管僵尸网络由13,000台设备组成，但它们作为SOCKS代理的配置允许数十万甚至数百万台被攻陷的机器使用它们进行网络访问，从而显著放大了僵尸网络操作的潜在规模和影响”，英飞凌评论道。 建议米克罗提克设备所有者为其型号应用最新的固件更新，更改默认管理员帐户凭据，并在不需要时关闭控制面板的远程访问。   消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. This vulnerability was named CVE-2024-4119. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-4120. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-4121. It is possible to launch the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-4122. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-4123. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-4124. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. This vulnerability was named CVE-2024-4125. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-4126. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-4127. It is possible to launch the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Tutor LMS Plugin up to 2.6.2 on WordPress. Affected by this issue is the function tutor_instructor_list of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-3994. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Tutor LMS Plugin up to 2.6.2 on WordPress. Affected is an unknown function of the component Options Update Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-3553. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Jeg Elementor Kit Plugin up to 2.6.4 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Countdown Widget. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-3161. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Jeg Elementor Kit Plugin up to 2.6.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Widget URL Custom Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-0334. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-4115. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.