Aggregator

A vulnerability classified as problematic has been found in HP HP-UX up to 11.11. This affects an unknown part of the component setrlimit. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2001-1564. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows up to Vista. Affected by this issue is some unknown functionality of the file afd.sys of the component Ancillary Function Driver. The manipulation leads to double free. This vulnerability is handled as CVE-2014-1767. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft .NET Framework up to 4.5.1. Affected is an unknown function of the component TypeFilterLevel Check. The manipulation as part of .NET Remoting leads to code injection. This vulnerability is traded as CVE-2014-1806. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is the function ShellExecute of the component Shell Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2014-1807. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Office 2007/2010/2013. It has been rated as critical. This issue affects some unknown processing in the library MSCOMCTL.OCX of the component Common Control Library. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2014-1809. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Novell NetWare 4.0. It has been classified as critical. Affected is an unknown function of the file Remote.NLM. The manipulation leads to missing encryption of sensitive data. This vulnerability is traded as CVE-1999-0470. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Matrix 首页推荐 Matrix 是少数派的写作社区，我们主张分享真实的产品体验，有实用价值的经验与思考。我们会不定期挑选 Matrix 最优质的文章，展示来自用户的最真实的体验和观点。 文章代表

A vulnerability was found in PCRecruiter Extensions Plugin up to 1.4.10 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11776. The attack may be initiated remotely. There is no exploit available.

Hello community, I have went to other communities and asked for some advice but I f

error code: 521

根据 Check Point 与 Hackread.com 共同发布的最新研究报告，Google 工作空间中广泛应用的日程管理工具 Google 日历已成为网络犯罪分子的新攻击目标。 Google 日历成工具：网络攻击者利用 Google 日历的功能模块，发送仿冒合法邀请函的网络钓鱼邮件。 高级攻击策略：攻击者采用 Google 表单和 Google 绘图等多元化工具，规避传统邮件安全防护机制，从而强化攻击的可信度。 影响范围广泛：在短短四周内，已检测到与该攻击活动关联的 4000 余封网络钓鱼邮件，涉及约 300 家品牌企业。 社会工程学手法：网络犯罪分子通过制造紧迫感、恐慌情绪以及冒充身份等手段，诱使受害者点击恶意链接并泄露敏感信息。 防范措施：部署高级邮箱安全监控系统、第三方应用程序使用审计机制以及行为分析技术，对于抵御此类不断演进的威胁具有重要意义。 Google 日历作为 Google 工作空间的重要组成部分，是一款面向全球超过 5 亿用户的日程安排与时间管理工具，支持 41 种语言。 据 CPR 的研究显示，攻击者正试图操控 Google 日历及其相关功能模块，例如 Google 绘图，通过发送伪装成合法邮件的链接，突破传统邮箱安全防线，实施网络钓鱼攻击。这些链接表面上看似指向 Google 表单或 Google 绘图，进一步提升了攻击的可信度。 恶意邮件与 Google 日历配置（来源：CPR） 攻击者最初利用 Google 日历内置的友好功能，提供链接至 Google 表单。在察觉到安全产品能够识别恶意日历邀请后，攻击者迅速调整策略，将攻击手段与 Google 绘图功能相结合。 Check Point 发文指出：网络犯罪分子正在篡改“发件人”头部信息，使邮件看起来像是由已知且合法的用户通过 Google 日历发送的。在短短四周内，网络安全研究人员已监测到 4000 多封此类钓鱼邮件，涉及约 300 家品牌企业。 攻击者利用用户对 Google 日历的信任和熟悉程度，诱使受害者点击恶意链接。他们会伪造看似合法的日历邀请，通常来自受害者熟悉的联系人或组织机构。这些初始邀请可能包含指向 Google 表单、Google 绘图或 ICS 文件附件的链接，后者看似是简单的信息请求或调查问卷，常以 CAPTCHA 或支持按钮的形式呈现。 一旦受害者点击链接，将被重定向至一个精心设计的恶意网站，该网站通过虚假身份验证流程窃取个人信息或公司数据。该网站可能模仿合法的登录页面、加密货币交易所或技术支持页面。攻击者的最终目的是诱骗受害者泄露敏感信息，如密码、信用卡详细信息或个人身份证号码。被盗取的信息可能被用于信用卡欺诈或未经授权的交易，给受害者带来重大风险。 值得注意的是，攻击者通常会叠加社会工程学策略来增强攻击的可信度。他们可能通过制造紧迫感、恐慌情绪或激发好奇心，诱使受害者点击恶意链接。此外，攻击者还可能冒充可信任的个人或组织，以获取受害者的信任。这无疑大大大提高了通过Google日历钓鱼的成功率，企业/组织应保持高度警惕，以应对日益复杂化的网络钓鱼攻击。   转自FreeBuf，原文链接：https://www.freebuf.com/news/418157.html 封面来源于网络，如有侵权请联系删除

What is Software Review?What is a review in software testing?There are different types of reviews

A vulnerability classified as critical was found in GNU Gimp up to 2.2.15. This vulnerability affects unknown code of the component Loader Plugins. The manipulation leads to memory corruption. This vulnerability was named CVE-2007-2949. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Easy Software Products CUPS. It has been classified as critical. Affected is the function ParseCommand of the component HPGL File Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2004-1267. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Microsoft Windows Explorer. Affected is an unknown function in the library ole32.dll. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2007-1347. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

error code: 521

趋势科技公布了威胁组织 Earth Koshchei 开展的大规模流氓远程桌面协议 (RDP) 活动。Earth Koshchei 以间谍活动而闻名，他们利用鱼叉式网络钓鱼电子邮件和恶意 RDP 配置文件来入侵包括政府、军事组织和智囊团在内的高知名度目标。 据描述，该攻击方法涉及 “RDP 中继、恶意 RDP 服务器和恶意 RDP 配置文件”，利用红队技术达到恶意目的。报告称，这种方法使攻击者能够获得受害者机器的部分控制权，导致 “数据泄露和恶意软件安装”。 该活动在 2024 年 10 月 22 日达到顶峰，当时向包括外交和军事实体在内的各种目标发送了数百封鱼叉式网络钓鱼电子邮件。这些电子邮件诱骗收件人打开恶意 RDP 配置文件，将他们的机器连接到地球 Koshchei 的 193 个 RDP 中继站之一。 地球 Koshchei 在 2024 年 8 月至 10 月间注册了 200 多个域名，展示了精心策划的活动。这些域名通常模仿合法的服务或组织，如云提供商和政府实体。此外，该组织还使用 TOR、VPN 和住宅代理等匿名层来掩盖其行动，并使归因复杂化。 该基础设施包括 193 个代理服务器和 34 个流氓 RDP 后端服务器，它们是数据外泄和间谍活动的入口点。 地球 Koshchei 展示了重新利用合法红队工具的敏锐能力。通过采用 2022 年 Black Hills 信息安全博客中描述的技术，攻击者使用 PyRDP 等工具拦截和操纵 RDP 连接。这使他们能够浏览受害者的文件系统、渗出数据，甚至打着 “AWS 安全存储连接稳定性测试 ”等合法程序的幌子运行恶意应用程序。 趋势科技解释说：“PyRDP代理可确保窃取的任何数据或执行的任何命令都会被导回攻击者，而不会引起受害者的警觉。” 该组织的目标受害者多种多样，包括政府、军队、云提供商和学术研究人员。Earth Koshchei（又称 APT29 或 Midnight Blizzard）的典型战术、技术和程序（TTPs）以及受害者研究都支持将此次活动归咎于该组织。 报告指出：“Earth Koshchei 的特点是持续针对外交、军事、能源、电信和 IT 公司。据信，该组织与俄罗斯对外情报局（SVR）有关联。” 为抵御此类攻击，企业应该： 阻止出站 RDP 连接： 将 RDP 流量限制在受信任的服务器上。 检测恶意 RDP 文件： 使用能够识别恶意 RDP 配置文件的工具，如趋势科技的 Trojan.Win32.HUSTLECON.A 检测系统。 加强电子邮件安全： 实施过滤器，防止发送可疑附件，尤其是 RDP 配置文件。   转自安全客，原文链接：https://www.anquanke.com/post/id/302885 封面来源于网络，如有侵权请联系删除

主站 分类 漏洞 工具 极客

尽管LLMs具有巨大的潜力，但网络犯罪分子并未充分利用这一技术来提升其攻击能力。