Aggregator

威胁猎人监测发现，2025年消费贷黑产包装骗贷激增，手法专业、团伙化趋势明显，部分产品遭有组织攻击，风险等级已达预警阈值！

三菱電機製MELSOFT Update Managerには、当該製品に搭載している7-Zipに起因する複数の脆弱性が存在します。

三菱電機製MELSEC iQ-Fシリーズには、誤ったパスワードでのログインを連続試行されることで、サービス運用妨害（DoS）状態を引き起こされる可能性があります。

The Paris Prosecutor’s Office has announced the arrest in Ukraine of an alleged administrator of the Russian-language forum XSS.is, a site long recognized as one of the largest hubs of the cybercriminal underworld. The...

The post Kingpin of Notorious XSS.is Cybercrime Forum Arrested in Ukraine After Europol-Led Sting appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 清洁用品巨头高乐氏（Clorox）已起诉其委托运营IT服务热线的承包商高知特（Cognizant），指控后者直接导致了2023年造成数亿美元损失的网络攻击事件。 本周二在加利福尼亚州高等法院提交的诉讼文件显示，为高乐氏提供服务的高知特承包商多次向黑客移交关键登录信息，致使公司系统遭入侵并引发运营瘫痪。高知特作为协助企业实施业务流程技术化的大型专业服务公司，尚未回应置评请求。 高乐氏指控高知特“其失职行为直接引发了2023年8月的网络攻击，并对公司业务运营造成重大破坏”。公司宣称因此遭受3.8亿美元损失，要求高知特承担该赔偿金额及惩罚性损害赔偿。高乐氏指出，其明确规定的密码重置政策屡遭高知特客服人员无视。 “高乐氏将保护企业系统的关键职责托付给高知特——而他们彻底搞砸了，”高乐氏外部法律顾问玛丽·罗斯·亚历山大表示，“高知特不仅玩忽职守，更是将企业网络密钥拱手交给臭名昭著的网络犯罪团伙，公然漠视高乐氏的政策与长期建立的网络安全标准。通话录音完整记录了整个过程，这种行为无可辩驳。” 高知特发言人则将责任归咎于高乐氏，称“像高乐氏这种规模的企业竟拥有如此低效的内部网络安全系统来抵御攻击，令人震惊”。该发言人强调：“高知特仅承担有限的热线服务范畴，且已合理履行义务。我们并未负责高乐氏的网络安全事务。” 诉讼文件中，高乐氏提供了黑客与客服热线的通话记录文本——显示网络犯罪分子曾多次致电要求重置密码，却始终无需身份验证或证明其员工身份。2023年8月，高乐氏因网络攻击被迫关闭系统，并向联邦监管机构报告称业务运营受阻，不得不采取变通方案维持客户产品供应。 该公司遭遇持续数月的运营故障，部分IT基础设施遭破坏导致“大规模瘫痪”。依靠旗下明星清洁产品及Pine Sol、Burt’s Bees等品牌创造数十亿美元收入的高乐氏，在攻击后被迫恢复人工订单处理流程。由于订单处理效率骤降，其产品在零售渠道持续缺货。攻击事件后六个月内，公司出货量减少导致销售额下降6%，同时需斥资聘请咨询机构、IT恢复团队及取证专家进行事件调查与修复。高乐氏声称已投入4900万美元修复损失，并蒙受数亿美元业务损失。最新财报显示，公司近期获得与网络攻击相关的1亿美元保险理赔。 社会工程攻击全流程还原 诉讼文件描绘了高知特员工的重大失职行为（该公司运营高乐氏热线逾十年），同时详述了网络安全专家指出的、犯罪分子日益猖獗的社会工程手段。高乐氏员工通常通过高知特服务台进行密码找回或账户设备重置。公司明确要求服务商“重置凭证前必须严格验证身份”，但2023年8月11日，犯罪分子致电索取网络访问凭证时，“高知特直接交出了权限”。 “录音显示，高知特在未验证身份的情况下，将高乐氏企业网络密钥交给了网络罪犯，”高乐氏律师控诉，“犯罪分子利用当日通过类似通话获取的凭证发动攻击，致使高乐氏企业网络瘫痪、业务运营陷入困境。” 高乐氏透露，其内部服务台经理每周与印孚瑟斯团队管理人员开会强调规则制度。2023年1月，公司更新指引要求客服人员使用身份验证工具MyID；若该工具不可用，则需核实致电者直属经理姓名及账户名。 黑客当时要求重置某员工的Okta账户密码。客服人员虽建议其连接公司虚拟专用网络（VPN），但在黑客声称忘记VPN密码后，该人员直接重置了两套系统密码，“完全违反高乐氏凭证支持流程”。当黑客声称微软多因素认证（MFA）失效时——高乐氏认为这应触发警报——客服却在未验证身份的情况下直接重置了MFA。同日，黑客二次致电要求重复重置微软MFA，该要求再度获准。第三次通话中，黑客再次要求重置Okta凭证，客服仍无任何身份核验即执行操作。黑客进而要求将账户MFA验证手机号变更，客服依旧照办。 “整个过程中，客服从未验证致电者确系该员工本人，也从未遵守高乐氏的凭证支持流程——无论是2023年前旧规还是新规，”公司律师指出，“客服既未向员工及其经理发送密码重置通知邮件，也未执行任何身份核验程序。” 犯罪分子利用重置凭证登录网络窃取信息，进而锁定另一名IT安全部门员工故技重施。通过两次致电，黑客再度获取该员工Okta及微软系统的MFA密码重置权限。此账户使黑客获得高乐氏网络特权访问权限。公司三小时后察觉入侵并试图遏制，但最终被迫全面关闭系统、暂停生产线，转为依赖人工处理订单。 诉讼文件关键部分经编辑处理，高乐氏未确认是否遭受勒索软件攻击。目前尚无网络犯罪组织宣称对此事件负责。       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章描述了错误代码521的含义及其在网络连接中的常见原因，并提供了相应的解决方法。

Open-source software forms the bedrock of today’s digital infrastructure, powering 77% of all applications and valued at over $12 trillion. Yet its widespread adoption renders it an increasingly attractive target for supply chain attacks,...

The post Google Launches OSS Rebuild: A New Weapon Against Open-Source Supply Chain Attacks appeared first on Penetration Testing Tools.

Microsoft has confirmed that three China-linked threat groups were behind the recent wave of attacks targeting on-premises SharePoint Server installations. According to the company’s report, since early July, the vulnerabilities identified as CVE-2025-53770 and...

The post Microsoft Confirms China-Backed APTs Actively Exploiting SharePoint Zero-Days (CVE-2025-53770, -53771) appeared first on Penetration Testing Tools.

A vulnerability, which was classified as problematic, was found in IBM Security Verify Access Appliance and Security Verify Access Container up to 10.0.8. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-35138. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A newly uncovered malicious campaign involving the infostealer DeerStealer has been identified by researchers at ANY.RUN. Threat actors are employing a sophisticated tactic—combining Windows shortcut files (LNK) with trusted system utilities known as Living-off-the-Land...

The post DeerStealer: New Malware Uses Stealthy LNK & LOLBins for Undetectable Data Theft appeared first on Penetration Testing Tools.

In 2023, one of the United Kingdom’s oldest transport companies—established 158 years ago—declared bankruptcy following a devastating ransomware attack. The cyber assault brought the operations of Knights of Old (also known as KNP) to...

The post Weak Password Destroys 158-Year-Old UK Transport Company: Akira Ransomware Claims 700 Jobs appeared first on Penetration Testing Tools.

最近在学习USB通信相关的知识，联想到Ai8051有usb，也有40M主频，能不能模拟网上24M那种赛普拉斯单片机的逻辑分析仪呢。

当前环境异常,需完成验证后方可继续访问。

无线充电联盟WPC宣布Qi2 25W充电选项已获支持，并将应用于即将发布的安卓旗舰机和谷歌Pixel 10系列，缩短充电时间。

A vulnerability classified as problematic was found in Squished Mosquito Escapade Scripting Engine. Affected by this vulnerability is an unknown functionality. The manipulation of the argument PAGE leads to basic cross site scripting. This vulnerability is known as CVE-2003-0763. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Squished Mosquito Escapade Scripting Engine. Affected by this issue is some unknown functionality of the component Error Message Handler. The manipulation of the argument PAGE leads to information disclosure. This vulnerability is handled as CVE-2003-0764. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Ipswitch WS_FTP Server 3.x/4.x. Affected is an unknown function. The manipulation as part of APPE/STAT Command leads to memory corruption. This vulnerability is traded as CVE-2003-0772. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Ikonboard 3.1.1/3.1.2a. It has been rated as critical. Affected by this issue is some unknown functionality of the file FUNC.pm of the component Cookie Handler. The manipulation of the argument lang leads to memory corruption. This vulnerability is handled as CVE-2003-0770. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Sun MySQL up to 3.0.57/4.0.14. This affects an unknown part of the component Password Field Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2003-0780. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows NT 4.0/2000/XP/Server 2003 and classified as critical. This vulnerability affects unknown code of the component RPC/DCOM Object Identity. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2004-0124. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.