Aggregator

本文提出了一种基于流量采样的，针对骨干网络中obfs4网桥的检测方法。

Китайское право вето спутало все карты Белого дома.

A sophisticated new red team technique dubbed “RemoteMonologue” has emerged, enabling attackers to remotely harvest NTLM credentials without deploying malicious payloads or accessing the Local Security Authority Subsystem Service (LSASS). As traditional methods of credential theft face increasing scrutiny from advanced security measures and Endpoint Detection and Response (EDR) solutions, this technique represents a significant […]

The post ‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HackerNews 编译，转载请注明出处： 网络钓鱼攻击者正在采用一种名为“精准验证钓鱼”的新规避技术，该技术仅在用户输入攻击者特定目标的电子邮件地址时才会显示虚假登录表单。 与传统的广泛目标网络钓鱼不同，这种新方法使用实时电子邮件验证，确保只有经过预先验证的高价值目标才能看到钓鱼内容。 尽管这种新策略并不特别复杂或高深，但它将所有非有效目标排除在网络钓鱼过程之外，从而阻止他们了解攻击操作。 电子邮件安全公司Cofense记录了这种新策略的采用率上升，并指出这给他们的工作带来了显著的实际问题。 在研究网络钓鱼网站时，研究人员通常会输入虚假的电子邮件地址或他们控制的地址，以映射凭证盗窃活动。 然而，随着这种新技巧的出现，研究人员输入的无效或测试电子邮件地址现在会显示错误或将其重定向到无害的网站。这影响了研究中使用的自动化安全爬虫和沙箱，降低了检测率并延长了网络钓鱼活动的寿命。 “网络安全团队传统上依赖于通过提交虚假凭证来观察攻击者行为和基础设施的受控网络钓鱼分析，”Cofense解释道。 “通过精准验证钓鱼，这些策略变得无效，因为任何未识别的电子邮件在钓鱼内容被交付之前就会被拒绝。” 根据Cofense的说法，攻击者使用两种主要技术来实现实时电子邮件验证。 第一种方法是滥用集成在网络钓鱼工具包中的第三方电子邮件验证服务，通过API调用实时检查受害者地址的有效性。 第二种方法是在网络钓鱼页面中部署自定义JavaScript，该脚本会将受害者在钓鱼页面上输入的电子邮件地址发送到攻击者的服务器，以确认其是否在预先收集的列表中。 如果没有匹配项，受害者将被重定向到无害的网站，比如维基百科。 Cofense解释说，通过简单地输入向他们报告网络钓鱼尝试的人员的电子邮件地址来绕过这一限制通常是不可能的，因为他们的客户施加了使用限制。 即使他们被允许使用真实目标的地址，分析人员也指出，一些活动更进一步，在受害者在钓鱼页面上输入有效电子邮件后，会向其收件箱发送一个验证代码或链接。 为了继续网络钓鱼过程，受害者需要输入他们收件箱中收到的代码，而这超出了安全分析师的访问范围。 这对电子邮件安全工具，尤其是依赖传统检测方法的工具，产生了严重的影响，因为它们更有可能无法向目标发出网络钓鱼尝试的警报。 随着网络钓鱼活动采用动态输入验证，防御者必须采用新的检测策略，强调行为指纹识别和实时威胁情报关联，以保持领先于攻击者。   消息来源：Bleeping Computer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

随着数据要素价值的不断提高，保护处于使用状态中的敏感数据愈发重要。

尽管恶意项目已不在 SourceForge 上，但卡巴斯基表示，该项目已被搜索引擎收录，吸引了搜索“办公插件”或类似内容的用户访问。

The OpenSSH team has announced the release of OpenSSH 10.0 on April 9, marking an important milestone for one of the most widely-used open-source tools in secure communications. With significant protocol changes, security advancements, and new features, this version aims to provide enhanced protection and functionality for users worldwide. Key Security Improvements The OpenSSH 10.0 release introduces […]

The post OpenSSH 10.0 Released: New Protocol Changes and Key Security Improvements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Малый бизнес стал лакомой добычей киберпреступников.

Forrester研究报告显示，高尖技术行业因数据泄露造成的损失就超过20亿美元，而邮件泄密占比高达63%。邮 […]

OpenSSH 10.0 释出。主要变化包括：移除了对 DSA 签名算法的支持，该算法自 2015 年起就默认禁用；默认将后量子加密算法 mlkem768x25519-sha256 用于密钥协商；Portable OpenSSH 支持 systemd 风格的套接字激活（socket activation）；将用户身份验证代码从 sshd-session 二进制移至新的 ssh-auth 二进制，等等。

最近，日本通过其新设立的“官方安全援助”（OSA）机制，向蒙古国提供了一套空中交通管制雷达系统，这一举动看似

在浩瀚的网络海洋中，隐藏着一支神秘的“军队”。他们不拿枪炮，却能在瞬间让千里之外的金融系统瘫痪，让机密信息如

AI垃圾邮件机器人AkiraBot绕过验证码攻击8万网站！

A vulnerability has been found in Apple Safari and classified as critical. This vulnerability affects unknown code of the component Web Content Handler. The manipulation leads to use after free. This vulnerability was named CVE-2025-30427. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple Safari. Affected is an unknown function of the component Web Content Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-24216. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple tvOS. Affected is an unknown function of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-30427. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple iOS and iPadOS. Affected by this vulnerability is an unknown functionality of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2025-30427. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS. Affected by this issue is some unknown functionality of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-30427. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple visionOS. This affects an unknown part of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-30427. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks for a summary. Just like that, confidential information is ingested into a third-party model beyond your control. Even with data loss prevention (DLP) policies, AI data leaks are challenging to prevent. If the AI system is cloud-based and employees can access it externally, companies may never know … More →

The post How to find out if your AI vendor is a security risk appeared first on Help Net Security.