Aggregator

Overconfident execs are making their companies vulnerable to fraud

Help Net Security
1 year ago

Cyber fraud (which includes activity such as hacking, deepfakes, voice cloning and highly sophisticated phishing schemes) rose by 14% year over year, according to Trustpair. US faces cyber fraud growth The proprietary research, which is based on a survey of 200 senior finance, treasury, and accounts payable executives, reveals that 90% of US companies were targeted by cyber fraud in the past year, compared to 79% of companies in 2023. The surge in fraud is … More →

The post Overconfident execs are making their companies vulnerable to fraud appeared first on Help Net Security.

Help Net Security

New infosec products of the week: February 7, 2025

Help Net Security
1 year ago

Here’s a look at the most interesting products from the past week, featuring releases from Dynatrace, Nymi, Qualys, SafeBreach, and Satori. Qualys TotalAppSec enables organizations to address risks across web applications and APIs Qualys TotalAppSec unifies API security, web application scanning, and web malware detection across on-premises to hybrid and multi-cloud environments, providing companies with a comprehensive view of their application security risk and posture. SafeBreach exposure validation platform identifies security gaps SafeBreach launched SafeBreach … More →

The post New infosec products of the week: February 7, 2025 appeared first on Help Net Security.

Help Net Security

Google Play,Apple App App Store应用程序被发现窃取加密钱包

嘶吼
1 year ago

Google Play商店和Apple App Store上的Android和iOS应用程序包含一个恶意软件开发套件(SDK),旨在使用OCR偷窃器窃取加密货币钱包恢复短语。该活动被称为“ SparkCat”,其名称(“ Spark”)是受感染应用程序中恶意SDK组件之一的名称(“ Spark”)。

根据Kaspersky的说法,仅在Google Play上,下载数字就可以公开使用,被感染的应用程序下载了242,000次。

Kaspersky解释说:“我们发现Android和iOS应用程序具有恶意的SDK/框架,这些应用程序嵌入了窃取加密货币钱包恢复短语,其中一些可以在Google Play和App Store上找到。”

从Google Play下载了被感染的应用程序超过242,000次。这是在App Store中找到偷窃器的第一个已知案例。

Spark SDK窃取用户的加密货币

被感染的Android应用程序上的恶意SDK利用了称为“ Spark”的恶意Java组件,该组件伪装成分析模块。

它使用GitLab上存储的加密配置文件,该文件提供命令和操作更新。在iOS平台上,该框架具有不同的名称,例如“ gzip”,“ googleappsdk”或“ stat”。另外,它使用一个称为“ IM_NET_SYS”的基于锈的网络模块来处理与命令和控制(C2)服务器的通信。

该模块使用Google ML Kit OCR从设备上的图像中提取文本,试图找到可用于在攻击者设备上加载加密货币钱包的恢复短语,而无需知道密码。

它(恶意组件)会根据系统的语言加载不同的OCR模型,以区分图片中的拉丁语,韩语和日本角色。然后,SDK沿路径 / API / E / D / U将有关设备的信息上传到命令服务器,并在响应中接收一个调节恶意软件后续操作的对象。

用于连接到命令和控制服务器的URL

该恶意软件通过使用不同语言的特定关键字来搜索包含秘密的图像,而这些关键字是每个区域(欧洲,亚洲等)的变化。虽然某些应用程序显示针对区域,但它们在指定地理区域之外工作的可能性也不能排除在外。

受感染的应用程序

据发现,有18个受感染的Android和10个iOS应用程序,其中许多应用程序在各自的应用商店中仍然可用。 Android Chatai应用程序是由卡巴斯基感染的一个应用程序,该应用程序安装了超过50,000次。该应用已不再在Google Play上可用。

在Google Play上下载的50000个应用程序

如果用户在设备上安装了这些应用程序中的任何一个,建议立即卸载它们,并使用移动防病毒工具扫描任何残留物。除此之外,用户最好还应考虑重置。

胡金鱼

CVE-2024-30403 | Juniper Junos OS Evolved prior 23.2R1-S1-EVO/23.2R2-EVO Advanced Forwarding Toolkit Manager null pointer dereference (JSA79181)

Vuldb Updates
1 year ago
A vulnerability has been found in Juniper Junos OS Evolved and classified as critical. This vulnerability affects unknown code of the component Advanced Forwarding Toolkit Manager. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-30403. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-38511 | Combodo iTop up to 3.0.3/3.1.0 Dashboard Edit path traversal (GHSA-323r-chx5-m9gm)

Vuldb Updates
1 year ago
A vulnerability has been found in Combodo iTop up to 3.0.3/3.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Dashboard Edit. The manipulation leads to path traversal. This vulnerability is known as CVE-2023-38511. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-48710 | Combodo iTop up to 2.7.9/3.0.3/3.1.0 pages/exec.php file access (GHSA-g652-q7cc-7hfc)

Vuldb Updates
1 year ago
A vulnerability was found in Combodo iTop up to 2.7.9/3.0.3/3.1.0 and classified as problematic. This issue affects some unknown processing of the file pages/exec.php. The manipulation leads to files or directories accessible. The identification of this vulnerability is CVE-2023-48710. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-3909 | Tenda AC500 2.0.1.9(1307) /goform/execCommand formexeCommand cmdinput stack-based overflow

Vuldb Updates
1 year ago
A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-3909. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-4161 | Brocade SANnav up to 2.2.x syslog cleartext transmission

Vuldb Updates
1 year ago
A vulnerability was found in Brocade SANnav up to 2.2.x. It has been classified as problematic. This affects an unknown part of the component syslog. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2024-4161. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-3988 | shaonsina Sina Extension for Elementor Plugin up to 3.5.2 on WordPress Fancy Text Widget cross site scripting

Vuldb Updates
1 year ago
A vulnerability was found in shaonsina Sina Extension for Elementor Plugin up to 3.5.2 on WordPress and classified as problematic. This issue affects some unknown processing of the component Fancy Text Widget. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-3988. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-3962 | Product Addons & Fields for WooCommerce Plugin up to 32.0.18 on WordPress ppom_upload_file unrestricted upload (ID 3075669)

Vuldb Updates
1 year ago
A vulnerability has been found in Product Addons & Fields for WooCommerce Plugin up to 32.0.18 on WordPress and classified as critical. Affected by this vulnerability is the function ppom_upload_file. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2024-3962. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-30410 | Juniper Junos OS up to 20.4R3-S1/21.2R3-S6/21.4R3-S5 on EX4300 IPv6 Firewall Filter incorrect behavior order (JSA79100)

Vuldb Updates
1 year ago
A vulnerability was found in Juniper Junos OS up to 20.4R3-S1/21.2R3-S6/21.4R3-S5 on EX4300 and classified as problematic. This issue affects some unknown processing of the component IPv6 Firewall Filter. The manipulation leads to incorrect behavior order. The identification of this vulnerability is CVE-2024-30410. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-30409 | Juniper Junos OS/Junos OS Evolved fibtd unusual condition (JSA79099)

Vuldb Updates
1 year ago
A vulnerability was found in Juniper Junos OS and Junos OS Evolved. It has been rated as problematic. Affected by this issue is some unknown functionality of the component fibtd. The manipulation leads to improper check for unusual conditions. This vulnerability is handled as CVE-2024-30409. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-30395 | Juniper Junos OS/Junos OS Evolved Routing Protocol Daemon improper validation of specified type of input (JSA79095)

Vuldb Updates
1 year ago
A vulnerability was found in Juniper Junos OS and Junos OS Evolved and classified as critical. Affected by this issue is some unknown functionality of the component Routing Protocol Daemon. The manipulation leads to improper validation of specified type of input. This vulnerability is handled as CVE-2024-30395. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-30397 | Juniper Junos OS up to 23.2R1-S2 pkid unusual condition (JSA79179)

Vuldb Updates
1 year ago
A vulnerability was found in Juniper Junos OS up to 23.2R1-S2. It has been declared as critical. This vulnerability affects unknown code of the component pkid. The manipulation leads to improper check for unusual conditions. This vulnerability was named CVE-2024-30397. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-30389 | Juniper Junos OS up to 21.4R3-S5 on EX4300 Packet Forwarding Engine incorrect behavior order (JSA79185)

Vuldb Updates
1 year ago
A vulnerability was found in Juniper Junos OS up to 21.4R3-S5 on EX4300. It has been rated as problematic. This issue affects some unknown processing of the component Packet Forwarding Engine. The manipulation leads to incorrect behavior order. The identification of this vulnerability is CVE-2024-30389. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad