Aggregator

A vulnerability classified as critical was found in Totolink A3300R 17.0.0cu.557_B20221024. This vulnerability affects the function setDdnsCfg. The manipulation of the argument Username leads to command injection. This vulnerability was named CVE-2024-23059. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in PMB 7.4.8. Affected by this issue is some unknown functionality of the file start_import.php. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2023-46474. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Hozard Alarm System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2023-50126. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in Atlassian Confluence Data Center and Confluence Server. It has been rated as critical. Affected by this issue is some unknown functionality of the component Environment Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-21673. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HCL BigFix OSD Bare Metal Server WebUI up to 311.19 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-37523. The attack may be launched remotely. There is no exploit available.

APT-C-53利用军事情报相关文件为诱饵的攻击行动分析；APT28黑客攻击北约组织窃取敏感数据；Bitter针对巴基斯坦电信有限公司发起攻击；APT36和Sidecopy攻击印度关键基础设施；摩诃草攻击武器复用肚脑虫基础设施

HackerNews 编译，转载请注明出处： 两个恶意 RubyGems 包伪装成流行的 Fastlane CI/CD 插件，将 Telegram API 请求重定向到攻击者控制的服务器以拦截和窃取数据 RubyGems 是 Ruby 编程语言的官方包管理器，用于分发、安装和管理 Ruby 库（gems），类似于 JavaScript 的 npm 和 Python 的 PyPI。这些恶意包会拦截敏感数据，包括聊天 ID 和消息内容、附件文件、代理凭证，甚至是可以用于劫持 Telegram 机器人的 Bot Token。 该供应链攻击由 Socket 安全研究人员发现，他们已通过报告向 Ruby 开发者社区发出风险警告。 这两个仿冒 Fastlane 插件的恶意包目前在 RubyGems 上仍然可用，名称如下： fastlane-plugin-telegram-proxy：发布于 2025 年 5 月 30 日，已被下载 287 次。 fastlane-plugin-proxy_teleram：发布于 2025 年 5 月 24 日，已被下载 133 次。 Fastlane 是一个合法的开源插件，作为移动应用开发者的自动化工具。它用于代码签名、编译构建、应用商店上传、通知发送和元数据管理。 fastlane-plugin-telegram 是一个合法的插件，允许 Fastlane 通过 Telegram Bot 在指定频道发送通知。这对于需要在 Telegram 工作区中实时获取 CI/CD 管道更新状态的开发者非常有用，使他们无需频繁检查仪表板即可跟踪关键事件。 Socket 发现的恶意 gem 与合法插件几乎完全相同，具有相同的公共 API、自述文件、文档和核心功能。 唯一但至关重要的区别在于，它们将合法的 Telegram API 端点 (https://api.telegram.org/) 替换为攻击者控制的代理端点 (rough-breeze-0c37[.]buidanhnam95[.]workers[.]dev)，从而拦截（并且很可能收集）敏感信息。 窃取的数据包括： Bot Token 消息数据 任何上传的文件 配置的代理凭证（如果配置了的话） 攻击者有充分的利用和持久化机会，因为 Telegram Bot Token 在受害者手动撤销之前一直有效。 Socket 指出，这些 gem 的页面声称代理“不存储或修改您的 Bot Token”，但无法验证这一说法。“Cloudflare Worker 脚本不可公开查看，威胁行为者完全有能力记录、检查或篡改传输中的任何数据，”Socket 解释道。“使用此代理，结合仿冒可信的 Fastlane 插件，清楚地表明其意图是在正常 CI 行为的幌子下窃取 Token 和消息数据。此外，威胁行为者尚未公开 Worker 的源代码，使其实现完全不透明。” 建议措施： 立即移除： 已安装这两个恶意 gem 的开发者应立即将其移除。 重建二进制文件： 重建自安装该恶意 gem 日期后生成的任何移动应用二进制文件。 轮换 Bot Token： 所有与 Fastlane 一起使用过的 Bot Token 都应立即轮换（因为它们已被泄露）。 网络屏蔽： Socket 还建议屏蔽到 *.workers[.]dev 的流量，除非明确需要。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Yak.exe滥用作C2木马 免杀360火绒内存扫描

A vulnerability was found in Apple macOS. It has been rated as problematic. This issue affects some unknown processing of the component DesktopServices. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2023-40433. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple macOS. Affected is an unknown function of the component Find My. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-40437. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as problematic. Affected is an unknown function of the component WebKit. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-42866. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Security. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-42831. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS and classified as problematic. Affected by this vulnerability is an unknown functionality of the component crontabs. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-42828. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple macOS. Affected by this issue is some unknown functionality of the component AppleMobileFileIntegrity. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2023-42872. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple iOS and iPadOS. This issue affects some unknown processing of the component Web Contents Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2023-42866. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple watchOS. Affected is an unknown function of the component Web Contents Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2023-42866. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Safari and classified as critical. Affected by this vulnerability is an unknown functionality of the component Web Contents Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2023-42866. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been rated as critical. This issue affects some unknown processing of the component App. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2023-38612. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple iOS and iPadOS. Affected is an unknown function. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2023-40437. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS up to 16.x. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-40529. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.