Aggregator

Происшествие в Медельине становится ключом к раскрытию глобального заговора.

If you’ve ever had your website compromised by malware, you know the sheer panic it can cause. But

RansomHub 勒索软件组织公布了其据称从摩托车制造商川崎欧洲汽车公司 (KME) 窃取的 487 GB 数据。 川崎欧洲汽车公司上周披露了这一事件，并告知客户该公司正在从 9 月初未成功的网络攻击中恢复。 该公司表示，作为预防措施，服务器被暂时隔离，并启动清理过程以检查所有数据并处理任何潜在的感染。 KME 表示：“KME IT 部门、其分支机构的 IT 员工以及外部网络安全顾问花了一周时间隔离和检查所有服务器并恢复其互连。” 该公司表示，已成功恢复 90% 以上的服务器功能，并恢复“经销商、业务管理部门以及物流公司等第三方供应商”的正常业务。 虽然这家摩托车制造商并未透露其遭遇了何种类型的网络攻击，但在官方发布事件通知时，RansomHub 勒索软件团伙已将川崎添加到其基于 Tor 的泄密网站中。 该组织声称从 KME 窃取了 487 Gb 的数据，并威胁说，除非支付赎金，否则将公开发布据称被盗的信息。 周末，由于勒索未遂，RansomHub 兑现了威胁，并公布了相关数据。 KME 是日本制造商川崎重工的一个部门，销售摩托车、多功能车、动力运动行业产品、零件、配件和装备。 美国政府在上个月底的联合公告中表示，RansomHub 勒索软件团伙自 2024 年 2 月起活跃，截至 8 月底已造成210 多名受害者。然而，该组织基于 Tor 的网站上并未列出所有受害者。   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/7IiTk13ruzyA44wEyNM3cg 封面来源于网络，如有侵权请联系删除  

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.10.8. Affected by this issue is the function cow_file_range of the component btrfs. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-46733. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in SYSCOM Group OMFLOW up to 1.1.x. Affected by this vulnerability is an unknown functionality of the component Password Hash Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-8969. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Takenaka HDVR-400, HDVR-800, HDVR-1600, AHD04T-A, AHD08T-A, AHD16T-A, NVR04T-A, NVR08T-A and NVR16T-A. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2024-43778. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Takenaka HDVR-400, HDVR-800, HDVR-1600, AHD04T-A, AHD08T-A, AHD16T-A, NVR04T-A, NVR08T-A and NVR16T-A. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-47001. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Takenaka HDVR-400, HDVR-800, HDVR-1600, AHD04T-A, AHD08T-A, AHD16T-A, NVR04T-A, NVR08T-A and NVR16T-A. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2024-41929. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

美国最高网络监管机构CISA敦促联邦机构移除或升级一款不再更新且已被用于攻击的 Ivanti 设备。 该科技公司周五更新了一份公告，警告称，由于 CVE-2024-8190 的利用，“有限数量的客户”遭到入侵。 该漏洞于周二公布，影响了 Ivanti 的云服务设备 (CSA) – 一种通过互联网提供安全通信并作为托管设备和中央控制台连接的中心点的工具。 网络安全和基础设施安全局 (CISA)也在周五证实了这一漏洞的存在，利用该漏洞，黑客可以“访问运行 CSA 的设备”。 该咨询指出，CSA 4.6 已终止使用并且“不再接收针对操作系统或第三方库的补丁”。 “此外，随着生命周期结束，这是 Ivanti 将为该版本反向移植的最后一个修复。客户必须升级到 Ivanti CSA 5.0 才能继续获得支持。”他们说。“CSA 5.0 是唯一受支持的版本，不包含此漏洞。已经运行 Ivanti CSA 5.0 的客户无需采取任何其他措施。” CISA命令所有联邦民事机构在 10 月 4 日之前停止使用 CSA 4.6 或升级到 5.0。 Ivanti 表示，用户可以通过查看是否有修改或新增的管理用户来判断自己是否受到该漏洞的影响。他们还敦促客户检查安全警报，看是否涉及某些安全工具。 这个问题出现的前一天，Ivanti 的另一个漏洞引起了防御者的警惕。今年 4 月，美国和欧洲政府机构的系统遭到一系列引人注目的国家攻击，这些攻击利用 Ivanti 产品中的漏洞，攻破了这些政府机构的系统。此后，该公司承诺进行安全整改。   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/hkZSlnEcUiBloKEieu8PLg 封面来源于网络，如有侵权请联系删除

A vulnerability was found in Linux Kernel up to 5.10.225/5.15.166/6.1.108/6.6.49/6.10.8. It has been classified as critical. This affects an unknown part of the component AMD GPU. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-46725. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.166/6.1.108/6.6.49/6.10.8 and classified as problematic. Affected by this issue is the function linear_pitch_alignment of the component AMD Display. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2024-46732. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.225/5.15.166/6.1.108/6.6.49/6.10.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component AMD. The manipulation of the argument mc_data leads to out-of-bounds read. This vulnerability is known as CVE-2024-46731. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.10.8. Affected is the function tg_inst of the component AMD Display. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2024-46730. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.10.8. This issue affects the function fe_clk_en of the component AMD Display. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2024-46729. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.49/6.10.8. This vulnerability affects the function aux_rd_interval of the component AMD Display. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-46728. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.108/6.6.49/6.10.8. This affects the function vmid0p72_idx of the component AMD Display. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-46726. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.225/5.15.166/6.1.108/6.6.49/6.10.8. It has been rated as problematic. Affected by this issue is the function df_v1_7_channel_number of the component AMD GPU. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-46724. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.8. It has been declared as critical. Affected by this vulnerability is the function otg_master of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-46727. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.8. It has been classified as problematic. Affected is an unknown function of the component AMD GPU. The manipulation of the argument ucode leads to out-of-bounds read. This vulnerability is traded as CVE-2024-46723. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.8 and classified as problematic. This issue affects the function mc_data of the component AMD GPU. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-46722. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.