Aggregator

CVE-2012-2095 | David Paleino WICD up to 1.7.1 SetWiredProperty input validation (EDB-18733 / Nessus ID 58861)(link is external)

Vuldb Updates
7 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in David Paleino WICD. This issue affects the function SetWiredProperty. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2012-2095. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-9530 | Qi Addons for Elementor Plugin up to 1.8.0 on WordPress information disclosure(link is external)

VulDB Recent Entries
7 months 3 weeks ago
A vulnerability was found in Qi Addons for Elementor Plugin up to 1.8.0 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-9530. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-31880 | IBM DB2/DB2 Connect Server 10.5/11.1/11.5 SQL Statement allocation of resources(link is external)

VulDB Recent Entries
7 months 3 weeks ago
A vulnerability was found in IBM DB2 and DB2 Connect Server 10.5/11.1/11.5. It has been classified as problematic. Affected is an unknown function of the component SQL Statement Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-31880. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2016-4091 | Adobe Acrobat Reader up to 11.0.15/15.006 memory corruption (APSB16-14 / Nessus ID 91096)(link is external)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Adobe Acrobat Reader up to 11.0.15/15.006 and classified as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-4091. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2002-0317 | Gator 3.0.6.1 Installer IEGator.dll src privileges management (XFDB-8266 / BID-4161)(link is external)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Gator 3.0.6.1 and classified as critical. Affected by this issue is some unknown functionality in the library IEGator.dll of the component Installer. The manipulation of the argument src leads to improper privilege management. This vulnerability is handled as CVE-2002-0317. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2016-4090 | Adobe Acrobat Reader up to 11.0.15/15.006 memory corruption (APSB16-14 / Nessus ID 91096)(link is external)

Vuldb Updates
7 months 3 weeks ago
A vulnerability has been found in Adobe Acrobat Reader up to 11.0.15/15.006 and classified as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4090. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Effective strategies for measuring and testing cyber resilience(link is external)

Help Net Security
7 months 3 weeks ago

In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness training, multi-factor authentication, and stakeholder involvement at all levels in building a resilient organizational culture. What are the most significant emerging cyber threats organizations should prioritize when developing resilience strategies? There are a myriad of … More →

The post Effective strategies for measuring and testing cyber resilience appeared first on Help Net Security.

Mirko Zorz

手把手玩转路由器漏洞挖掘系列-ZiggBee协议(link is external)

嘶吼
7 months 3 weeks ago


1. 基本介绍

ZigBee是一种低复杂度、低功耗、低速率、低成本的近距离无线通信技术。它基于IEEE 802.15.4标准,主要用于短距离数据传输和监控应用。

ZigBee网络由协调器、路由器和终端设备组成,支持星型、树型和网状等多种拓扑结构。该技术广泛应用于智能家居、工业自动化、医疗监护等领域,通过低功耗和自组织网络特性,实现高效、可靠的无线数据传输。ZigBee的传输速率在10KB/秒到250KB/秒之间,支持大量设备连接,具有强大的网络容量和灵活的节点配置能力。

2. 协议概述2.1 栈结构

ZigBee协议组成主要涵盖了四个层次,这些层次共同构成了ZigBee网络协议栈的基础,确保了数据的可靠传输和网络的有效管理。以下是ZigBee协议组成的详细概述:

  • 物理层
    • 处理无线电硬件之间的实际通信
    • 基于IEEE 802.15.4标准的无线通信技术
  • 传输层
    • 管理无线链路,包括处理帧的发送、接收、超时重传、收发确认等
    • 提供了安全和管理机制,如加密、身份认证和底层设备管理
  • 网络层
    • 负责多跳网络的支持,主要包括路由选择、拓扑结构和组网等功能(星型、树型和网状拓扑结构)
    • 协调器、路由器和终端设备
  • 负责定义不同应用的数据格式和通信规则
    • 节点之间的路由和寻址机制,确保数据传输的可靠性和安全性
    • 不同设备之间的互相通信,允许节点在网络中相互切换
2.2 数据帧2.2.1 具体分布
  • 物理层
    • SHR - 前导序列
    • PHR -  PSDU长度信息
    • PSDU - MAC层协议数据单元
  • 传输层
    • MHR - 控制信息、序列号、寻址信息等
    • MSDU - 网络层和应用层数据
    • MFR - 帧校验序列
  • 网络层
    • 网络层帧头和有效载荷
  • 应用层
    • 数据和服务
2.2.2 帧结构

  信标帧


帧控制域序列号地址域附加安全头部超帧描述GTS分配释放信息转发数据目标地址信息帧负载FCS


  数据帧


帧控制域序列号地址域附加安全头部数据帧负载FCS校验

确认帧

帧控制域序列号FCS2.3 安全机制

ZigBee主要提供三个级别的安全模式:

  • 非安全模式
    • 不采取任务安全措施 - 可重发、中间人攻击
  • 访问控制模式
    • 只允许接入的硬件设备MAC地址存在列表中,限制无合法节点访问获取相关数据
  • 安全模式
    • 支持128位AES加密算法进行数据通信加密

Wireshark里面提供的安全级别可支持预设密钥用于解析数据包

2.4 密钥类型

  • 主密钥
    • 配合ZigBee对称密钥的建立(SKKE)过程来派生其它密钥,在建立网络时生成或配置的,用于后续生成网络密钥和链接密钥。
  • 网络密钥
    • 保护广播和组数据的机密性和完整性,同时也为网络认证提供保护
  • 链接密钥
    • 保护两个设备之间单播数据的机密性和完整性
  • 其他密钥
    • 除了上述主要密钥外,ZigBee协议还可能定义其他类型的密钥,如应用主密钥、应用链接密钥等,用于特定场景下的安全通信
3. 安全风险3.1 中间人攻击

ZigBee采用非安全模式,对数据传输内容没有加密,可能被窃取敏感数据内容。

3.2 密钥攻击

在密钥传输过程中,密钥内容会以明文形式传输,因此可能被获取密钥信息,通过密钥对数据信息进行解密或者伪造合法接入设备。

4. 总结

当前,针对ZigBee协议的攻击策略主要聚焦于其密钥安全性的薄弱环节,其密钥安全是整个Zigbee协议中最重要一环。



NEURON

Argus: Open-source information gathering toolkit(link is external)

Help Net Security
7 months 3 weeks ago

Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into three main areas: Network and infrastructure tools These tools help you gather data about a network, uncovering vital details about servers, IP addresses, DNS records, and more: Associated Hosts: Discover domains associated with the target. … More →

The post Argus: Open-source information gathering toolkit appeared first on Help Net Security.

Help Net Security

黑客滥用 F5 BIG-IP cookie 来映射内部服务器(link is external)

嘶吼
7 months 3 weeks ago

CISA 表示,已发现威胁分子滥用未加密的持久性 F5 BIG-IP cookie 来识别和瞄准目标网络上的其他内部设备。

通过绘制内部设备图,威胁者可以潜在地识别网络上易受攻击的设备,作为网络攻击规划阶段的一部分。 

据 CISA 表述,“恶意分子可以利用从未加密的持久性 cookie 收集的信息来推断或识别其他网络资源,并可能利用网络上其他设备中发现的漏洞。”

F5 持久会话 cookie

F5 BIG-IP 是一套应用程序交付和流量管理工具,用于负载平衡 Web 应用程序并提供安全性。其核心模块之一是本地流量管理器(LTM)模块,它提供流量管理和负载平衡,以在多个服务器之间分配网络流量。使用此功能,客户可以优化其负载平衡的服务器资源和高可用性。

产品中的本地流量管理器 (LTM) 模块使用持久性 cookie,通过每次将来自客户端(Web 浏览器)的流量引导到同一后端服务器来帮助维护会话一致性,这对于负载平衡至关重要。

“Cookie 持久性使用 HTTP cookie 强制执行持久性”F5 的文档解释道。 

与所有持久模式一样,HTTP cookie 确保来自同一客户端的请求在 BIG-IP 系统最初对它们进行负载平衡后被定向到同一池成员。如果同一池成员不可用,系统会进行新的负载权衡决定。

这些 cookie 默认情况下未加密,可能是为了保持旧配置的操作完整性或出于性能考虑。从版本 11.5.0 及更高版本开始,管理员获得了一个新的“必需”选项来对所有 cookie 强制加密。

那些选择不启用它的人会面临安全风险。但是,这些 cookie 包含内部负载平衡服务器的编码 IP 地址、端口号和负载平衡设置。

多年来,网络安全研究人员一直在分享如何滥用未加密的 cookie 来查找以前隐藏的内部服务器或可能未知的暴露服务器,这些服务器可以扫描漏洞并用于破坏内部网络。还发布了一个 Chrome 扩展程序来解码这些 cookie,以帮助 BIG-IP 管理员排除连接故障。

据 CISA 称,威胁者已经在利用宽松的配置进行网络发现,并建议 F5 BIG-IP 管理员查看供应商有关如何加密这些持久 cookie 的说明。

请注意,“首选”配置选项会生成加密的 cookie,但也允许系统接受未加密的 cookie。可以在迁移阶段使用此设置,以允许先前发出的 cookie 在强制执行加密 cookie 之前继续工作。

当设置为“必需”时,所有持久 cookie 均使用强 AES-192 加密进行加密。据了解,F5 还开发了一种名为“BIG-IP iHealth”的诊断工具,旨在检测产品上的错误配置并向管理员发出警告。

胡金鱼

Evolving cloud threats: Insights and recommendations(link is external)

Help Net Security
7 months 3 weeks ago

Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise (BEC), which IBM X-Force observed as threat actors’ #1 objective when targeting cloud-based environments. In this Help Net Security video, Austin Zeizel, Threat Intelligence Consultant at IBM X-Force, discusses the cloud threat landscape. Key findings … More →

The post Evolving cloud threats: Insights and recommendations appeared first on Help Net Security.

Help Net Security

Managed ad