Aggregator

GPOHunter – Active Directory Group Policy Security Analyzer GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory Group Policy Objects (GPOs). It automates security checks and provides detailed...

The post GPOHunter: Active Directory Group Policy Security Analyzer appeared first on Penetration Testing Tools.

CVE Prioritizer Tool CVE_Prioritizer is a powerful tool that helps you prioritize vulnerability patching by combining CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities. It provides valuable insights into the likelihood of exploitation and the potential impact of...

The post CVE_Prioritizer: Streamline vulnerability patching with CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities appeared first on Penetration Testing Tools.

bettercap bettercap is a powerful, easily extensible, and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they...

The post bettercap: Swiss army knife for network attacks and monitoring appeared first on Penetration Testing Tools.

A vulnerability was found in Net Dns 0.60. It has been classified as problematic. This affects the function net::dns. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2007-6341. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ruby on Rails up to 3.x/4.x. It has been classified as critical. Affected is an unknown function of the file request.rb of the component Web Console. The manipulation of the argument X-Forwarded-For leads to improper access controls (Blacklist). This vulnerability is traded as CVE-2015-3224. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 网络安全研究人员近日发现，锐捷网络（Ruijie Networks）开发的云管理平台存在安全漏洞，可能使攻击者远程操控网络设备。 Claroty公司的研究人员Noam Moshe和Tomer Goldschmidt在报告中指出，这些漏洞不仅影响Reyee平台，还波及Reyee OS网络设备。一旦漏洞被利用，攻击者能在任何支持云功能的设备上执行代码，从而控制大量设备。 在对物联网（IoT）厂商进行深入分析时，Claroty发现了10个漏洞，并设计了“Open Sesame”攻击方法。该方法可通过云平台远程入侵接入点，实现未授权访问。 CVE-2024-47547（CVSS评分9.4）：弱密码恢复机制，易受暴力破解攻击。 CVE-2024-48874（CVSS评分9.8）：服务器端请求伪造（SSRF）漏洞，攻击者可访问内部服务及云基础设施。 CVE-2024-52324（CVSS评分9.8）：允许发送恶意MQTT消息，执行任意操作系统命令。 此外，CVE-2024-45722（CVSS评分7.5）漏洞表明，知道设备序列号即可破解MQTT认证，进而攻击MQTT代理，获取云连接设备序列号列表。 研究人员表示，利用序列号可生成有效认证凭据，执行拒绝服务攻击，包括认证、断开连接、发送伪造消息等，甚至向用户发送虚假数据。 攻击者若接近锐捷接入点的Wi-Fi网络，可通过拦截Wi-Fi信标提取序列号，利用MQTT通信漏洞实现远程代码执行。该攻击被命名为CVE-2024-47146（CVSS评分7.5）。 锐捷网络已修复所有漏洞，无需用户操作。预计约5万台云连接设备受影响。 研究人员表示，这是物联网设备（如无线接入点、路由器和其他连接设备）中的弱点的又一例，这些设备通常很容易进入，但却能够进行更深层次的网络攻击。 此次披露正值PC Automotive安全公司发现12个漏洞，影响某些斯柯达汽车的MIB3娱乐信息单元，恶意攻击者可能通过这些漏洞将其链式利用来执行代码、实时追踪汽车位置、通过车载麦克风录音、截取娱乐显示屏的屏幕截图，甚至窃取联系人信息。 这些漏洞（CVE-2023-28902至CVE-2023-29113）允许攻击者通过蓝牙“获得MIB3娱乐信息单元的代码执行权限”，提升至root权限，绕过安全启动获取持久的代码执行权限，并且每次汽车启动时通过DNS通道控制娱乐信息单元。PC Automotive的研究人员表示。   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

HackerNews 编译，转载请注明出处： 本周，美国司法部（DoJ）公布了对巴西库里奇巴29岁公民Junior Barros De Oliveira的起诉书。De Oliveira涉嫌通过黑客攻击威胁勒索，已被起诉四项与从受保护计算机获取信息相关的勒索威胁罪名，以及四项威胁通讯罪名。 案件受害者是一家新泽西州公司在巴西的子公司，其计算机系统于2020年3月遭到De Oliveira的入侵。他利用获取的访问权限，至少三次窃取约30万名客户的机密信息。 2020年9月，De Oliveira通过假名向该公司首席执行官发送电子邮件，要求支付300比特币（约320万美元），否则将泄漏公司数据。一个月后，他又将同一邮件转发给首席执行官及巴西子公司高管。 在后续邮件中，De Oliveira表示愿“协助解决安全漏洞”，但要求75比特币（约80万美元）作为咨询费，并提供了支付到比特币钱包的详细指南。 若罪名成立，每项勒索威胁罪名最高可判5年监禁，并处25万美元或非法获利/损失两倍的罚款（以较高者为准）；每项威胁通讯罪名最高可判2年监禁，并处相同额度的罚款。   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

A vulnerability classified as problematic has been found in Apache Rave up to 0.20. This affects an unknown part of the component User Account. The manipulation of the argument offset leads to information disclosure. This vulnerability is uniquely identified as CVE-2013-1814. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Microsoft FrontPage Server Extensions 2002. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2006-0015. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Remote Clinic 2.0. It has been rated as problematic. This issue affects some unknown processing of the file clinics/register.php. The manipulation of the argument Clinic Name/Clinic Address/Clinic City/Clinic Contact leads to cross site scripting. The identification of this vulnerability is CVE-2021-30042. The attack may be initiated remotely. Furthermore, there is an exploit available.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

比特币价格下跌；智谱清言引入新负责人；宁德时代宣布赴香港上市

比特币下跌 巨额衍生品到期或带来动荡纽约时间 07：12，比特币下跌约 3% 至 95,420 美元。一个包含以太币、Solana 和狗狗币等较小加密货币的更广泛加密货币指标下跌约 3%。目前稳定在

A vulnerability was found in Oracle Java up to 2.2.7. It has been rated as critical. This issue affects some unknown processing of the component Install. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2013-2439. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Oracle Java up to 7 Update 17 and classified as problematic. This issue affects some unknown processing of the component JavaFX. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2013-2438. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Firebird SQL Server up to 2.5.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2013-2492. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.