Aggregator

CVE-2008-2470 | Macrovision Flexnet Connect 6.0 ActiveX Control isusweb.dll memory corruption (VU#630017 / ID 115960)

3 months ago

A vulnerability, which was classified as very critical, has been found in Macrovision Flexnet Connect 6.0. This issue affects some unknown processing in the library isusweb.dll of the component ActiveX Control. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2008-2470. The attack may be initiated remotely. There is no exploit available.

vuldb.com

CVE-2008-2463 | Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx code injection (VU#837785 / EDB-6124)

Vuldb Updates

3 months ago

A vulnerability has been found in Microsoft Office Snapshot Viewer ActiveX up to Office 2003 and classified as critical. Affected by this vulnerability is an unknown functionality of the file snapview.ocx of the component Snapshot Viewer ActiveX Control. The manipulation leads to code injection. This vulnerability is known as CVE-2008-2463. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2008-2475 | eBay Enhanced Picture Uploader ActiveX control up to 1.0.25 ActiveX Control EPUWALcontrol.dll os command injection (VU#983731 / Nessus ID 39350)

Vuldb Updates

3 months ago

A vulnerability has been found in eBay Enhanced Picture Uploader ActiveX control up to 1.0.25 and classified as very critical. This vulnerability affects unknown code in the library EPUWALcontrol.dll of the component ActiveX Control. The manipulation leads to os command injection. This vulnerability was named CVE-2008-2475. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

俄罗斯APT组织针对西方物流与技术公司发动大规模网络攻击

白泽安全实验室

3 months ago

近期，一场由俄罗斯情报机构发动的网络攻击活动引发了国际社会的广泛关注。

CVE-2025-22983 | IceCMS 2.2.0 circle information disclosure (EUVD-2025-3063)

Vuldb Updates

3 months ago

A vulnerability has been found in IceCMS 2.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /square/getAllSquare/circle. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-22983. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-22984 | iceCMS 2.2.0 DelectSquareById information disclosure (EUVD-2025-3064)

Vuldb Updates

3 months ago

A vulnerability was found in iceCMS 2.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /api/squareComment/DelectSquareById. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-22984. The attack can only be done within the local network. There is no exploit available.

vuldb.com

CVE-2025-22978 | eladmin up to 2.7 Exception Log Download Module csv injection (Issue 863 / EUVD-2025-3061)

Vuldb Updates

3 months ago

A vulnerability was found in eladmin up to 2.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Exception Log Download Module. The manipulation leads to csv injection. This vulnerability is handled as CVE-2025-22978. Access to the local network is required for this attack to succeed. There is no exploit available.

vuldb.com

CVE-2025-22980 | Senayan SLiMS 9 Bulian 9.6.1 loan.php tempLoanID sql injection (Issue 270 / EUVD-2025-3062)

Vuldb Updates

3 months ago

A vulnerability has been found in Senayan SLiMS 9 Bulian 9.6.1 and classified as critical. This vulnerability affects unknown code of the file /admin/modules/circulation/loan.php. The manipulation of the argument tempLoanID leads to sql injection. This vulnerability was named CVE-2025-22980. The attack can be initiated remotely. There is no exploit available.

vuldb.com

报名 | 美团技术沙龙【AI+安全：智能技术在安全领域的应用探索】

美团安全应急响应中心

3 months ago

6月19日（周四） 14:00 - 17:30，线上直播，快来报名吧

Review: Cybersecurity For Dummies, 3rd Edition

Help Net Security

3 months ago

If you’re new to cybersecurity and looking for a book that doesn’t overwhelm you with jargon or dive too deep into technical territory, Cybersecurity For Dummies might be a solid starting point. It’s written with beginners in mind and assumes you know how to use a smartphone and computer but not much more. This latest edition, published in 2025, adds newer topics like AI threats, which help keep the material relevant. About the author Joseph … More →

The post Review: Cybersecurity For Dummies, 3rd Edition appeared first on Help Net Security.

Mirko Zorz

Building a Security Portfolio Even When You're a Blue Teamer

Ransomware DataBreachToday.com

3 months ago

Things to Include on Your CV When Your Job Focuses on Keeping Systems Running
If you're a junior SOC analyst, a GRC specialist or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It's not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that - whether your job touches logs or legal frameworks.

Czech Government Attributes Foreign Ministry Hack to China

Ransomware DataBreachToday.com

3 months ago

APT31 Compromised the Czech Foreign Affairs Ministry in 2022
The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic's foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31.

PumaBot Malware Targets Linux IoT Devices

Ransomware DataBreachToday.com

3 months ago

Stealthy Malware Installs Cryptomining Software
A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet "PumaBot," since its malware checks for the string "Pumatronix," the name of a Brazilian manufacturer of surveillance and traffic camera systems.

CISA's Leadership Exodus Continues, Shaking Local Offices

Ransomware DataBreachToday.com

3 months ago

'It's Just Totally Destabilizing,' Staffers Say Amid CISA's Leadership Exodus
An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency's regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending.

A Peek Behind the Claude Curtain

Ransomware DataBreachToday.com

3 months ago

Researcher Analyzes System Prompts to Show How New Claude Models Work
System-level instructions guiding Anthropic's new Claude 4 models tell it to skip praise, avoid flattery and get to the point, said independent AI researcher Simon Willison, breaking down newly released and leaked system prompts for the Claude Opus 4 and Sonnet 4 models.

Apples, Pears, and Oranges: Not All Pentest Firms Are the Same

TrustedSec

3 months ago

<p>Penetration testing is not a commodity service. If you are a procurer of penetration tests and have ever received wildly different quotes for the "same" engagement, you've likely encountered this issue at some point.…</p>

Martin Bos

网络犯罪分子利用假冒KeePass密码管理器进行ESXi勒索软件攻击

嘶吼

3 months ago

至少8个月以来，攻击者一直在分发木马版本的KeePass密码管理器，以安装Cobalt Strike信标、窃取凭证，并最终在被入侵的网络上部署勒索软件。

WithSecure的威胁情报团队在调查一起勒索软件攻击后发现了这一活动。研究人员发现，攻击始于通过必应广告推广的恶意KeePass安装程序，该广告推广了虚假软件网站。

由于KeePass是开源的，攻击者修改了源代码，构建了一个木马化的版本，称为KeeLoader，其中包含所有正常的密码管理功能。然而，它包括安装Cobalt Strike信标并以明文形式导出KeePass密码数据库的修改，然后通过信标窃取密码。

WithSecure表示，此次攻击中使用的Cobalt Strike水印与一个初始访问代理有关，该代理被认为与过去的Black Basta勒索软件攻击有关。

Cobalt Strike水印是嵌入到信标中的唯一标识符，与用于生成有效载荷的许可证绑定。“这个水印通常在与黑巴斯塔勒索软件相关的信标和域的背景下被注意到。它很可能被作为初始访问经纪人与Black Basta密切合作的黑客使用。

研究人员表示，已经发现了多个KeeLoader的变体，这些变体使用合法证书签名，并通过诸如keepaswrd[等拼写错误域名传播。com, keegass[。com和KeePass[.]me。

目前，[。com网站仍然活跃，并继续分发木马化的KeePass安装程序[VirusTotal]。

假冒的KeePass网站推送木马安装程序

除了释放Cobalt Strike信标之外，木马化的KeePass程序还包含密码窃取功能，允许威胁者窃取输入到程序中的任何凭据。

“KeeLoader不仅被修改到可以作为恶意软件加载器的程度。它的功能被扩展到促进KeePass数据库数据的泄露，”WithSecure报告中写道。

当KeePass数据库数据被打开时；“帐号”、“登录名”、“密码”、“网址”和“评论”信息也以CSV格式导出到“%localappdata%”目录下，格式为“。kp”。这个随机整数值在100-999之间。

转储KeePass凭证

最终，由WithSecure调查的攻击导致该公司的VMware ESXi服务器被勒索软件加密。对该活动的进一步调查发现了一个广泛的基础设施，用于分发伪装成合法工具的恶意程序和旨在窃取凭证的网络钓鱼页面。

aenys[。]com域名被用来托管其他子域名，这些子域名冒充知名公司和服务，如WinSCP、PumpFun、Phantom Wallet、Sallie Mae、Woodforest Bank和DEX Screener。每一个都被用来分发不同的恶意软件变体或窃取凭证。

WithSecure将此活动归因于UNC4696，这是一个之前与Nitrogen Loader活动有关的黑客组织。之前的攻击活动与黑猫/ALPHV勒索软件有关。

建议用户从合法网站下载软件，尤其是像密码管理器这样高度敏感的软件，并避免任何链接到广告中的网站。即使广告显示了软件服务的正确URL，也应该避免，因为威胁者已经多次证明，他们可以绕过广告策略，在链接到冒名顶替的网站时显示合法的URL。

胡金鱼

CVE-2008-0851 | Dokeos E-learning System 1.8.4 inscription.php Message cross site scripting (EDB-31197 / Nessus ID 31116)

Vuldb Updates

3 months ago

A vulnerability, which was classified as problematic, has been found in Dokeos E-learning System 1.8.4. This issue affects some unknown processing of the file inscription.php. The manipulation of the argument Message leads to cross site scripting. The identification of this vulnerability is CVE-2008-0851. The attack may be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

任意代码保护 (ACG)

先知技术社区

3 months ago

ProcessDynamicCodePolicy可以防止进程生成动态代码或修改现有的可执行代码。有时也被称为任意代码保护（ACG）

DIR-815 栈溢出漏洞

先知技术社区

3 months ago

在每次复现前我都会尽量把文章通过通俗易懂的方式展现出来，目的就是希望一些刚刚入门iot的师傅们能有个更好的观看体验，如果有师傅发现了其中的错误还请指出

Aggregator

Managed ad