Aggregator

A vulnerability, which was classified as critical, was found in IrfanView. This affects an unknown part of the component RLE File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-11518. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in IrfanView. Affected by this issue is some unknown functionality of the component JPM File Parser. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-11517. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in IrfanView. Affected by this vulnerability is an unknown functionality of the component JPM File Parser. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-11515. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IrfanView. Affected is an unknown function of the component ECW File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-11514. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

近年来，与朝鲜黑客有关的网络犯罪活动不断升级，其独创的“IT就业计划”成为国际社会关注的焦点。 根据网络安全公司SentinelOne和Palo Alto Networks Unit 42的研究，朝鲜黑客利用虚假身份和前线（空壳）公司，大规模渗透全球技术行业以获取资金，支持朝鲜的武器研发及核导弹项目。这种活动不仅涉及伪造身份获取工作，还通过复杂的技术攻击扩大其威胁范围。 朝鲜“IT就业计划”的全貌 朝鲜黑客组织通过全球范围的“笔记本农场”（由目标企业所在国家的公民运营的远程办公环境）计划，组织大量IT人员以个体身份或通过伪装的公司获取技术行业的远程办公就业机会。这些人员通过在线支付平台或第三国银行账户，将绝大部分收入返回朝鲜，为其核武器和导弹项目提供资金支持。其主要运作模式如下： 1.虚假前线公司：朝鲜黑客利用俄罗斯、东南亚等地的公司掩盖其身份，伪装成“外包开发”或“技术咨询”公司。 2.伪造网站：研究发现，这些前线公司的网站通常直接复制合法公司的内容和设计。 Independent Lab LLC仿制美国公司Kitrum Shenyang Tonywang Technology LTD仿制Urolime Tony WKJ LLC仿制印度的ArohaTech IT Services HopanaTech仿制ITechArt 这些前线公司通过知名域名注册商NameCheap注册，并冒充技术服务商获取合同。（这些虚假网站已在2024年10月被美国政府查封） 渗透美国企业的案例 打入KnowBe4 朝鲜黑客出海最知名的案例莫过于成功打入了知名美国网络安全公司KnowBe4。朝鲜黑客利用“笔记本农场”计划成功通过了KnowBe4的多轮面试。此类出海黑客不仅通过伪造的身份获取该公司的外包工作，还窃取了内部凭证以申请更多高价值职位。这也标志着朝鲜威胁组织的战略转变：从单纯的收入获取，逐步转向更具破坏性的内鬼威胁和恶意软件攻击。 Wagemole计划与Contagious Interview Unit 42的报告显示，朝鲜的一组活动集群（代号CL-STA-0237）结合钓鱼攻击和恶意视频会议应用程序传播BeaverTail恶意软件。这一行为表明，朝鲜威胁组织正在将伪装的IT工作者转变为更激进的攻击角色，其主要攻击方式如下： 攻击路径：通过冒充IT公司发送求职邮件，使用被感染的面试工具部署恶意软件。 混入企业：研究发现，该集群通过伪装成为一家美国中小型IT服务公司的员工，进而成功申请大型技术企业的职位，扩大其影响力。 朝鲜“黑客出海”攻击特点 Sentinal在报告中指出，朝鲜的这一战略不仅为其武器研发项目提供了稳定的资金来源，还对全球网络安全构成重大威胁。以下是朝鲜网络攻击行为的几大特点： 1高度组织化 伪造身份：通过制作虚假的护照和学历证明，伪装成受过高等教育的IT专业人士。 利用全球化漏洞：从中国到东南亚，这些黑客通过复杂的前线网络隐藏其实际来源。 2逐步扩展的攻击目标 初期目标：以低门槛的外包工作获取收入。 扩展目标：通过窃取内部凭证，参与数据窃取、恶意软件分发和供应链攻击。 3协同发展 跨国合作：利用他国公司掩护，规避国际制裁。 与其他威胁集群联动：如Contagious Interview集群，扩展了传统钓鱼攻击的深度。 如何防御“黑客出海”？ 鉴于黑客出海务工行为的复杂性和隐蔽性，企业需加强以下防御措施： 1严格的身份验证 在招聘流程中对候选人的背景和身份进行更严格的审查，验证其身份真实性。 引入先进的自动化工具以交叉检查简历信息的可信度。 2强化供应链安全 对所有外包合作伙伴进行风险评估，确保其合规性。 监控供应链中的异常行为，避免被恶意行为者利用。 3多层次威胁检测 实施先进的威胁情报系统，实时检测可疑的网络活动。 对内部凭证和访问权限进行定期审查，防止被滥用。 4提高员工意识 针对潜在钓鱼攻击和伪造身份行为，对员工开展培训。 定期更新安全策略，以应对不断变化的威胁。 总结：“黑客出海”不是朝鲜的专利 通过“笔记本农场”计划，朝鲜黑客组织将网络攻击与经济渗透相结合，展现出高度的适应性和创新性。从冒充IT工作者到恶意软件攻击，其目标从简单的资金获取扩大到企业供应链安全和国家基础设施。 最后，“黑客出海”的威胁绝不仅仅是朝鲜的“专利”，任何黑客组织都可能模仿朝鲜黑客渗透对手国家的重要企业和项目，企业和政府需要重视并加强对该威胁的防御措施。     转自GoUpSec，原文链接：https://mp.weixin.qq.com/s/6UuOfmnkt3mX6sgNJtr9RA 封面来源于网络，如有侵权请联系删除

A vulnerability was found in IrfanView. It has been rated as critical. This issue affects some unknown processing of the component JPM File Parser. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-11516. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IrfanView. It has been declared as critical. This vulnerability affects unknown code of the component ECW File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-11513. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IrfanView. It has been classified as critical. This affects an unknown part of the component SVG File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-11509. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

星火平台 在当今数字化飞速发展的时代，电子数据已全面渗透到人们的日常生活中，涵盖通信、交易、出行等方方面面，成 […]

A vulnerability was found in IrfanView and classified as critical. Affected by this issue is some unknown functionality of the component DXF File Parser. The manipulation leads to type confusion. This vulnerability is handled as CVE-2024-11508. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IrfanView and classified as critical. Affected by this vulnerability is an unknown functionality of the component DXF File Parser. The manipulation leads to type confusion. This vulnerability is known as CVE-2024-11507. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Зловред Jarka использовал PyPI для глобальной атаки.

巴基斯坦最近部署了国家防火墙，导致的一个结果网速大幅减慢。巴基斯坦科技游说组织 IT Industry Association(P@SHA)警告，此举将会重创 IT 行业。为了增加科技服务出口，巴基斯坦鼓励自由职业者在海外平台打零工，为了支持网络零工，它还提出免税期、补贴宽带和医保等种种设想。但网速变慢严重影响了 IT 自由职业者和需要网络服务的 IT 企业。P@SHA 警告，政府的政策可能会导致企业倒闭和财务损失，损害 IT 出口。

Спецслужбы прекратили работу преступного маркетплейса.

新闻速览 •三部门联合开展2024年度北京市汽车数据安全管理情况等报送工作 •《网络安全标准实践指南——粤港澳 […]

数据安全，刻不容缓 在数字化转型的浪潮下，数据已成为各行业的核心驱动力和新型生产要素。从海量的业务数据中挖掘价 […]

如何使用Ray/RayData构建Audio/Video数据处理Pipeline，以及在大规模不稳定资源上运行RayData所做的优化工作。

A vulnerability, which was classified as critical, was found in Luxion KeyShot. Affected is an unknown function of the component 3DS File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-11576. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Luxion KeyShot. This issue affects some unknown processing of the component SKP File Parser. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-11577. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.