Aggregator

CVE-2025-59799 | Artifex Ghostscript up to 10.05.1 gdevpdfm.c pdfmark_coerce_dest size stack-based overflow (EUVD-2025-30395)

VulDB Recent Entries
9 months ago
A vulnerability, which was classified as critical, was found in Artifex Ghostscript up to 10.05.1. Affected by this issue is the function pdfmark_coerce_dest of the file devices/vector/gdevpdfm.c. The manipulation of the argument size results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-59799. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2017-20200 | Coinomi up to 1.7.6 cleartext transmission (Issue 213)

Vuldb Updates
9 months ago
A vulnerability was found in Coinomi up to 1.7.6. It has been declared as problematic. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2017-20200. The attack can be launched remotely. Moreover, an exploit is present. The vendor replied with: "(...) there isn't any security implication associated with your findings."
vuldb.com

Kubernetes matures as AI and GitOps reshape operations

Help Net Security
9 months ago

Kubernetes has moved well past its early adoption phase. The new Komodor 2025 Enterprise Kubernetes Report shows that technical teams are shifting their focus from running containers to managing a growing mix of AI workloads and advanced automation practices like GitOps. “Organizations have made Kubernetes their standard, but our report shows the real challenge is operational, not architectural,” said Itiel Shwartz, CTO of Komodor. “Even as practices like GitOps and platform engineering gain traction, enterprises … More →

The post Kubernetes matures as AI and GitOps reshape operations appeared first on Help Net Security.

Anamarija Pogorelec

应急响应 | 使用D盾检查WebShell

不安全
9 months ago
本文详细讲解了WebShell的概念、分类及其检测原理,并介绍了D盾工具的功能与使用方法。通过实验步骤演示了如何利用D盾查杀WebShell并清除恶意脚本。

CVE-2025-38572 | Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 ipv6 /include/linux/skbuff.h ipv6_gso_segment privilege escalation (Nessus ID 261737 / WID-SEC-2025-1869)

Vuldb Updates
9 months ago
A vulnerability marked as problematic has been reported in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. Affected is the function ipv6_gso_segment in the library /include/linux/skbuff.h of the component ipv6. Performing manipulation results in privilege escalation. This vulnerability was named CVE-2025-38572. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-38564 | Linux Kernel up to 6.15.9/6.16.0 perf_mmap reference count (Nessus ID 260167 / WID-SEC-2025-1869)

Vuldb Updates
9 months ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.15.9/6.16.0. The impacted element is the function perf_mmap. Such manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2025-38564. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-38565 | Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 perf_mmap reference count (Nessus ID 260134 / WID-SEC-2025-1869)

Vuldb Updates
9 months ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. Impacted is the function perf_mmap. This manipulation causes improper update of reference count. This vulnerability is handled as CVE-2025-38565. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

AI needs ethics to avoid real-world harm

Help Net Security
9 months ago

In this Help Net Security video, Brittany Allen, Senior Trust and Safety Architect at Sift, explores how the rise of AI agents is creating new fraud risks. She explains how these agents, while designed to assist users, can unintentionally help fraudsters by carrying out tasks without recognizing malicious intent. Brittany also discusses why humans relying on AI may overlook classic red flags in online scams and how AI-driven activity disrupts established fraud detection patterns. As … More →

The post AI needs ethics to avoid real-world harm appeared first on Help Net Security.

Help Net Security

CVE-2025-38555 | Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 usb composite_dev_cleanup use after free (Nessus ID 260127 / WID-SEC-2025-1869)

Vuldb Updates
9 months ago
A vulnerability was found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 and classified as critical. This impacts the function composite_dev_cleanup of the component usb. The manipulation results in use after free. This vulnerability is cataloged as CVE-2025-38555. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

退休有助于改善心理健康,但并非人人如此

Solidot
9 months ago
退休有助于改善心理健康,但并非对人人有效。根据发表在《SSM - Mental Health》起上的一项新研究,在结束朝九晚五的工作后,退休对心理健康的影响取决于收入水平、所从事工作的性质以及离开职场的年龄。爱丁堡大学团队评估了荷兰 1583 名受访者的数据集,受访者已退休且未从事任何有偿工作,平均退休年龄 66-67 岁。结果显示:低收入群体——收入低于最低工资标准——退休期间心理健康水平最低,他们表现出了初期的改善,但约两年半后出现下降,呈现出倒 U 形特征,即所谓的“蜜月消退效应”;中等收入群体退休前的心理健康状况显著改善,之后略有提升;高收入群体在退休前后心理健康状况没有变化,但在退休后出现显著改善,其中较晚退休者改善较慢。

Situational Awareness & Family Safety: Staying Alert in Today’s World with Andy Murphy

Security Boulevard
9 months ago

Join the Shared Security Podcast for a critical discussion about situational awareness with special guest, Andy Murphy, host of the Secure Family Podcast. In a world where mass shootings and violence in public places are alarming realities, staying alert to your surroundings has never been more important. Andy shares his expertise on personal and family […]

The post Situational Awareness & Family Safety: Staying Alert in Today’s World with Andy Murphy appeared first on Shared Security Podcast.

The post Situational Awareness & Family Safety: Staying Alert in Today’s World with Andy Murphy appeared first on Security Boulevard.

Tom Eston

OpenID Foundation sets new standards for real-time security event sharing

Help Net Security
9 months ago

The OpenID Foundation (OIDF) has approved three Final Specifications, establishing the first global standards for real-time security event sharing across digital identity systems. The approved Final Specifications are: OpenID Shared Signals Framework 1.0 – Enables secure, real-time delivery of security events between any connected systems OpenID Continuous Access Evaluation Profile (CAEP) 1.0 – Defines how systems communicate session changes to maintain continuous security OpenID Risk Information Sharing and Coordination (RISC) 1.0 – Establishes standards for … More →

The post OpenID Foundation sets new standards for real-time security event sharing appeared first on Help Net Security.

Help Net Security

新型勒索软件HybridPetya可绕过UEFI安全启动 植入EFI分区恶意程序

嘶吼
9 months ago

近期发现的一款名为“HybridPetya”的勒索软件变种,能够绕过UEFI安全启动(UEFI Secure Boot)功能,在EFI系统分区中安装恶意程序。

HybridPetya的设计明显受2016至2017年间活跃的破坏性恶意软件Petya/NotPetya的启发——后者曾通过加密计算机数据阻止Windows启动,且未提供任何数据恢复途径。

网络安全公司ESET的研究人员在VirusTotal平台上发现了HybridPetya的样本,并指出该样本可能是一个研究项目、概念验证代码(proof-of-concept),或是仍处于有限测试阶段的网络犯罪工具早期版本。

即便如此,ESET强调,HybridPetya的出现与BlackLotus、BootKitty、Hyper-V后门等案例一样,再次证明具备“安全启动绕过”功能的UEFI引导工具包(bootkit)已构成真实威胁。

HybridPetya的技术特征与攻击流程

HybridPetya融合了Petya与NotPetya的特性,包括这两款早期恶意软件的界面风格与攻击链;此外,开发者还新增了两项关键功能:可植入EFI系统分区,以及能利用CVE-2024-7344漏洞绕过安全启动。

CVE-2024-7344漏洞由ESET于今年1月发现,该漏洞存在于微软签名的应用程序中——即便目标设备开启了安全启动保护,攻击者仍可利用该漏洞部署引导工具包。

HybridPetya的攻击流程如下:

执行逻辑

1. 环境检测与文件投放:启动后,首先判断主机是否采用“UEFI+GPT分区”架构,随后在EFI系统分区中植入包含多个文件的恶意引导工具包,包括配置文件、验证文件、修改后的引导程序、备用UEFI引导程序、漏洞利用载荷容器,以及用于跟踪加密进度的状态文件。

2. 关键文件替换与备份:ESET列出了已分析的HybridPetya变种所使用的核心文件:

1. \EFI\Microsoft\Boot\config:存储加密标识、密钥、随机数(nonce)及受害者ID;

2.\EFI\Microsoft\Boot\verify:用于验证解密密钥是否正确;

3.\EFI\Microsoft\Boot\counter:记录已加密簇(cluster)的进度;

4.\EFI\Microsoft\Boot\bootmgfw.efi.old:原始引导程序的备份文件;

5.\EFI\Microsoft\Boot\cloak.dat:在“安全启动绕过”变种中存储经XOR加密的引导工具包。  

同时,恶意软件会将\EFI\Microsoft\Boot\bootmgfw.efi替换为存在漏洞的“reloader.efi”,并删除\EFI\Boot\bootx64.efi;原始Windows引导程序会被保留,以便受害者支付赎金后恢复系统时激活。

3. 系统中断与加密执行:部署完成后,HybridPetya会触发蓝屏(BSOD)并显示伪造错误信息(与Petya的手法一致),强制系统重启;重启后,恶意引导工具包随之执行,随后勒索软件会从config文件中提取Salsa20密钥与随机数,对所有主文件表(MFT)簇进行加密,同时显示伪造的磁盘检查(CHKDSK)消息(模仿NotPetya的特征)。

虚假CHKDSK消息

4. 赎金索取:加密完成后,系统再次重启,受害者在启动阶段会看到赎金通知,要求支付1000美元比特币;作为交换,攻击者会提供一个32字符的密钥——受害者在赎金通知界面输入该密钥后,系统会恢复原始引导程序、解密已加密簇,并提示用户重启电脑。

HybridPetya的勒索信

风险提示与防御建议

目前尚未观察到HybridPetya在野外发起实际攻击,但类似项目随时可能将这一概念验证代码武器化,针对未打补丁的Windows系统发起大规模攻击。

目前,微软已在2025年1月的周二补丁日中修复了CVE-2024-7344漏洞,因此安装了该补丁或后续安全更新的Windows系统可抵御HybridPetya攻击。

此外,防范勒索软件的另一重要措施是:定期对核心数据进行离线备份,确保系统可免费且便捷地进行恢复。

胡金鱼

Managed ad