Aggregator
CVE-2025-22781 | Nativery Developer Nativery Plugin up to 0.1.6 on WordPress cross site scripting
CVE-2025-22797 | Oğulcan Özügenç Gallery and Lightbox Plugin up to 1.0.14 on WordPress cross site scripting
CVE-2025-22793 | Bold Pagos en Linea Plugin up to 3.1.0 on WordPress cross site scripting
CVE-2025-22784 | Johan Ström Background Control Plugin up to 1.0.5 on WordPress cross-site request forgery
Threat Landscape Report: Uncovering Critical Cyber Threats to Manufacturing Sector
Review: Inside Cyber Warfare, 3rd Edition
Inside Cyber Warfare, 3rd Edition by Jeffrey Caruso explores how nation-states, corporations, and hackers engage in digital warfare. It offers insights into the intersection of cybersecurity, geopolitics, and emerging technology. About the author Jeffrey Caruso is a globally recognized cybersecurity adviser, author, and researcher with nearly two decades of experience in cyber intelligence and national security. He has briefed agencies, and lectured at military institutions. A U.S. Coast Guard veteran, Caruso is the creator of … More →
The post Review: Inside Cyber Warfare, 3rd Edition appeared first on Help Net Security.
系统BC远控木马现瞄准Linux,传播勒索软件和信息窃取程序
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops
CVE-2021-3114 | Google Go up to 1.14.13/1.15.6 crypto/elliptic/p224.go calculation (Nessus ID 215313)
CVE-2024-32884 | Byron gitoxide up to 0.34.x/0.41.x/0.61.x Username command injection (GHSA-98p4-xjmm-8mfh / Nessus ID 215316)
CVE-2024-33877 | HDF5 up to 1.14.3 H5Tconv.c H5T__conv_struct_opt heap-based overflow (Nessus ID 215317)
CVE-2024-4323 | Fluent Bit up to 3.0.3 Embedded HTTP Server heap-based overflow (Nessus ID 215324)
下探到 7 万,比亚迪把「智驾溢价」打没了
How to detect and disable Apple AirTags that might be tracking you
Apple’s AirTags are a convenient way to track personal items like keys and bags, but they also raise concerns about unwanted tracking and stalking. To help users stay safe, Apple has implemented several anti-stalking protections, including unwanted tracking alerts and sound notifications. Apple’s anti-stalking protections Apple’s anti-stalking features are built into the Find My app on iOS. These tools help users detect and respond to any AirTags that may be tracking them without their consent. … More →
The post How to detect and disable Apple AirTags that might be tracking you appeared first on Help Net Security.
科学家发现宇宙最大结构 Quipu
感染 COVID-19 可能加速大脑衰老四年
Cybersecurity jobs available right now: February 11, 2025
Application Offensive Security Consultant Sharp Decisions | USA | On-site – View job details As an Application Offensive Security Consultant, you will perform Offensive Security Testing against applications and APIs. Perform application threat hunting to evaluate risk to applications. Perform manual security testing of applications. Provide the vulnerability information in the predefined report format after performing the testing using manual methodology and tools Automotive Cybersecurity Assessor / Engineer UL Solutions | South Korea | On-site … More →
The post Cybersecurity jobs available right now: February 11, 2025 appeared first on Help Net Security.
新型 Aquabotv3 勒索软件利用 Mitel 命令注入漏洞发起攻击
一种基于“Mirai”的僵尸网络恶意软件“Aquabot”的新变种已被发现正在积极利用 Mitel SIP 电话中的命令注入漏洞 CVE-2024-41710。
这项活动是由Akamai的安全情报和响应小组(SIRT)发现的,报告说这是属于其雷达的Aquabot的第三种变体。恶意软件系列是在2023年引入的,第二版增加了持久机制。第三个变体“ aquabotv3”引入了一个系统,该系统检测终止信号并将信息发送到命令和控制服务器(C2)服务器。
AquaboTV3报告阻断尝试的机制对于僵尸网络来说不同寻常,并且可能已添加以使其运营商更好地进行监控。
报告过程阻断C2的尝试
针对Mitel手机
CVE-2024-41710是影响Mitel 6800系列,6900系列和6900W系列SIP电话的指挥注射漏洞,通常用于公司办公室,企业,政府机构,医院,医院,教育机构,教育机构,酒店和金融机构。
这是一个中等严重的漏洞,它允许具有管理员特权的身份验证的攻击者,由于启动过程中的参数消毒不足而进行参数注射攻击,从而导致任意命令执行。
Mitel于2024年7月17日发布了有关此漏洞的修复程序和安全咨询,敦促用户进行升级。两周后,安全研究员Kyle Burns在Github上发表了概念验证(POC)。
AquaboTV3在攻击中使用该POC利用CVE-2024-41710,是利用此漏洞的第一个记录案例。研究人员解释说:“ Akamai Sirt在2025年1月初,通过全球蜜罐网络使用有效载荷几乎与POC相同,检测到针对这种脆弱性的利用尝试。”
攻击需要身份验证的事实表明,恶意软件僵尸网络使用蛮力来获得初始访问。
攻击者制作的HTTP POST请求针对脆弱的端点8021xSupport.html,负责Mitel SIP电话中的802.1X身份验证设置。该应用程序不当处理用户输入,允许将畸形的数据插入手机的本地配置(/nvdata/etc/local.cfg)。
通过注入线路结束字符(%dt→%0D),攻击者可以操纵设备启动过程中如何解析配置文件以从其服务器中执行远程壳脚本(BIN.SH)。
该脚本下载并安装了定义的体系结构(X86,ARM,MIPS等)的Aquabot有效载荷,使用“ CHMOD 777”设置其执行权限,然后清理任何痕迹。
Aquabotv3活性
一旦确保了持久性,Aquabotv3将通过TCP连接到其C2,以接收说明、攻击命令,更新或其他有效负载。
接下来,它尝试使用MITEL Exploit,CVE-2018-17532(TP-Link),CVE-2023-26801(IOT固件RCE),CVE-2022-31137(Web App RCE),Linksys E E linksys e,尝试使用MITEL Exploit(TP-Link),CVE-2018-17532(TP-Link)(TP-Link)(TP-Link)(TP-Link)(TP-Link),Linksys E - 系列RCE,Hadoop纱和CVE-2018-10562 / CVE-2018-10561(Dasan Router Router Bugs)。该恶意软件还试图违反强制默认或弱SSH/TELNET凭据,以扩展到同一网络上固定较差的设备。
AquaboTV3的目标是将设备纳入其分配拒绝服务(DDOS)群,并使用它们执行TCP SYN,TCP ACK,UDP,GRE IP和应用程序层攻击。
Akamai在其报告底部列出了与 Aquabotv3 相关的入侵指标(IoC),以及用于检测该恶意软件的 Snort 和 YARA 规则。