Aggregator

近日，国家工业信息安全发展研究中心（简称“国家工信安全中心”）向威努特发来感谢信，对威努特在“铸网-2024”工业互联网安全实网攻防演练活动中的用心实施和突出表现，给予了高度的肯定和衷心的感谢。“铸网

是荣誉，更是责任！

New order mandates securing the federal software supply chain and communications networks, as well as deploying AI tools to protect critical infrastructure from cyberattacks — but will the Trump administration follow through?

Dear blog readers,

In this post I'll provide some actionable
intelligence on the current state of active BitCoin Exchanges landscape
with the idea to assist everyone on their way to properly attribute a
fraudulent or malicious transaction or to dig a little bit deeper inside
the infrastructure and financial infrastructure behind these BitCoin Exchanges.

Sample BitCoin Exchanges URLs:

hxxp://bisq.network
hxxp://blockdx.net
hxxp://boltz.exchange
hxxp://changenow.io
hxxp://coinswap.click
hxxp://crp.is
hxxp://exch.cx
hxxp://exchanger.infinity.taxi
hxxp://exolix.com
hxxp://fixedfloat.com
hxxp://godex.io
hxxp://hodlhodl.com
hxxp://letsexchange.io
hxxp://localmonero.co
hxxp://majesticbank.at
hxxp://mandala.exchange
hxxp://peachbitcoin.com
hxxp://sideshift.ai
hxxp://stealthex.io
hxxp://tradeogre.com
hxxp://unstoppableswap.net
hxxp://vexl.it
hxxp://bitswitch.io
hxxp://wizardswap.io
hxxp://xchange.me

Sample known responding IPs:

172.67.172.108
91.195.240.19
51.68.37.66
188.165.1.80
104.21.80.1
104.21.64.1
36.86.63.182
172.67.69.184
188.114.99.236
188.114.96.18
185.178.208.163
3.24.66.78
188.114.98.229
104.26.7.14
188.114.99.229
103.154.123.132
172.67.68.152
188.114.98.224
182.23.79.195
203.119.13.75
203.119.13.76
186.2.163.71
91.215.41.54
176.9.158.211
188.114.98.128
146.112.61.107
188.114.99.192
162.241.216.218
128.242.250.148
208.101.21.43
202.160.130.52
202.160.128.210
146.112.61.106
89.41.182.24
89.41.182.99
193.168.141.179
193.168.141.55
72.52.178.23
13.248.148.254
104.21.58.171
206.189.58.26
167.99.246.105
54.66.176.79
157.245.84.7
188.114.97.4
188.114.96.4
188.114.97.12
95.214.53.250
159.89.122.145
104.21.60.147
172.67.197.200
172.64.86.149
15.235.75.245
104.18.45.100
188.114.97.1
104.31.82.18
192.29.39.98
107.154.236.60
107.154.141.60
172.67.70.100
192.29.39.48
65.8.227.25
13.225.229.65
18.160.144.91
13.35.245.111
13.249.64.117
172.217.12.179
172.217.16.179
198.18.1.141
34.196.254.27
92.242.140.6
185.66.143.187
188.114.96.6
188.114.97.10
188.114.96.14
104.31.83.21
104.21.34.110
188.114.97.14
192.186.250.199
188.114.97.11
18.102.16.191
13.50.141.112
176.9.29.194
104.26.1.187
34.234.52.18
65.0.79.182
173.236.182.137
104.244.46.93
198.18.1.164
108.160.165.211
52.25.92.0
86.35.3.193
50.63.202.31
104.21.112.1
184.168.221.26
50.63.202.19
172.67.134.215
255.255.255.255
23.217.138.108
149.202.88.23
184.168.221.42
45.60.153.115
15.165.119.196
188.114.96.0
15.164.135.176
18.173.233.64
104.26.13.101
188.114.97.20
108.160.170.41
104.21.81.250
188.114.97.6
188.114.97.3
104.21.32.1
172.67.128.64
104.26.7.183
184.168.221.44
172.64.80.1
23.202.231.167

The post A Peek Inside the Current State of BitCoin Exchanges appeared first on Security Boulevard.

Dear blog readers,

In this post I'll provide some actionable intelligence on the current state of active BitCoin Mixers landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Mixers.

Sample known BitCoin Mixer URLs:

hxxp://anonymixer.com
hxxp://bitmixer.online
hxxp://chipmixer.com
hxxp://coinomize.biz
hxxp://coinomize.co
hxxp://coinomize.is
hxxp://cryptomixer.io
hxxp://gingerwallet.io
hxxp://jambler.io
hxxp://jokermix.to
hxxp://medusamixer.io
hxxp://blindmixer.com
hxxp://mixer.money
hxxp://mixerdream.com
hxxp://mixero.io
hxxp://mixtum.io
hxxp://mixtura.money
hxxp://mixy.money
hxxp://puremixer.io
hxxp://sparrowwallet.com
hxxp://swamplizard.io
hxxp://tengricrypto.com
hxxp://thormixer.io
hxxp://unijoin.io
hxxp://webmixer.io
hxxp://whir.to

Sample known responding IPs:
104.21.14.15
172.67.133.191
136.228.192.103
172.64.101.28
172.64.98.33
104.21.36.129
172.67.158.129
188.114.97.3
188.114.97.1
172.67.142.24
185.205.69.10
135.181.110.78
93.95.231.89
34.102.136.180
172.67.188.123
104.26.3.240
198.177.120.27
104.21.58.174
188.114.99.229
188.114.98.224
104.21.79.112
34.102.155.139
216.246.46.117
172.67.170.136
172.67.172.23
108.167.189.28
162.241.61.115
108.167.189.61
192.185.4.130
188.114.97.0
172.67.180.202
188.114.96.4
104.21.34.115
172.67.160.123
46.101.27.21
108.160.143.236
188.114.96.3
172.67.170.175
104.21.63.126
65.109.166.143
103.224.212.100
93.95.231.80
199.59.243.226
37.120.206.181
172.64.174.24
152.89.162.34
188.114.96.0
46.17.96.4
103.224.212.210
186.2.163.238
101.99.91.215
172.67.154.113
104.21.69.169
185.178.208.78
172.67.210.143
 

188.114.98.229
188.114.97.4
188.114.96.14
172.67.158.73
188.114.97.2
172.67.70.29
188.114.97.14
104.26.5.134
186.2.163.228
23.202.231.167
104.21.96.1
198.54.117.210
188.114.97.22
198.54.117.200
188.114.97.7
149.28.138.23
45.180.20.12
185.86.149.239
218.93.250.18
185.178.208.139
172.67.191.198
188.114.99.224
104.21.43.207
46.28.207.19
104.26.3.196
13.248.151.237
104.21.36.95
172.64.80.1
36.86.63.182
172.64.165.7
23.217.138.112
 

185.178.208.159
172.67.206.39
104.21.16.160
172.67.154.213
104.21.6.88
5.61.48.183
172.67.154.211
104.239.213.7
45.76.91.219
46.101.124.25
23.195.69.112
104.21.6.90
164.92.229.238

Stay tuned.

The post A Peek Inside the Current State of BitCoin Mixers appeared first on Security Boulevard.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A vulnerability was found in Bestsoftinc Advance Hotel Booking System 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file booking_details.php. The manipulation of the argument title leads to cross site scripting. This vulnerability is known as CVE-2014-4035. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Microsoft Windows up to XP. This vulnerability affects unknown code of the component Briefcase Handler. The manipulation leads to improper resource management. This vulnerability was named CVE-2012-4775. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Microsoft Windows 7/Server 2003/Server 2008/Vista/XP. Affected is an unknown function of the component Win32k Application Handler. The manipulation leads to race condition. This vulnerability is traded as CVE-2013-1253. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Microsoft Windows 7/Server 2003/Server 2008/Vista/XP. Affected is an unknown function of the component Win32k Application Handler. The manipulation leads to race condition. This vulnerability is traded as CVE-2013-1265. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Internet Explorer 6/7/8/9 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper resource management. This vulnerability was named CVE-2013-0029. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Microsoft Internet Explorer 6/7/8/9/10. Affected by this vulnerability is the function CView::EnsureSize. The manipulation leads to improper resource management. This vulnerability is known as CVE-2013-0090. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component Kernel. The manipulation leads to race condition. This vulnerability is traded as CVE-2013-1294. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in PHP. It has been rated as critical. Affected by this issue is some unknown functionality of the component Zend Server. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2013-3735. The attack may be launched remotely. There is no exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Microsoft Windows up to XP. Affected by this issue is some unknown functionality of the component TTF Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2013-3129. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows up to XP. It has been classified as critical. This affects an unknown part of the file win32k.sys of the component Memory Object Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2013-1342. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows 7/Server 2003/Server 2008/Vista/XP and classified as problematic. This vulnerability affects unknown code of the component Win32k Application Handler. The manipulation leads to race condition. This vulnerability was named CVE-2013-1275. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

任天堂 Switch 2 游戏掌机今日首发亮相，首个介绍视频展示了其造型设计等细节。全球语言学习平台多邻国披露，去年 12 月至本周一（1 月 13 日）的数据显示，平台上开始学习中文普通话的美国人，出现同比激增 216%

We are excited to announce a significant Salt Security API Protection Platform upgrade. We have recently introduced a new detection feature targeting a prevalent yet often neglected vulnerability: open redirect attacks. This issue is so severe that it is highlighted in the OWASP Top 10 API Security Risks!

What Makes Open Redirects So Dangerous?

Consider this: you receive a link in an email that appears to be from your bank. Instead of reaching your account page, you are led to a convincing fraudulent site designed to steal your login information. This is the deceptive nature of an open redirect attack.

Such attacks occur when an application uncritically accepts user-provided URLs and redirects users based on this unreliable input. Attackers take advantage of this by inserting harmful URLs, which can result in:

• Phishing attacks: Users are diverted to fake websites that resemble legitimate ones, tricking them into revealing sensitive information.
• Malware distribution: Users are sent to sites that host malware, endangering their devices and potentially the entire network.
• Data theft: Attackers can create URLs that extract sensitive information from the application during the redirect process.

Open redirects often serve as an initial step in a more extensive attack sequence. Think of the redirect as a way for attackers to gain initial access, leading to more harmful activities.

Why Are They So Common?

Although it seems straightforward to avoid, open redirects are alarmingly widespread. Developers frequently find it challenging to validate every URL that comes from user input. This task is tedious; updating validation as the application changes can be a significant burden.

This vulnerability is so common that it features in the OWASP API Top 10 2023 under API10:2023 Unsafe Consumption of APIs, underscoring its importance in the realm of API security. The category spotlights the risks associated with integrating with external APIs that may have poor security, potentially exposing your application by association. Open redirects directly fall into this category, as they exploit trust relationships between applications.

Salt Security Shuts Down the Threat

With our upcoming detection capability, Salt Security is elevating standards for API protection. Our platform employs advanced AI and machine learning to examine URL patterns and detect suspicious redirection attempts. This allows us to:

• Identify open redirect attacks in real-time: Stopping malicious redirects before they can affect your users or business.
• Provide comprehensive insights into attack attempts: Equipping your security team with essential information to understand the attack and respond appropriately.
• Mitigate your overall risk: We help you secure your APIs and protect sensitive data by neutralizing this frequent attack vector.

A Competitive Edge in API Security

We are confident that this new detection feature distinguishes us in the market. Many security solutions fail to address open redirects with the same level of precision and sophistication. By directly confronting this often-ignored vulnerability, Salt Security delivers a truly holistic API security solution.

You can use this new detection and all our other detection capabilities that make our intent engine industry-leading. This is just one more instance of how Salt Security continually innovates to remain ahead of the curve and ensure that our customers receive the best API protection possible.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Open Redirect? Game Over! Salt Security Neutralizes a Sneaky API Attack Vector appeared first on Security Boulevard.