Aggregator

A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is handled as CVE-2025-2377. The attack may be launched remotely. Furthermore, there is an exploit available. The initial researcher advisory mentions contradicting product names.

HackerNews 编译，转载请注明出处： 谷歌威胁情报团队首席分析师John Hultquist向BleepingComputer透露，使用“Scattered Spider”攻击手法的黑客组织在针对英国零售业后，已将矛头转向美国零售企业。该组织被追踪为UNC3944，涉嫌实施勒索软件攻击与数据勒索双重威胁。 英国零售巨头玛莎百货（Marks & Spencer）此前遭遇勒索攻击，攻击者使用DragonForce加密器对VMware ESXi主机上的虚拟机进行加密。微软将该攻击归因于Octo Tempest（即Scattered Spider）。连锁超市Co-op确认攻击者窃取了大量现会员及前会员数据，哈罗德百货（Harrods）则于5月1日因网络渗透尝试被迫限制网站访问权限，疑似主动阻断攻击。 DragonForce勒索组织宣称对上述三起事件负责。BleepingComputer获悉，攻击者使用了与Scattered Spider关联的社会工程学策略。该勒索组织于2023年12月首次出现，近期推出“白标服务”供其他犯罪团伙定制化使用。 自Scattered Spider于4月开始攻击英国零售商以来，英国国家网络安全中心（NCSC）已发布防御指南，并警告这些攻击应被视为“警钟”。NCSC表示尚未确认攻击是否由单一组织发起，目前正与受害者及执法部门联合调查。 Scattered Spider（别名0ktapus、UNC3944、Scatter Swine）指代一个流动性威胁团伙，以社会工程学攻击闻名，擅长钓鱼攻击、SIM卡劫持、MFA轰炸（定向疲劳攻击）等手法。2023年9月，该组织入侵美高梅度假村，通过冒充员工致电IT部门获取权限，利用BlackCat勒索软件加密超100台VMware ESXi虚拟机。 该组织还曾作为RansomHub、Qilin及DragonForce等勒索软件的附属团伙活动，受害者包括Twilio、Coinbase、DoorDash、凯撒娱乐、MailChimp、拳头游戏及Reddit。部分成员据信隶属于“Com”社群——该松散团体因实施网络攻击与暴力行为备受关注。 这些网络罪犯年龄最小仅16岁，多为英语使用者，活跃于Telegram频道、Discord服务器及黑客论坛，实时策划攻击行动。尽管媒体与安全研究者常将“Scattered Spider”描述为统一团伙，但其实际是由采用特定战术的松散成员构成，追踪难度较高。 Hultquist指出：“这些攻击者攻击性强、手法创新，尤其擅长突破成熟安全体系。他们在社会工程学及第三方入侵方面屡获成功。”美国零售企业需警惕近期威胁升级。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

在柬埔寨，教育系统本应是一片培育未来希望的净土，却悄然变成了跨国犯罪网络渗透的温床。这份《柬埔寨教育体系被有

智者之眼：解锁情报分析的结构化思维艺术在信息洪流的时代，我们每天面对海量的数据、复杂的系统和瞬息万变的局势。

A vulnerability, which was classified as problematic, was found in ActiveCalendar. This affects an unknown part of the file data/m_3.php. The manipulation of the argument css leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2007-1111. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in cPanel up to 11.22.2. Affected by this issue is some unknown functionality of the component WHM Interface. The manipulation of the argument Search leads to cross site scripting. This vulnerability is handled as CVE-2008-2070. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Europol announced on May 14 that law enforcement agencies have dismantled a sophisticated criminal parallel banking network operating across multiple European countries. The operation, conducted on January 14, 2025, resulted in the arrest of 17 individuals and the seizure of assets worth over EUR 4.5 million. The coordinated action took place across three countries, with […]

The post Authorities Arrested 17 Criminal Bankers, EUR 4.5 Million Seized appeared first on Cyber Security News.

HackerNews 编译，转载请注明出处： Ivanti近日发布安全更新，修复其移动终端管理平台Endpoint Manager Mobile（EPMM）中两个可被组合利用实现远程代码执行的安全漏洞。 被修复的漏洞包括： CVE-2025-4427（CVSS评分5.3）——EPMM中的身份验证绕过漏洞，允许攻击者在无凭证情况下访问受保护资源； CVE-2025-4428（CVSS评分7.2）——EPMM中的远程代码执行漏洞，允许攻击者在目标系统执行任意代码。 漏洞影响以下产品版本： 11.12.0.4及更早版本（需升级至11.12.0.5） 12.3.0.1及更早版本（需升级至12.3.0.2） 12.4.0.1及更早版本（需升级至12.4.0.2） 12.5.0.0及更早版本（需升级至12.5.0.1） Ivanti确认漏洞与EPMM集成的两个开源库有关，但未披露具体库名称。该公司表示“在漏洞披露时仅发现极少数客户遭遇攻击”，且尚未获得可靠的入侵指标。建议用户通过内置Portal ACL功能或外部Web应用防火墙（WAF）过滤API访问以降低风险，并强调该漏洞仅影响本地部署的EPMM产品，云端管理解决方案Ivanti Neurons for MDM及其他产品不受影响。 此外，Ivanti还修复了本地版Neurons for ITSM的身份验证绕过漏洞CVE-2025-22462（CVSS评分9.8），该漏洞允许未经认证的远程攻击者获取系统管理员权限，目前未发现野外利用迹象。鉴于近年来Ivanti设备频繁曝出零日漏洞，安全专家强烈建议用户立即升级至最新版本以增强防护。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, was found in Maps Plugin using Google Maps for WordPress up to 1.9.3 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13208. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Maps Plugin using Google Maps for WordPress up to 1.9.3 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13306. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add New Record. The manipulation of the argument name/phonenumber leads to buffer overflow. The identification of this vulnerability is CVE-2025-1587. Local access is required to approach this attack. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. This vulnerability is traded as CVE-2025-2062. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql injection. This vulnerability is known as CVE-2025-2063. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads to sql injection. This vulnerability is handled as CVE-2025-2064. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agent_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-2065. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. This vulnerability was named CVE-2025-2066. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. The identification of this vulnerability is CVE-2025-2067. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument ID leads to authorization bypass. The identification of this vulnerability is CVE-2025-1607. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Compmaster.prv.pl F3Site 2009. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument GLOBALS[nlang] leads to path traversal. The identification of this vulnerability is CVE-2009-4435. The attack may be initiated remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： Android企业版推出全新设备信任（Device Trust）解决方案，通过实时验证设备安全状态强化移动端防护，应对混合办公模式下的数据泄露风险。该功能基于零信任原则，持续监测操作系统版本、安全补丁级别及屏幕锁强度等指标，无论设备是否受企业统一管理，均能在访问敏感数据前完成安全评估。 国际数据公司（IDC）终端安全研究总监Mike Jude指出：“企业需要确保接入业务系统的个人设备达到基本安全标准，Android企业版设备信任方案为此提供了重要支撑。”该平台与CrowdStrike、Okta、Omnissa、Urmobo、Zimperium等安全厂商深度集成，覆盖终端管理（EMM/UEM）、身份认证（IdPs）、端点防护（EDR/MTD）及安全信息事件管理（SIEM）四大领域，输出20余项Android专属安全指标，实现分层策略与实时决策。 设备信任方案兼容企业设备与员工自有Android终端，无需完整注册管理（EMM）即可通过安装合作安全应用完成验证，尤其适用于临时工、承包商等需快速接入业务系统的场景——任务完成后可立即撤销权限。通过实时威胁可视化管理，IT团队能及时应对系统版本过时、设备丢失等风险，提升事件响应效率。 该服务支持Android 10及以上系统。Android企业版将于7月10日举办“设备信任实践研讨会”，分享技术洞察与应用案例。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文