Aggregator

作者在与政府合作伙伴会面时提出，在数据泄露页面添加本地政府资源链接以提供更贴近用户需求的支持。这一想法得到了新西兰国家网络安全中心的认可，并成功实施。未来计划扩展到其他地区。

文章描述了错误代码521的原因及其解决方法。该错误通常由Cloudflare引发，表示目标服务器配置有误或无法正确响应请求。常见解决措施包括检查DNS设置、联系网站管理员或等待服务器恢复正常。

HackerNews 编译，转载请注明出处： 荷兰国家网络安全中心（NCSC-NL）警告称，攻击者正利用近期曝光的Citrix NetScaler ADC高危漏洞CVE-2025-6543入侵该国组织。该漏洞CVSS评分为9.2分，当设备配置为网关（VPN虚拟服务器、ICA代理、CVPN、RDP代理）或AAA虚拟服务器时，可引发非预期控制流及拒绝服务（DoS）。 监测显示，荷兰多家关键机构已遭利用此漏洞的攻击。调查发现攻击者自2025年5月初（即漏洞公开前近两个月）就已将其作为零日漏洞利用，并通过清除痕迹掩盖入侵行为。7月16日发现的攻击活动中，黑客在Citrix设备上植入恶意WebShell以获取远程控制权限。 漏洞修复与缓解措施 Citrix已于6月下旬发布安全更新，受影响版本包括： NetScaler ADC与Gateway 14.1早于14.1-47.46的版本 13.1早于13.1-59.19的版本 13.1-FIPS及NDcPP早于13.1-37.236-FIPS的版本 升级后需执行以下命令终止会话： kill icaconnection -all kill pcoipConnection -all kill aaa session -all kill rdp connection -all clear lb persistentSessions 威胁关联与响应建议 NCSC-NL判定攻击者具备高度技术能力。该漏洞与另一高危漏洞CVE-2025-5777（CVSS 9.3分）均被列入美国CISA已知漏洞目录。机构建议： 立即扫描NetScaler系统目录中非常规.php扩展名文件 核查新增账户权限，重点关注特权提升异常 通过NCSC-NL提供的脚本检测入侵痕迹 荷兰当局强调，未及时修补的系统可能面临持续勒索软件攻击及数据泄露风险，特别是医疗、金融等关键基础设施领域。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Bitter APT组织最新攻击样本与威胁情报

Астрономы услышали песню рождающихся галактик.

文章描述了错误代码521的情况，通常由源服务器问题或网络连接异常引起。

HackerNews 编译，转载请注明出处： 韩国最大票务及在线图书零售商Yes24表示，在勒索攻击导致其网站和移动应用中断数小时后，服务已恢复。这是该公司不到两个月内第二次遭遇此类事件。 此次中断始于当地时间凌晨4点30分左右，导致用户无法预订演唱会门票、访问电子书及使用社区论坛。Yes24称已将系统离线以防止进一步破坏，并依靠备份数据在7小时内恢复运营。公司未透露攻击者信息，也未说明是否收到赎金要求。 中断引发韩国乐队DAY6粉丝的恐慌，该乐队“The Decade”巡演门票原定于当晚8点开售。作为演唱会独家票务合作伙伴，Yes24在服务恢复后如期重启售票。 今年初夏该公司已遭勒索软件重创。6月的攻击曾迫使Yes24服务中断约五天，影响了朴宝剑、ENHYPEN、ATEEZ及说唱歌手B.I等高人气演出的票务销售，并导致多场韩国偶像预售及粉丝活动延期。韩国互联网振兴院（KISA）当时指出，该公司缺乏异地备份系统导致恢复进度缓慢。 6月事件后，Yes24承诺将“彻查安全体系”、聘请外部顾问团队、强化网络安全预算并全面升级系统。但当地媒体和用户本周批评其管理层未能阻止二次攻击，且在最新事件中提供的信息更新有限。 Yes24早有安全前科。据当地媒体报道，该公司2016年及2020年曾因违反韩国《个人信息保护法》遭处罚，2022年更有青少年黑客从其系统中窃取143万条电子书解密密钥。 票务平台因存储海量个人数据、处理高额交易，且面临快速恢复运营以避免影响重大活动的压力，成为网络犯罪分子的理想目标。在美国，StubHub和Ticketmaster等平台曾遭类似攻击，包括泰勒·斯威夫特“时代巡演”售票期间；法国巴黎圣日耳曼足球俱乐部的票务系统去年亦遭遇攻击。       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Anthropic 推出 Claude Sonnet 4 模型，支持百万 Token 上下文窗口以提升 AI 编码性能。然而 API 调用成本增加至百万输入 6 美元、输出 22.5 美元。

A vulnerability was found in Ivanti Velocity License Server up to 5.1. It has been classified as critical. This affects an unknown part. The manipulation leads to incorrect default permissions. This vulnerability is uniquely identified as CVE-2024-9167. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Ivanti Patch SDK, Endpoint Manager, Security Controls, Patch for Configuration Manager, Neurons for Patch Management and Neurons Agent Platform. This affects an unknown part of the component File Handler. The manipulation leads to incorrect permission assignment. This vulnerability is uniquely identified as CVE-2024-10256. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in AdForest Plugin up to 5.1.6 on WordPress. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-11349. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WPForms Contact Form Plugin up to 1.9.2.2 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-56276. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in AdForest Plugin up to 5.1.7 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Post Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12855. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in scriptsbundle AdForest Plugin up to 5.1.6 on WordPress. Affected by this vulnerability is the function adforest_reset_password. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2024-11350. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in SiteOrigin Page Builder Plugin up to 2.31.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12240. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP Social AutoConnect Plugin up to 4.6.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-12279. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Booking Calendar up to 10.9.2 on WordPress and classified as problematic. Affected by this issue is the function Booking of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13323. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WPForms 1.8.4/1.9.2.1 on WordPress. This issue affects some unknown processing of the component Subscription Handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-11205. The attack may be initiated remotely. There is no exploit available.