Aggregator

A vulnerability has been found in Intel NUC Board and NUC Kit and classified as critical. Affected by this vulnerability is an unknown functionality of the component BIOS Firmware Handler. The manipulation leads to improper input validation. This vulnerability is known as CVE-2022-34152. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Intel NUC 10. This affects an unknown part of the component BIOS Firmware Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2022-36789. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Intel DCM up to 4.x. Affected is an unknown function. The manipulation leads to protection mechanism failure. This vulnerability is traded as CVE-2022-33942. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Intel Glorp and classified as critical. This vulnerability affects unknown code. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2022-30548. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Intel EMA up to 1.7.x and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-30297. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Nickolas Grigoriadis Mini Web server 0.0.6 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2007-0919. The attack can be initiated remotely. Furthermore, there is an exploit available.

这篇文章介绍了SANS Internet Storm Center网站的功能和信息，包括网络监控、威胁检测培训课程以及实时网络安全数据。值班人员Xavier Mertens负责处理相关事务，当前威胁级别为绿色（较低）。

谷歌宣布Chrome 134.0版本将默认启用自动画中画模式，切换标签页时正在播放的音频或视频会自动进入小窗口继续播放。该功能需用户授权，并仅适用于符合特定条件的内容。建议在工作场合关闭此功能以防尴尬情况发生。

这篇文章介绍了错误代码521的含义及其常见原因。该错误通常与网络连接问题相关，可能由服务器配置错误或网络设备故障引起。文章还提供了排查和解决该问题的方法建议。

HackerNews 编译，转载请注明出处： 拉撒路集团被发现开展了一项积极活动，该活动利用加密货币和旅游行业的虚假领英工作机会提供恶意软件，该软件能够感染Windows、macOS和Linux操作系统。 据网络安全公司Bitdefender称，该骗局始于在专业社交媒体网络上发送的一条消息，以远程工作、兼职灵活性和高薪为诱饵。 罗马尼亚这家公司在与The Hacker News分享的一份报告中称：“一旦目标对象表现出兴趣，‘招聘流程’随即展开，骗子会要求提供简历，甚至要求提供个人GitHub仓库链接。” “尽管这些要求看似无害，但可能暗藏祸心，比如收集个人数据，或为互动披上合法的外衣。” 在获取所需信息后，攻击进入下一阶段。此时，攻击者伪装成招聘人员，分享一个GitHub或Bitbucket仓库链接，内含一个所谓的去中心化交易所（DEX）项目的最小可行性产品（MVP）版本，并指示受害者查看并给出反馈。 代码中包含一个模糊脚本，该脚本被配置为从api.npoint[.]io获取下一阶段的有效载荷，这是一个跨平台JavaScript信息窃取软件，能够从受害者浏览器上安装的各种加密货币钱包扩展中收集数据。 该窃取软件还充当加载程序，用于获取一个基于Python的后门程序，该程序负责监控剪贴板内容变化、保持持久远程访问，并投放其他恶意软件。 值得注意的是，Bitdefender记录的手法与已知攻击活动集群“传染性面试”（又称DeceptiveDevelopment和DEV#POPPER）存在重叠，该集群旨在投放名为BeaverTail的JavaScript窃取软件和名为InvisibleFerret的Python植入程序。 通过Python恶意软件部署的恶意软件是一个.NET二进制文件，可以下载并启动TOR代理服务器以与命令和控制（C2）服务器通信、渗出基本系统信息，并投放另一个有效载荷，进而窃取敏感数据、记录键盘输入和启动加密货币挖矿程序。 Bitdefender表示：“攻击者的感染链十分复杂，包含用多种编程语言编写的恶意软件，并使用多种技术，如递归解码并执行自身的多层Python脚本、首先收集浏览器数据再转向其他有效载荷的JavaScript窃取软件，以及能够禁用安全工具、配置Tor代理和启动加密货币挖矿程序的.NET级联加载程序。” 领英和Reddit上的报告显示，这些攻击活动相当普遍，且整体攻击链仅有小幅调整。在某些情况下，要求候选人克隆一个Web3仓库并在本地运行，作为面试流程的一部分；而在其他情况下，则指示他们修复代码中故意引入的错误。 其中一个有问题的Bitbucket仓库涉及一个名为“miketoken_v2”的项目，该项目现已无法在代码托管平台上访问。 就在前一天，SentinelOne披露称，“传染性面试”活动正被用于投放另一个代号为FlexibleFerret的恶意软件。   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, has been found in Subrion CMS up to 4.2.1. Affected by this issue is some unknown functionality of the file /_core/profile/ of the component POST Request Handler. The manipulation of the argument avatar[path] leads to cross site scripting. This vulnerability is handled as CVE-2020-35437. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in S9y serendipity and classified as problematic. This vulnerability affects unknown code of the file serendipity_admin_image_selector.php. The manipulation of the argument serendipity[htmltarget] leads to cross site scripting. This vulnerability was named CVE-2013-5314. The attack can be initiated remotely. Furthermore, there is an exploit available.

2024年底发生一起网络安全事件，攻击者利用Visual Studio的隐藏配置文件.suo植入后门进行攻击。初步调查显示此次事件可能由东南亚APT组织海莲花所为。为应对这种隐蔽攻击方式，专门用于分析.suo文件的工具Sharp4SuoExplorer应运而生。该工具通过直观界面帮助识别潜在恶意代码或后门风险。文章还推荐了一个专业的.NET安全技术社区dot.Net安全矩阵星球。

这篇文章主要介绍了微软的.NET技术在企业中的广泛应用及其近期频发的安全漏洞问题。同时，文章推荐了一个系统化的.NET代码审计课程星球，提供丰富的学习资源和实践指导，帮助学习者掌握安全评估技能并提升职业发展机会。

文章指出当前环境异常，需完成验证后方可继续访问，并提供验证链接。

卡巴斯基实验室发现Google Play和App Store中的多款应用感染恶意SDK，用于窃取加密货币钱包助记词或恢复密钥。黑客通过类似阿里云的域名发起攻击，受影响应用下载量超24.2万次。建议用户检查是否安装相关应用，并及时转移资产以避免损失。

A vulnerability, which was classified as critical, has been found in VMware ESXi and ESX up to 4.1. This issue affects the function data pointers. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2012-1516. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.