Aggregator

强势围观！

由于环境异常，请完成验证以继续访问。

穿透DOM堡垒：三重绕过技术实现数据外泄

文章讲述了乐队背后的艰辛与坚持。大多数乐队默默无闻，设备简陋，排练时间有限。尽管投入大量时间和精力，回报却微薄。有人因各种原因离开，乐队解散如玻璃杯摔碎无声。Power Milk乐队在低谷后重聚，并通过众筹成功发行专辑《今晚大劳苦》，传递不完美中的美好与坚持。

丹麦信贷机构因服务器配置错误泄露瑞典数亿条个人信息和企业数据，包含财务记录等敏感信息，后被锁定。

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.66/6.12.5. Affected by this vulnerability is an unknown functionality of the component ALSA. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2024-56657. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been rated as problematic. Affected by this issue is the function ocfs2_get_init_inode. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2024-56630. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. Affected is the function ksmbd_vfs_stream_read of the file ksmbd.conf of the component Setting Handler. The manipulation of the argument streams_xattr leads to out-of-bounds read. This vulnerability is traded as CVE-2024-56627. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.4. Affected is the function iommufd_fault_alloc in the library lib/refcount.c. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2024-56624. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.15.173/6.1.119/6.6.65/6.12.4. This affects the function can_set_termination in the library /drivers/gpio/gpiolib.c. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2024-56625. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4. This affects the function dpc_thread of the file mm/slub.c. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56623. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4 and classified as critical. Affected by this vulnerability is the function ksmbd_vfs_stream_write of the file ksmbd.conf. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-56626. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.4. This issue affects the function ufshcd_remove of the component scsi. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-56621. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been declared as critical. This vulnerability affects the function nilfs_find_entry. The manipulation leads to use after free. This vulnerability was named CVE-2024-56619. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.4 on Dahlia. This affects an unknown part of the component pmdomain. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-56618. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The Dropping Elephant advanced persistent threat group has launched a sophisticated cyber-espionage campaign targeting Turkish defense contractors, particularly companies manufacturing precision-guided missile systems. This malicious operation represents a significant evolution in the group’s capabilities, employing a complex five-stage execution chain that cleverly disguises malicious payloads as legitimate conference invitations related to unmanned vehicle systems. The […]

The post Elephant APT Group Attacking Defense Industry Leveraging VLC Player, and Encrypted Shellcode appeared first on Cyber Security News.

错误代码521通常与Cloudflare服务相关，表示服务器未能正确配置或响应请求。常见原因包括服务器配置错误、网络连接问题或DDoS攻击。解决方法包括检查服务器配置、联系托管提供商或暂时禁用Cloudflare以排查问题。

HackerNews 编译，转载请注明出处： 安全研究人员确认，新型Coyote银行木马成为首个在真实攻击中滥用微软UI自动化框架（UIA）的恶意软件。该木马锁定75家银行及加密货币平台用户，主要针对巴西地区，通过UIA技术窃取登录凭证，验证了Akamai在2024年12月提出的技术预警。 攻击流程剖析 目标识别 木马首先比对活动窗口标题与预设的75家金融机构/交易所地址列表。若未匹配，则启动UIA框架深度扫描浏览器标签页及地址栏内容。 凭证窃取 UIA技术滥用：利用微软为辅助工具设计的合法框架，解析其他应用程序的UI子元素，无需了解目标程序内部结构即可提取隐藏数据。 离线下操作：即使无网络连接，仍可持续执行检测流程，大幅提升攻击成功率。 攻击升级 除窃取数据外，攻击者可操纵UI元素实施隐蔽攻击，例如篡改浏览器地址栏诱导用户跳转钓鱼网站，或通过最小化视觉痕迹实施定向重定向。 技术演变与影响 历史背景：2024年2月首次发现的Coyote木马原以键盘记录和钓鱼覆盖层攻击拉美金融机构，新变种则通过UIA绕过端点检测与响应（EDR）工具的监控。 攻击范围扩展：目标金融机构从今年1月的73家增至75家，涵盖传统银行与加密货币平台。 多重窃密手段：同步采用键盘记录、屏幕截图及覆盖虚假界面等传统手法，形成复合攻击链。 防御建议 监控异常行为：检测陌生进程加载UIAutomationCore.dll的行为，追踪以UIA_PIPE_开头的命名管道活动。 威胁狩猎：使用osquery工具标记与UIA框架交互的可疑进程，部署专业威胁监测服务识别异常UIA活动。 风险认知：Akamai强调UIA滥用可能成为新型攻击向量，需警惕其被广泛利用的趋势。       消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A malicious pull request slipped through Amazon’s review process and into version 1.84.0 of the Amazon Q extension for Visual Studio Code, briefly arming the popular AI assistant with instructions to wipe users’ local files and AWS resources. The rogue code discovered included a system prompt directing the agent to “restore the system to a […]

The post Hackers Injected Destructive System Commands in Amazon’s AI Coding Agent appeared first on Cyber Security News.

Itch.io因支付系统压力隐藏并禁止浏览成人游戏，后续将删除不符合规则的成人游戏。此问题与Steam相同，平台需确保合规以免被断开支付。