Aggregator

当前环境异常,需完成验证后方可继续访问。

无线充电联盟WPC宣布Qi2 25W充电选项已获支持，并将应用于即将发布的安卓旗舰机和谷歌Pixel 10系列，缩短充电时间。

A vulnerability classified as problematic was found in Squished Mosquito Escapade Scripting Engine. Affected by this vulnerability is an unknown functionality. The manipulation of the argument PAGE leads to basic cross site scripting. This vulnerability is known as CVE-2003-0763. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Squished Mosquito Escapade Scripting Engine. Affected by this issue is some unknown functionality of the component Error Message Handler. The manipulation of the argument PAGE leads to information disclosure. This vulnerability is handled as CVE-2003-0764. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Ipswitch WS_FTP Server 3.x/4.x. Affected is an unknown function. The manipulation as part of APPE/STAT Command leads to memory corruption. This vulnerability is traded as CVE-2003-0772. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Ikonboard 3.1.1/3.1.2a. It has been rated as critical. Affected by this issue is some unknown functionality of the file FUNC.pm of the component Cookie Handler. The manipulation of the argument lang leads to memory corruption. This vulnerability is handled as CVE-2003-0770. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Sun MySQL up to 3.0.57/4.0.14. This affects an unknown part of the component Password Field Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2003-0780. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows NT 4.0/2000/XP/Server 2003 and classified as critical. This vulnerability affects unknown code of the component RPC/DCOM Object Identity. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2004-0124. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows 2000/XP and classified as very critical. This issue affects some unknown processing of the component Workstation Service. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2003-0812. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Recently uncovered critical vulnerabilities in Cisco’s infrastructure are already being actively exploited by malicious actors to compromise corporate networks. The company has officially confirmed that its Product Security Incident Response Team (PSIRT) has observed...

The post Cisco ISE Critical RCE Zero-Days (CVSS 10.0) Actively Exploited In The Wild – Patch Immediately! appeared first on Penetration Testing Tools.

作者介绍了自己长期使用文件完整性监控工具（FIM）的经验，并分享了自己开发的Python工具ficheck.py。该工具用于监控文件创建、删除及属性变化，并支持邮件通知。作者提供了安装脚本和配置示例，并强调其高效性和灵活性。

HackerNews 编译，转载请注明出处： 研究人员发现，俄罗斯正越来越多地利用吉尔吉斯斯坦快速增长的加密货币行业规避国际制裁，并为乌克兰战争输送资金。 区块链情报公司TRM Labs新报告显示，受制裁的俄罗斯实体多次使用在吉尔吉斯斯坦注册的交易所。这些虚拟资产服务提供商（VASP）大多以空壳公司形式运作，常在不同实体间重复使用相同住址、联系方式和创始人身份。 报告指出，部分吉尔吉斯注册的VASP既无可见业务运营，也无面向公众的用户平台。有些与物流公司共享电话号码，另一些则列名毫无商业或加密货币经验的创始人。 某些实体还与高风险俄罗斯加密交易所Garantex共享钱包基础设施和行为模式——该平台于2022年被美国制裁并下线。研究人员认为部分吉尔吉斯注册企业可能由原平台的同一批人操控。 自2022年俄罗斯全面入侵乌克兰以来，克里姆林宫日益依赖替代性金融网络资助战事并获取敏感技术。吉尔吉斯斯坦已成为莫斯科的重要物流和金融枢纽。据报道，半导体、无人机部件和反无人机设备等常被视为军民两用的商品，从中国等国家出口后经吉尔吉斯斯坦转运至俄罗斯。 吉尔吉斯斯坦的加密友好政策进一步助长了此类活动。该国2022年通过法律承认虚拟资产的合法地位，并为加密企业建立许可制度，将其纳入正式监管框架。 吉尔吉斯的加密漏洞是俄罗斯重构经济体系以抵御西方制裁的整体战略一环。克里姆林宫还在本土将规避制裁行为制度化：莫斯科知名高等经济学院近期开设硕士课程，专门教授学生如何应对西方贸易和金融限制，表明俄政府将构建制裁抵御型经济视为长期战略。 西方国家日益关注俄罗斯不断扩张的制裁规避体系。今年6月，美国当局指控一名纽约居住的俄罗斯公民利用其加密公司为受制裁俄银行转移敏感美国技术和资金。 TRM Labs研究人员强调：“寻求遏制俄罗斯制裁规避手段的各国政府及执法机构，需紧急与吉尔吉斯当局直接沟通合规事宜。若放任不管，俄罗斯可能在邻国复制相同模式。”       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章描述了错误代码521的情况，指出该问题通常由Cloudflare引起，表明Web服务器无法处理请求。

The British government has announced its preparation for a bold and decisive move in the fight against cybercrime—a sweeping ban on ransom payments following ransomware attacks. This new prohibition will apply to public sector...

The post UK to Ban Ransom Payments for Public Sector and Critical Infrastructure in Fight Against Cybercrime appeared first on Penetration Testing Tools.

Chenguang Gong, a 59-year-old engineer from Silicon Valley holding dual citizenship in the United States and China, has pleaded guilty to the theft of over 3,600 confidential documents containing critical military technology developments. Among the...

The post Silicon Valley Engineer Pleads Guilty to Stealing US Military Tech Secrets for China appeared first on Penetration Testing Tools.

有人尝试利用AI自动化逆向编译游戏，以快速制作原生PC移植版。近期的例子包括《马里奥卡丁车64》《马里奥64》《超级银河战士》和《超级马里奥兄弟1》等经典作品的PC版本。

A vulnerability, which was classified as very critical, has been found in ABB ASPECT Enterprise ASP-ENT-x, NEXUS NEX-2x, NEXUS NEXUS-3-x and MATRIX MAT-x 3.07. This issue affects some unknown processing of the component Install Package Handler. The manipulation leads to use of default credentials. The identification of this vulnerability is CVE-2024-4007. Access to the local network is required for this attack. Furthermore, there is an exploit available.

Microsoft has released the preview cumulative update KB5062660 for Windows 11 version 24H2, introducing 29 new features and enhancements. As part of the traditional end-of-month optional update cycle, this release does not include security...

The post Windows 11 24H2 Preview Unleashes 29 New Features: Rapid Recovery, Recall in EEA, AI Assistant & More appeared first on Penetration Testing Tools.

TP-Linkが提供するArcher C1200には、クリックジャッキングの脆弱性が存在します。

HackerNews 编译，转载请注明出处： 法国最大造船企业海军集团（Naval Group）据称遭遇重大黑客攻击。研究人员认为攻击者在网上分享的数据样本包含真实细节。该公司深度参与法国国防领域。 一名威胁行为者在知名数据泄露论坛上宣布了据称的海军集团数据泄露事件。攻击者声称已获取法国潜艇和护卫舰使用的作战管理系统（CMS）访问权限。 值得注意的是，攻击者似乎无意出售数据（数据泄露论坛用户常采取此做法），而是试图通过威胁泄露数据来勒索海军集团。 泄露数据样本内容 海军集团是欧洲国防领域的重要参与者，员工超15,000人，年收入超50亿美元（43亿欧元）。其主要股东为法国政府和泰雷兹集团。 我们已联系该公司寻求置评，收到回复后将更新本文内容。 泄露数据涉及哪些内容？ 根据攻击者在数据泄露论坛的帖子，网络犯罪分子据称获取了以下内容： 军用舰艇CMS的源代码 网络数据 标注不同限制级别的技术文档 开发人员虚拟机访问权限 机密通信记录 若得到证实，此次数据泄露将对该公司及法国国家安全构成重大威胁。潜艇和护卫舰CMS源代码的泄露将引起法国所有对手的兴趣，且需投入资金缓解问题。 网络安全研究团队分析了攻击者帖子中附带的13GB数据样本，认定泄露细节似乎真实可信。样本包含各类合同、据称来自CMS的信息，以及疑似潜艇监控系统的视频（但视频时间戳显示为2003年）。 然而，出于经济动机的攻击者常夸大所获数据的实际影响以胁迫受害者满足勒索要求。目前尚不清楚数据泄露的真实程度。 总部位于巴黎的海军集团是法国海军防务设计、开发和建造的关键角色。该公司历史可追溯至17世纪末，自成立以来一直是法国海军防务不可或缺的一部分。例如，法国唯一的核动力航空母舰“夏尔·戴高乐”号即由海军集团（当时名为DCN“法国舰艇建造局”）建造。       消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文