Aggregator

CVE-2022-2309 | libxml2 2.9.10/2.9.11/2.9.12/2.9.13/2.9.14 lxml null pointer dereference (Nessus ID 211245)

3 months 1 week ago

A vulnerability marked as problematic has been reported in libxml2 2.9.10/2.9.11/2.9.12/2.9.13/2.9.14. The impacted element is an unknown function of the component lxml. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2022-2309. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

vuldb.com

CVE-2022-0028 | Palo Alto PAN-OS URL Filter amplification

Vuldb Updates

3 months 1 week ago

A vulnerability described as problematic has been identified in Palo Alto PAN-OS. This impacts an unknown function of the component URL Filter. Executing manipulation can lead to insufficient control of network message volume. This vulnerability is registered as CVE-2022-0028. It is possible to launch the attack remotely. Furthermore, an exploit is available.

vuldb.com

Beat Threats with Context: 5 Actionable Tactics for SOC Analysts

Cyber Security News

3 months 1 week ago

Security teams drown in alerts but starve for insight. Blocklists catch the obvious. SIEM correlation gives clues. But only context reveals what an alert really means, and what you should do about it. Every SOC sees thousands of signals: odd domains, masquerading binaries, strange persistence artifacts. On their own, these indicators mean almost nothing. A suspicious […]

The post Beat Threats with Context: 5 Actionable Tactics for SOC Analysts appeared first on Cyber Security News.

Balaji N

Конкуренты спасают конкурентов: Google DeepMind нашёл 5 дыр в Safari через AI Big Sleep

Securitylab.ru

3 months 1 week ago

Apple пришлось официально благодарить и выпустить экстренные обновления для всех устройств.

Update on Attacks by Threat Group APT-C-60

JPCERT/CCブログ英語版

3 months 1 week ago

In JPCERT/CC Eyes, we previously reporte...

増渕維摩(Yuma Masubuchi)

Cyber Deception: BUDA Framework Automates Realistic User Behavior to Trap Attackers

Penetration Testing Tools - Metepreter.org

3 months 1 week ago

Behavioral User-driven Deceptive Activities Framework (BUDA) is a cutting-edge solution designed to enhance deception operations in cybersecurity by

The post Cyber Deception: BUDA Framework Automates Realistic User Behavior to Trap Attackers appeared first on Penetration Testing Tools.

ddos

CVE-2023-20198

CVE Trends

3 months 1 week ago

Currently trending CVE - Hype Score: 9 - Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two ...

AI Backdoor: SesameOp Malware Uses OpenAI API as Covert Command-and-Control Channel

Penetration Testing Tools - Metepreter.org

3 months 1 week ago

Microsoft has uncovered a new strain of malware, dubbed SesameOp, and released detailed findings on its operation. This

The post AI Backdoor: SesameOp Malware Uses OpenAI API as Covert Command-and-Control Channel appeared first on Penetration Testing Tools.

ddos

China Chip Power: Huawei Unveils Qingyun Desktops with New Kirin 9000X & Linux OS

Penetration Testing Tools - Metepreter.org

3 months 1 week ago

Huawei has unveiled two new desktop PCs for the Chinese domestic market — the Qingyun W515y and Qingyun

The post China Chip Power: Huawei Unveils Qingyun Desktops with New Kirin 9000X & Linux OS appeared first on Penetration Testing Tools.

ddos

XLoader Malware Analyzed Using ChatGPT’s, Breaks RC4 Encryption Layers in Hours

Cyber Security News

3 months 1 week ago

XLoader remains one of the most challenging malware families confronting cybersecurity researchers. This sophisticated information-stealing loader emerged in 2020 as a rebrand of FormBook and has evolved into an increasingly complex threat. The malware’s code decrypts only at runtime and sits protected behind multiple encryption layers, each locked with different keys hidden throughout the binary. […]

The post XLoader Malware Analyzed Using ChatGPT’s, Breaks RC4 Encryption Layers in Hours appeared first on Cyber Security News.

Tushar Subhra Dutta

Digital Highwaymen: Hackers Use RMM Tools to Hijack Physical Cargo Shipments

Penetration Testing Tools - Metepreter.org

3 months 1 week ago

Cybercriminals have discovered a way to exploit digital tools to steal tangible goods from trucks and warehouses. According

The post Digital Highwaymen: Hackers Use RMM Tools to Hijack Physical Cargo Shipments appeared first on Penetration Testing Tools.

ddos

NightSpire

Dark Feed IO

3 months 1 week ago

You must login to view this content

cohenido

DeFi Disaster: Hackers Steal $120 Million in ETH from Balancer Protocol in Massive Breach

Penetration Testing Tools - Metepreter.org

3 months 1 week ago

Hackers have breached the DeFi protocol Balancer, stealing over $120 million worth of cryptocurrency. Analysts estimate that roughly

The post DeFi Disaster: Hackers Steal $120 Million in ETH from Balancer Protocol in Massive Breach appeared first on Penetration Testing Tools.

ddos

Qilin

Dark Feed IO

3 months 1 week ago

You must login to view this content

cohenido

Open VSX代码仓库泄露访问令牌引发供应链攻击恶意扩展程序被植入

嘶吼

3 months 1 week ago

目前，Open VSX代码仓库已轮换访问令牌——此前开发者在公共代码库中意外泄露了这些令牌，导致威胁者得以通过供应链攻击发布恶意扩展程序。

此次泄露由Wiz公司研究人员于两周前发现，他们当时报告称，微软VSCode和Open VSX应用市场共暴露了550余个敏感信息。

据悉，其中部分敏感信息可用于访问下载量达15万次的项目，使威胁者能够上传恶意版本的扩展程序，造成严重的供应链安全风险。

Open VSX由Eclipse基金会主导开发，是微软Visual Studio应用市场的开源替代方案，后者为VSCode集成开发环境（IDE）提供扩展程序。 Open VSX作为社区驱动的代码仓库，提供与VSCode兼容的扩展程序，供无法使用微软平台的人工智能驱动衍生工具（如Cursor和Windsurf）使用。

GlassWorm恶意软件 campaign

泄露的部分令牌在数日后被用于一场名为“GlassWorm”的恶意软件攻击活动。Koi Security研究人员报告称，GlassWorm将一款自我传播型恶意软件隐藏在不可见的Unicode字符中，试图窃取开发者凭证，并在所有可触及的项目中引发连锁性数据泄露。这些攻击还针对49个扩展程序中的加密货币钱包数据，表明攻击者的动机可能是获取经济利益。

Open VSX团队及Eclipse基金会发布博客文章回应此次攻击活动与令牌泄露事件，称GlassWorm实际上并不具备自我复制能力，但确实以开发者凭证为攻击目标。

Open VSX团队澄清道：“涉事恶意软件旨在窃取开发者凭证，进而扩大攻击者的影响范围，但它不会自主通过系统或用户设备传播。”报告中提到的3.58万次下载量高估了实际受影响用户数量，其中包含攻击者利用机器人和提升曝光度的手段制造的虚假下载量。”

尽管如此，事件在接到通知后迅速得到控制。截至10月21日，所有恶意扩展程序已从Open VSX代码仓库中移除，相关访问令牌也已完成轮换或撤销。

Open VSX目前已确认，事件已完全得到控制，无持续影响，且计划实施额外安全措施以防范未来攻击。

四、后续安全强化措施

此次将实施的安全增强措施如下：

1. 缩短令牌有效期，降低泄露后的影响范围；

2. 推出更快速的泄露凭证撤销流程；

3. 扩展程序发布时进行自动化安全扫描；

4. 与VSCode及其他应用市场合作，共享威胁情报。

需要注意的是，有媒体向Eclipse基金会发送邮件，询问总共轮换了多少个令牌，但截至目前尚未收到回应。

与此同时，Aikido公司报告称，GlassWorm背后的同一批威胁者已转向GitHub平台，他们采用相同的Unicode隐写术技巧隐藏恶意负载。

研究人员表示，该攻击活动已扩散至多个代码仓库，其中大部分集中在JavaScript项目。此次转向GitHub表明，该威胁仍在活跃，在被曝光后迅速在开源生态系统中转移攻击目标。

胡金鱼

Ловушка спецслужб с отложенным действием: после AN0M любой мессенджер может стать новым "Троянским конем"

Securitylab.ru

3 months 1 week ago

"Защищенный" мессенджер с бэкдором продолжает помогать полиции арестовывать преступников спустя 4 года после закрытия.

Open VSX代码仓库泄露访问令牌引发供应链攻击恶意扩展程序被植入

不安全

3 months 1 week ago

嗯，用户让我总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”这样的开头。好的，我先看看文章讲的是什么。文章主要讲的是Open VSX代码仓库泄露了访问令牌，导致供应链攻击。攻击者利用这些令牌上传恶意扩展程序，使用Unicode隐写术隐藏恶意负载。攻击的目标是窃取开发者凭证和加密货币钱包数据。后来Open VSX团队迅速处理了问题，移除了恶意程序，并轮换了令牌。他们还计划加强安全措施，比如缩短令牌有效期、自动化安全扫描等。现在我要把这些要点浓缩到100字以内。首先提到泄露和攻击，然后是攻击手段和目标，接着是处理措施和后续安全措施。确保语言简洁明了。可能的结构：Open VSX因访问令牌泄露遭供应链攻击，恶意扩展程序使用Unicode隐写术窃取凭证和加密货币数据。事件已控制，移除恶意程序并轮换令牌，计划加强安全措施。这样应该在100字以内了。 Open VSX因访问令牌泄露遭供应链攻击，恶意扩展程序使用Unicode隐写术窃取开发者凭证和加密货币钱包数据。事件已控制，恶意程序被移除，令牌轮换完成，并计划加强安全措施以防范未来攻击。