Aggregator

Учёные обнаружили лингвистический барьер, который технологии пока не в силах преодолеть.

A cluster of fraudulent domains impersonating Egyptian providers have been identified linked to Smishing Triad operations

Session4A: IoT Security

Authors, Creators & Presenters: Hangtian Liu (Information Engineering University), Lei Zheng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Shuitao Gan (Laboratory for Advanced Computing and Intelligence Engineering), Chao Zhang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zicong Gao (Information Engineering University), Hongqi Zhang (Henan Key Laboratory of Information Security), Yishun Zeng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zhiyuan Jiang (National University of Defense Technology), Jiahai Yang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University)

PAPER

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing Analysis [https://www.ndss-symposium.org/wp-con...](https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbEEzMmJxSkNwUUhDUkMteHZraTQ1blZ5Sk0zUXxBQ3Jtc0tuZldzQXZxQXJaOGt0VDU2RGNPdGVSbnMzcWxiTVZ1UmJsTzcyaUlCTFdvbmhoWnZRdWQ0UlJiUEs4ekR1UXNCNF9KQmp4UGxKOG5kMHdBdHBiaWh6ckxFaGphY0JVRDZDQ21jUWcyREx2Qy1XVTJqWQ&q=https%3A%2F%2Fwww.ndss-symposium.org%2Fwp-content%2Fuploads%2F2025-399-paper.pdf&v=qXDD2iiIeCg) Hidden web interfaces, i.e., undisclosed access channels in IoT devices, introduce great security risks and have resulted in severe attacks in recent years. However, the definition of such threats is vague, and few solutions are able to discover them. Due to their hidden nature, traditional bug detection solutions (e.g., taint analysis, fuzzing) are hard to detect them. In this paper, we present a novel solution EAGLEYE to automatically expose hidden web interfaces in IoT devices. By analyzing input requests to public interfaces, we first identify routing tokens within the requests, i.e., those values (e.g., actions or file names) that are referenced and used as index by the firmware code (routing mechanism) to find associated handler functions. Then, we utilize modern large language models to analyze the contexts of such routing tokens and deduce their common pattern, and then infer other candidate values (e.g., other actions or file names) of these tokens. Lastly, we perform a hidden-interface directed black-box fuzzing, which mutates the routing tokens in input requests with these candidate values as the high-quality dictionary. We have implemented a prototype of EAGLEYE and evaluated it on 13 different commercial IoT devices. EAGLEYE successfully found 79 hidden interfaces, 25X more than the state-of-the-art (SOTA) solution IoTScope. Among them, we further discovered 29 unknown vulnerabilities including backdoor, XSS (cross-site scripting), command injection, and information leakage, and have received 7 CVEs.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – EAGLEYE: Exposing Hidden Web Interfaces In loT Devices Via Routing Analysis appeared first on Security Boulevard.

State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

The post Life in the Swimlane with Pauline Bacot, Senior Product Marketing Manager appeared first on AI Security Automation.

The post Life in the Swimlane with Pauline Bacot, Senior Product Marketing Manager appeared first on Security Boulevard.

为应对 AI 热所引发的供应短缺，联想正在囤积内存等重要 PC 零部件。联想 CFO 郑孝明周一接受彭博社采访时表示，该公司目前的 PC 零部件库存比平常高 50%。随着 AI 热导致内存等零部件价格飙升，联想希望借助其库存优势获利。郑孝明表示联想已签订长期合同并拥有规模优势，将尽量避免在本季度将上涨的成本转移给客户，因为公司希望维持今年的强劲销售增长势头。联想目前拥有可满足 2026 年全年需求的内存库存。

Competitive testing is a business-critical function for financial institutions seeking the ideal solutions provider to help optimize their risk management strategies. Don’t get seduced by inflated test results or flowery marketing claims, however. Selecting the right risk solutions could be one of the most important tasks your business ever undertakes – and one of the..

The post Don’t Use a Ruler to Measure Wind Speed: Establishing a Standard for Competitive Solutions Testing appeared first on Security Boulevard.

Java代码审计深度分析

Sukunaarchaeum mirabile не должен существовать по законам биологии, но он процветает миллионы лет.

根据发表在《Nature Communications》期刊上的一项研究，剑桥大学团队利用 MRI diffusion scans 数据集对比了年龄在 0-90 岁之间的 3802 个人的大脑，发现在人一生中大脑结构会经历四个转折点五个阶段。这四个转折点主要发生在 9 岁、32 岁、66 岁和 83 岁时。9 岁是儿童期，32 岁是进入长达 30 年的成年期的开始，66 岁是大脑结构进入早期衰老的开始，83 岁是晚期衰老的开始。

受阿里 AI 挑战赛分享启发，结合 edusrc 漏洞规则实践，对校园 AI 提示词越狱的初探索

Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn and removing drudge work.

StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation […]

Details of the case are classified, but Russian media say Timur Kilin may have drawn official ire after publicly criticizing the state-owned messaging app Max and the government’s anti-cybercrime legislation.

Gamaredon 是自 2013 年起活跃的俄高级持续性威胁（APT）组织图1，核心聚焦网络间谍活动，相关报告可见乌克兰披露俄罗斯APT组织人员信息与通话录音 Lazarus 是 2009 年起活跃的朝鲜全方面威胁行为体图2，初期以网络间谍活动和破坏性攻击为主，后转向经济利益导向攻击以筹措资金。 Gamaredon 以窃密为业，Lazarus 则专事窃取，二者最终均服务于各自政府的战略利益。 就在莫斯科与平壤宣布开通新直飞航线的次日，安全团队发现了 Gamaredon 与 Lazarus 两大 APT 组织可能存在协作的迹象。 2025 年 7 月 24 日，团队通过已知 Telegram（电报）和 Telegraph（电报文稿平台）渠道追踪 Gamaredon 命令与控制（C2）服务器的系统，成功拦截了一个 IP 地址： 144[.]172[.]112[.]106 四天后，在例行检查中，团队发现该服务器正托管着一个经过混淆处理的 “InvisibleFerret” 恶意软件样本（SHA256 哈希值：128da948f7c3a6c052e782acfee503383bf05d953f3db5c603e4d386e2cf4b4d）—— 这款恶意软件正是 Lazarus 组织的标志性工具。 该载荷与 Lazarus 的工具集完全匹配，且通过与 “ContagiousInterview” 行动相同的服务器结构（URL 地址：http[://]144[.]172[.]112[.]106/payload/99/81）进行分发。而 “ContagiousInterview” 正是 Lazarus 此前针对求职者发起的钓鱼攻击行动，通过伪造招聘信息实施入侵。 尽管该 IP 地址有可能是代理服务器或 VPN 节点，但两大组织活动的时间关联性，再加上服务器托管模式的高度重合，表明他们存在基础设施复用的极大可能，且有中等置信度显示二者存在运营层面的协作。 目前尚不清楚是 Lazarus 借用了 Gamaredon 控制的服务器，还是双方共用同一客户实例，但这一高度重合的数字足迹，显然绝非偶然。 图3为其他APT组织合作情况 报告链接： https://www.gendigital.com/blog/insights/research/apt-cyber-alliances-2025

The cybersecurity landscape is undergoing a profound transformation. Traditional malware, characterized by static code and predictable behaviors, is being eclipsed by a new breed of threats powered by advanced artificial intelligence. A notable example is the emergence of MalTerminal, a malware leveraging OpenAI’s GPT-4 to generate ransomware and reverse shells in real-time. This development marks..

The post The Emergence of GPT-4-Powered Ransomware and the Threat to IAM Systems appeared first on Security Boulevard.

Что заставило сотни тысяч людей искать альтернативу после окончания поддержки «десятки»?

A vulnerability was found in SourceCodester Interview Management System 1.0. It has been declared as critical. Affected is an unknown function of the file /viewReport.php. Executing manipulation of the argument ID with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) can lead to sql injection. This vulnerability is handled as CVE-2022-2679. The attack can be executed remotely. Additionally, an exploit exists.