Aggregator

作者：0x7F@知道创宇404实验室 日期：2024年11月12日 1.前言 CodeQL 是 GitHub 推出的一种静态代码分析工具，用于查找和修复代码中的漏洞和安全问题。该工具最早由 Semmle 团队开发并命名为 Semmle QL，应用于自家的源代码分析平台 LGTM(Looks Good To Me) 上；2020年，Github 收购了 Semmle 团队并成立了 Securi...

据BleepingComputer消息，Code White 安全研究员最近披露了一个关键的Veeam备份和复制（VBR）安全漏洞，并被用来部署Frag勒索软件。 Veeam是一家知名的数据管理供应商，官方表示全球有55万名客户使用其产品，其中包括全球 2000 强名单中约 74% 的公司。在早前，Veeam VBR已先后成为Akira和Fog勒索软件的目标。 研究员发现，该漏洞（跟踪为 CVE-2024-40711）是由不受信任的数据弱点反序列化引起，未经身份验证的威胁行为者可以利用这些数据弱点在 Veeam VBR 服务器上获得远程代码执行 （RCE）。 Frag勒索软件赎金票据 watchTowr Labs 于 9 月 9 日发布了对 CVE-2024-40711 的技术分析，并将概念验证漏洞的发布时间推迟到 9 月 15 日，以便管理员有足够的时间应用 Veeam 于 9 月 4 日发布的安全更新。 由于存在可能会立即被勒索软件团伙滥用的风险，Code White 在披露该漏洞时也推迟了分享更多细节。Veeam VBR 软件是攻击者寻求快速访问公司备份数据的热门目标，许多企业将其用作灾难恢复和数据保护解决方案，以备份、恢复和复制虚拟机、物理机和云计算机。 然而，Sophos X-Ops 事件响应人员发现，这对延缓 Akira 和 Fog 勒索软件攻击的作用微乎其微。 威胁者利用 RCE 漏洞和窃取的 VPN 网关凭据，在未打补丁和已暴露于互联网的服务器上向本地管理员和远程桌面用户组添加恶意账户。 最近，Sophos 还发现同一威胁活动集群（跟踪为 “STAC 5881″）在攻击中使用了 CVE-2024-40711 漏洞，导致 Frag 勒索软件被部署到被入侵的网络上。 2023 年 3 月，Veeam 修补了另一个高严重性 VBR 漏洞 (CVE-2023-27532)，该漏洞可让恶意行为者攻破备份基础设施。       转自Freebuf，原文链接：https://www.freebuf.com/news/414973.html 封面来源于网络，如有侵权请联系删除

友讯（D-Link）证实不会修复旧型号 NAS 设备的高危漏洞，它称已停止制造 NAS 设备，相关设备都已经终止支持。受影响的型号包括 DNS-320 Version 1.00、DNS-320LW Version 1.01.0914.2012、DNS-325 Version 1.01 和 Version 1.02，以及 DNS-340L Version 1.08。编号为 CVE-2024-10914 的漏洞是一个命令注入漏洞，风险等级 9.2/10，存在于 cgi_user_add 命令中，其 name 参数的数据清洗处理不充分。通过向设备发送特制 HTTP GET 请求，攻击者能利用漏洞注入任意 shell 命令。搜索显示有逾 6 万台联网友讯 NAS 设备受到该漏洞影响。友讯建议退役这些设备或者将其脱离公网。

A vulnerability was found in vBulletin up to 5.1.9 and classified as critical. Affected by this issue is the function vB_Api_Hook::decodeArguments of the file ajax/api/hook/decodeArguments. The manipulation of the argument arguments leads to improper input validation. This vulnerability is handled as CVE-2015-7808. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in NVIDIA GPU Graphics Driver R340/R352/R358 on Windows/Linux. It has been rated as problematic. This issue affects some unknown processing of the component Kernel Module. The manipulation leads to numeric error. The identification of this vulnerability is CVE-2015-7869. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NetApp Data ONTAP up to 8.2.4. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2015-7886. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in F5 BIG-IP. Affected is an unknown function of the component Configuration Utility. The manipulation as part of File leads to improper access controls. This vulnerability is traded as CVE-2015-8022. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Dream-multimedia-tv Enigma2 Webinterface up to 1.6.2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument file leads to path traversal. This vulnerability is handled as CVE-2012-1025. The attack may be launched remotely. Furthermore, there is an exploit available.

It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold of privileged user credentials is often the goal of attackers, granting the perpetrator the keys to the kingdom and enabling them to pull off all malicious activity. There’s also the fact that identity security is … More →

The post The changing face of identity security appeared first on Help Net Security.

在线暴露的设备正在成为勒索软件攻击的目标。

11月14日(周四)15:00-16:00不见不散！

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend

在当今数字化转型的背景下，云计算、物联网和人工智能等新兴技术的广泛应用，使得企业的攻击面呈指数级扩展和复杂化。 […]

新闻速览 •商用密码应用安全性评估试点工作结束，112家密评机构名单正式发布 •利用ZIP文件拼接技术规避安全 […]