Aggregator

LLM 生成 SVG 文件绕过邮件安全防护

HackerNews
8 months 3 weeks ago
HackerNews 编译,转载请注明出处: 微软正提请关注一场新的钓鱼攻击活动,该活动主要针对美国境内机构,且疑似利用大型语言模型(LLM)生成代码,对攻击载荷进行混淆处理,以绕过安全防护机制。 微软威胁情报团队在上周发布的分析报告中指出:“该攻击活动疑似借助大型语言模型(LLM),将恶意行为隐藏在 SVG 文件中,并利用商业术语和合成结构掩盖其恶意意图。” 这场于 2025 年 8 月 28 日被检测到的攻击活动表明,威胁行为者正越来越多地将人工智能(AI)工具纳入其攻击流程,目的通常包括制作更具欺骗性的钓鱼诱饵、自动完成恶意软件混淆,以及生成模仿合法内容的代码。 据微软(这家 Windows 操作系统开发商)记录的攻击链显示,威胁行为者利用已被入侵的企业邮箱账户发送钓鱼邮件,以窃取受害者凭证。这些邮件伪装成 “文件共享通知”,诱骗受害者打开看似 PDF 文档的文件 —— 但实际上,该文件是可缩放矢量图形(Scalable Vector Graphics,简称 SVG)文件。 此类邮件的一大特点是攻击者采用 “自发送” 策略:发件人与收件人地址一致,而真正的攻击目标则隐藏在密送(BCC)字段中,以此绕过基础检测规则。 微软表示:“SVG 文件(可缩放矢量图形)对攻击者极具吸引力,原因在于其基于文本且支持脚本编写,可直接在文件内嵌入 JavaScript 及其他动态内容。这使得攻击者能够交付看似无害的交互式钓鱼载荷,无论对用户还是多数安全工具而言,都难以识别其恶意本质。” 微软进一步补充,SVG 文件格式还支持 “隐藏元素”“编码属性”“延迟脚本执行” 等特性,这些功能使其成为攻击者规避静态分析与沙箱检测的理想选择。 SVG 文件一旦被打开,会将用户重定向至一个要求完成 “验证码(CAPTCHA)安全验证” 的页面。受害者完成验证后,通常会被引导至伪造的登录页面,其凭证随之被窃取。微软称,由于该威胁已被其系统识别并中和,目前尚不清楚后续具体攻击步骤。 此次攻击的独特之处在于其非常规的混淆手段:利用商业相关术语隐藏 SVG 文件中的钓鱼内容 —— 这一特征表明,相关代码可能由 LLM 生成。 微软解释道:“首先,SVG 代码的开头被构造成看似合法的‘企业分析仪表盘’样式。这种设计旨在误导任何随意检查文件的人,让他们误以为该 SVG 的唯一用途是可视化展示业务数据。但实际上,这只是一个伪装。” 其次,攻击载荷的核心功能(包括将用户重定向至初始钓鱼落地页、触发浏览器指纹识别、启动会话跟踪)也被一串冗长的商业相关术语(如 “收入”“运营”“风险”“季度”“增长”“份额” 等)所掩盖。 微软表示,其已将相关代码在 Security Copilot(微软安全副驾驶)中进行分析,结果显示该程序 “并非人类通常会从零编写的代码 —— 因其复杂度高、冗余度大,且缺乏实际应用价值”。微软得出这一结论的依据包括以下几点: 函数与变量的命名过于描述性且冗余 代码结构高度模块化但过度设计 注释内容通用且冗长 利用商业术语实现混淆的方法具有公式化特征 SVG 文件中包含 CDATA 段与 XML 声明,疑似为模仿文档示例而添加 微软指出:“尽管此次攻击活动影响范围有限且已被有效拦截,但各类威胁行为者正越来越多地采用类似技术。” 与此同时,Forcepoint(网络安全公司)也披露了一起多阶段攻击事件:攻击者通过含.XLAM 附件的钓鱼邮件执行 shellcode(壳代码),最终通过二级载荷部署 XWorm 远程访问木马(RAT);同时,攻击者会显示空白或损坏的 Office 文件作为伪装。其中,二级载荷的作用是作为 “通道”,在内存中加载.DLL 文件。 Forcepoint 表示:“在内存中运行的二级.DLL 文件采用了高度混淆的打包与加密技术。该二级.DLL 文件通过‘反射式 DLL 注入’技术,在内存中再次加载另一个.DLL 文件,而后者最终负责执行恶意软件。” “后续的最终步骤是在其自身主可执行文件中进行‘进程注入’,以维持持久化控制,并将数据窃取至其命令与控制(C2)服务器。经核查,这些接收窃取数据的 C2 服务器与 XWorm 家族恶意软件相关。” 此外,Cofense(邮件安全公司)称,近几周的钓鱼攻击还利用 “美国社会保障局”“版权侵权” 等相关诱饵,分别分发 ScreenConnect ConnectWise(远程控制工具,常被用于后续攻击)及 Lone None Stealer、PureLogs Stealer 等信息窃取恶意软件。 针对 “版权侵权” 主题的钓鱼攻击,Cofense 表示:“攻击者通常伪装成多家律师事务所,声称要求受害者移除其网站或社交媒体页面上的侵权内容。该攻击活动的显著特点在于其创新手段:利用 Telegram 机器人资料页交付初始载荷、使用混淆处理的编译型 Python 脚本载荷,且通过多版攻击样本可看出其复杂度正不断升级。”   消息来源:thehackernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

LLM 生成 SVG 文件绕过邮件安全防护

不安全
8 months 3 weeks ago
错误代码521通常表示Cloudflare网络与源服务器之间的连接问题。这可能是由于源服务器配置错误、网络连接不稳定或防火墙设置不当导致的。解决方法包括检查源服务器状态、调整防火墙规则或联系网络管理员排查问题。

恶意服务器伪装成 Postmark-MCP 包窃取邮件

HackerNews
8 months 3 weeks ago
HackerNews 编译,转载请注明出处: 网络安全研究人员发现了据称是全球首例在实际环境中被检测到的恶意模型上下文协议(Model Context Protocol,简称 MCP)服务器,这一发现加剧了软件供应链面临的风险。 据 Koi 安全公司透露,一名伪装成合法开发者的人员,在一个名为 “postmark-mcp” 的 npm 包中植入了恶意代码。该恶意包与 Postmark Labs 官方同名库高度相似,其恶意功能从 2025 年 9 月 17 日发布的 1.0.16 版本开始植入。 而 GitHub 上的正版 “postmark-mcp” 库,其功能是提供一个 MCP 服务器,供用户发送电子邮件、获取并使用电子邮件模板,以及通过人工智能(AI)助手跟踪营销活动。 涉事的 npm 包已被开发者 “phanpak” 从 npm 平台删除。该开发者于 2025 年 9 月 15 日将该包上传至 npm 仓库,此外还维护着其他 31 个包。这个 JavaScript 库在被删除前,累计被下载了 1643 次。 Koi 安全公司首席技术官伊丹・达迪克曼(Idan Dardikman)表示:“自 1.0.16 版本起,这个包就一直在暗中将每封电子邮件复制到开发者的私人服务器上。这是全球首次发现现实环境中的恶意 MCP 服务器。终端供应链攻击的攻击面正逐渐成为企业面临的最大攻击面。” 该恶意包是对正版库的仿制品,唯一区别是在 1.0.16 版本中添加了一行代码 —— 这行代码会通过 “密送(BCC)” 方式,将所有通过该 MCP 服务器发送的电子邮件转发至邮箱地址 “phan@giftshop [.] club”,这一行为可能导致敏感通信内容泄露。 达迪克曼指出:“postmark-mcp 中的后门并不复杂,甚至简单到令人尴尬。但它完美地证明了整个生态体系的漏洞有多严重:一名开发者、一行代码,就能导致成千上万封邮件被窃取。” 研究人员建议已安装该 npm 包的开发者,立即从工作流程中移除该包,更换所有可能通过电子邮件泄露的凭证,并检查电子邮件日志,确认是否存在向上述域名发送密送邮件的记录。 Snyk 公司(注:知名应用安全公司)表示:“MCP 服务器通常在代理工具链中拥有较高信任度和广泛权限。因此,它们处理的所有数据都可能具有敏感性,例如密码重置邮件、发票、客户沟通记录、内部备忘录等。在本次事件中,这个 MCP 服务器中的后门被设计用于收集并窃取依赖该 MCP 服务器的智能代理工作流(agentic workflows)所产生的电子邮件。” 此次事件表明,威胁 actors(注:指从事网络攻击等恶意活动的个人或组织)仍在利用开源生态系统以及新兴的 MCP 生态系统中的用户信任谋取私利,尤其当这些系统在缺乏足够安全防护措施的情况下,被部署到企业关键业务环境中时,风险更为突出。     消息来源:thehackernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

揭秘魔罗桫(confucius)组织武器库源代码

奇安信威胁情报中心
8 months 3 weeks ago
通过多源情报分析研判,我们认为“魔罗桫”属于具有外包性质的 APT 组织,其攻击行动多由本土承包商或个人发起。此类外包型网络攻击具备几个显著特征:攻击成本较低、技术手法相对简单,但攻击目标往往体现国家意志。

CVE-2025-10184

CVE Trends
8 months 3 weeks ago
Currently trending CVE - Hype Score: 29 - The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to ...

CVE-2024-36401

CVE Trends
8 months 3 weeks ago
Currently trending CVE - Hype Score: 1 - GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a ...

CVE-2025-10980 | JeecgBoot up to 3.8.2 /sys/position/exportXls improper authorization

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as critical was found in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. This vulnerability is referenced as CVE-2025-10980. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10981 | JeecgBoot up to 3.8.2 /sys/tenant/exportXls improper authorization

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. This vulnerability is identified as CVE-2025-10981. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10994 | Open Babel up to 3.1.1 gamessformat.cpp ReadMolecule use after free (Issue 2834)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. This vulnerability is handled as CVE-2025-10994. It is possible to launch the attack on the local host. Additionally, an exploit exists.
vuldb.com

CVE-2025-10995 | Open Babel up to 3.1.1 /src/zipstreamimpl.h underflow memory corruption (Issue 2832)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-10995. Local access is required to approach this attack. Moreover, an exploit is present.
vuldb.com

CVE-2025-10871 | GitLab Enterprise Edition up to 18.2.6/18.3.2/18.4.0 authorization (Issue 569482 / EUVD-2025-31325)

Vuldb Updates
8 months 3 weeks ago
A vulnerability identified as problematic has been detected in GitLab Enterprise Edition up to 18.2.6/18.3.2/18.4.0. The impacted element is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-10871. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-10868 | GitLab Community Edition/Enterprise Edition up to 18.2.6/18.3.2/18.4.0 logic error (Nessus ID 265961 / WID-SEC-2025-2140)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.2.6/18.3.2/18.4.0. This issue affects some unknown processing. The manipulation results in business logic errors. This vulnerability was named CVE-2025-10868. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-10867 | GitLab Community Edition/Enterprise Edition up to 18.2.6/18.3.2/18.4.0 allocation of resources (Issue 517757 / EUVD-2025-31326)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.2.6/18.3.2/18.4.0. It has been classified as problematic. This vulnerability affects unknown code. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2025-10867. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-7691 | GitLab Enterprise Edition up to 18.2.6/18.3.2/18.4.0 privilege defined with unsafe actions (Issue 555786 / EUVD-2025-31323)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in GitLab Enterprise Edition up to 18.2.6/18.3.2/18.4.0. It has been rated as problematic. Impacted is an unknown function. Performing manipulation results in privilege defined with unsafe actions. This vulnerability is reported as CVE-2025-7691. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2025-9642 | GitLab Community Edition/Enterprise Edition up to 18.2.6/18.3.2/18.4.0 cross site scripting (Issue 566505 / Nessus ID 265987)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 18.2.6/18.3.2/18.4.0. Affected by this vulnerability is an unknown functionality. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-9642. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

Managed ad