Aggregator

CVE-2016-7456 | VMware vSphere Data Protection 5.5.x/5.8.x/6.0.x/6.1.x SSH Key credentials management (VMSA-2016-0024 / Nessus ID 96338)

Vuldb Updates
4 months 1 week ago
A vulnerability, which was classified as critical, was found in VMware vSphere Data Protection 5.5.x/5.8.x/6.0.x/6.1.x. Affected is an unknown function of the component SSH Key. The manipulation leads to credentials management. This vulnerability is traded as CVE-2016-7456. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2016-10134 | Zabbix 2.2.13/3.0.0/3.0.1/3.0.2/3.0.3 latest.php array sql injection (Nessus ID 97530 / ID 175982)

Vuldb Updates
4 months 1 week ago
A vulnerability, which was classified as critical, has been found in Zabbix 2.2.13/3.0.0/3.0.1/3.0.2/3.0.3. Affected by this issue is some unknown functionality of the file latest.php. The manipulation of the argument array leads to sql injection. This vulnerability is handled as CVE-2016-10134. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2017-5930 | PostfixAdmin up to 3.0.1 AliasHandler delete.php gen_show_status delete Delete permission (Nessus ID 97281 / ID 169757)

Vuldb Updates
4 months 1 week ago
A vulnerability was found in PostfixAdmin up to 3.0.1. It has been declared as problematic. This vulnerability affects the function gen_show_status of the file delete.php of the component AliasHandler. The manipulation of the argument delete leads to permission issues (Delete). This vulnerability was named CVE-2017-5930. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2017-7581 | News Module up to 5.3.2 on TYPO3 NewsController.php overwriteDemand/OrderByAllowed sql injection (ID 11789)

Vuldb Updates
4 months 1 week ago
A vulnerability, which was classified as critical, has been found in News Module up to 5.3.2 on TYPO3. This issue affects some unknown processing of the file NewsController.php. The manipulation of the argument overwriteDemand/OrderByAllowed leads to sql injection. The identification of this vulnerability is CVE-2017-7581. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2014-0224 | Oracle Enterprise Session Border Controller up to Ecz7.3m2p2 OpenSSL cryptographic issues (VU#978508 / Nessus ID 74512)

Vuldb Updates
4 months 1 week ago
A vulnerability classified as critical was found in Oracle Enterprise Session Border Controller up to Ecz7.3m2p2. This vulnerability affects unknown code of the component OpenSSL. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-0224. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2014-0224 | Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 OpenSSL cryptographic issues (VU#978508 / Nessus ID 74333)

Vuldb Updates
4 months 1 week ago
A vulnerability was found in Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1. It has been classified as critical. This affects an unknown part of the component OpenSSL. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-0224. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

朝鲜黑客实施钓鱼攻击,单日窃取 Tron 用户 1.37 亿美元

HackerNews
4 months 1 week ago
HackerNews 编译,转载请注明出处: 与朝鲜(朝鲜民主主义人民共和国,DPRK)存在关联的多个威胁活动集群被确认针对Web3及加密货币领域的机构与个人实施攻击。 谷歌旗下Mandiant公司在提供给《The Hacker News》的《2025 M-Trends报告》中指出:“朝鲜因遭受严厉国际制裁,其针对Web3与加密货币的攻击主要出于经济动机。这些活动旨在获取资金,据信用于支持朝鲜大规模杀伤性武器(WMD)计划及其他战略资产。” Mandiant表示,朝鲜相关攻击者已开发使用Golang、C++和Rust等多种语言编写的定制工具,具备感染Windows、Linux和macOS操作系统的能力。 追踪编号为UNC1069、UNC4899和UNC5342的三个威胁集群被发现重点攻击加密货币与区块链开发群体,主要渗透从事Web3项目的开发人员以非法获取加密货币钱包权限及其所属机构访问权限。各集群特征如下: UNC1069(活跃至少自2018年4月):通过Telegram发送虚假会议邀请并伪装知名企业投资者身份,针对多行业实施社会工程攻击以窃取数字资产与加密货币 UNC4899(活跃自2022年):以招聘测试为名分发恶意代码实施供应链攻击(与Jade Sleet、PUKCHONG、TraderTraitor等组织存在技术重叠) UNC5342(活跃自2024年1月):使用含恶意代码的编程任务诱骗开发人员运行(与Contagious Interview、DEV#POPPER等组织存在技术重叠) 另一朝鲜攻击者UNC4736通过植入后门的交易软件渗透区块链行业,被指与2023年初3CX供应链攻击存在关联。Mandiant公司还发现独立集群UNC3782实施针对加密货币行业的大规模钓鱼攻击,2023年针对TRON用户实施钓鱼攻击,单日转移价值超1.37亿美元资产,2024年转向攻击Solana用户诱导其访问含加密货币流失器的页面。 朝鲜通过派遣数千名IT人员(主要居住在中国与俄罗斯)渗透欧美亚企业远程岗位,这些人员大多隶属负责核计划的313总局。他们使用盗用身份与完全虚构身份,在面试阶段运用Deepfake技术创建逼真合成身份。 单操作员可使用多个合成身份应聘同一职位,长期潜伏企业虚拟桌面、网络与服务器实施数据窃取与网络攻击。 Palo Alto Networks Unit 42研究员Evan Gordenker指出该策略使朝鲜IT人员可规避安全公告通缉,显著降低检测概率。谷歌威胁情报组(GTIG)报告显示渗透人员还通过勒索雇主、薪资回流平壤等方式支持朝鲜战略目标。 2024年某朝鲜IT人员使用至少12个虚构身份应聘欧美岗位,某美国公司同一岗位出现两名朝鲜渗透人员竞争,其中一人成功入职,另有机构12个月内雇佣四名朝鲜IT渗透人员。     消息来源:thehackernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络;  转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Managed ad