Aggregator

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. This affects an unknown part of the file /foms/routers/cancel-order.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-8557. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

苹果在周一的新闻发布会上宣布了 iOS 18、macOS 15、iPadOS 18、iPhone 16 和 iPhone 16 Plus 等新产品和新操作系统。iOS 加入了对 RCS 标准的支持，iPhone 和 Android 之间的短信互动将实现兼容。iPhone 16 系列使用了新的 A18 芯片，9 月 13 日（周五）起接受预购，9 月 20 日（周五）起正式发售。A18 使用 3 纳米工艺制造，包含了 6 核 CPU、5 核 GPU 以及 16 核 NPU。苹果称其 NPU 对大型生成式模型进行优化，运行机器学习模型的速度，相比 A16 提升最高可达 2 倍。iPhone 16 配备 6.1 英寸 OLED 全面屏，起售价 5999 元；iPhone 16 Plus 配备 6.7 英寸 OLED 全面屏，起售价 6999 元。

极度危险、臭名昭著的以色列 Predator （捕食者） 商业间谍软件套件带着最新的升级版回归了。 网络安全公司 Recorded Future 的威胁研究部门 Insikt Group上周报告称，新的Predator基础设施出现在刚果民主共和国和安哥拉等国家，这表明美国对Predator 背后的间谍软件公司Intellexa实施的制裁并未完全成功。 Insikt Group 在其关于 Predator 的报告中写道：“在 Intellexa 受到制裁和曝光后，Predator 的活动明显减少。然而，根据我们最近的分析，Predator 还远未消失。” 2023年3月，美国政府发布行政命令，禁止美国政府使用对国家安全构成风险的商业间谍软件。 2023年7月，美国商务部工业和安全局 (BIS) 将监控技术供应商 Intellexa 和 Cytrox 列入实体清单，原因是其贩卖用于获取信息系统访问权限的网络漏洞。 2024年3月，美国财政部宣布对与 Intellexa Consortium有关的两名个人和五个实体进行制裁 ，原因是他们在开发和分发用于针对美国人的商业 Predator 间谍软件方面发挥了作用 。 该监视软件还用于监视美国政府官员、记者和政策专家。 美国财政部警告称，商业间谍软件的扩散对美国构成了越来越大的风险。外国攻击者滥用监视软件对世界各地的异见人士和记者发动攻击。 Predator是由以色列间谍软件联盟Intellexa开发的复杂间谍软件，与NSO 集团的Pegasus和其他商业间谍软件一样，允许政府人员入侵设备并监视用户。允许操作员渗透到设备中，获取消息和联系人等敏感数据，甚至在用户不知情的情况下激活摄像头和麦克风。 基础设施和逃避策略的变化 Predator的运营商已显著增强其基础设施，增加了复杂性以逃避检测。新的基础设施在其多层交付系统中增加了一个附加层，可匿名处理客户操作，从而更难确定哪些国家正在使用该间谍软件。这一变化使研究人员和网络安全防御者更难追踪 Predator 的传播。 尽管发生了这些变化，但运作模式基本保持不变。间谍软件可能继续使用“一键”和“零点击”攻击媒介，利用浏览器漏洞和网络访问将自身安装在目标设备上。尽管没有关于完全远程零点击攻击（如与 Pegasus 相关的攻击）的报告，但 Predator 仍然是针对知名人士的危险工具。 备受瞩目的目标仍面临风险 Predator捕食者间谍软件重返战场最令人担忧的一点是，它很可能会继续以知名人士为目标。政客、高管、记者和活动人士面临的风险最高，因为他们掌握着政府或其他恶意行为者的情报价值。捕食者昂贵的授权费用进一步表明，运营商将其用于战略性、高价值目标。 这种雇佣间谍软件的广泛使用，尤其是针对政治反对派，已经引起欧盟等地区的担忧。希腊和波兰的调查已经揭露了间谍软件如何被用来对付反对派人士和记者，这引发了人们对此类监视的合法性和道德性的严重质疑。 防御最佳实践 鉴于 Predator 的再次出现及其基础设施的复杂性，个人和组织必须保持警惕。Insikt Group 概述了几种有助于减轻 Predator 间谍软件渗透风险的防御措施： 定期软件更新——让设备保持最新的安全补丁对于减少 Predator 等间谍软件利用的漏洞至关重要。 设备重启——定期重启设备可以破坏间谍软件的运行，但可能无法完全消除高级间谍软件。 锁定模式——在设备上激活锁定模式可以帮助阻止未经授权的访问和利用尝试。 移动设备管理 (MDM) –实施 MDM 系统允许组织管理和保护员工设备，确保他们遵守安全协议。 安全意识培训——对员工进行有关鱼叉式网络钓鱼和其他社会工程策略的教育可以降低成为间谍软件攻击受害者的可能性。 这些措施对于担任敏感职务的个人尤其重要，例如在政府、民间社会或企业领导职位任职的个人。   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/eb8qJi7R32axHubefyOPmA 封面来源于网络，如有侵权请联系删除。

Groundbreaking technology integrates Post-Quantum Cryptography and SSL security for the next generation of Face-based eID solutions and Face-protected Digital Public Key Infrastructure (DPKI) Seventh Sense, a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt, a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based […]

The post Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key Infrastructure and eID Solution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in Totolink EX1200L 9.3.5u.6146_B20201023. Affected is the function UploadFirmwareFile of the file cstecgi.cgi. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2023-51034. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical was found in Nokia NFM-T R19.9. This vulnerability affects unknown code of the file /cgi-bin/R19.9/easy1350.pl of the component VM Manager WebUI. The manipulation of the argument id/host leads to sql injection. This vulnerability was named CVE-2022-39822. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in One Identity Password Manager up to 5.13.0 and classified as critical. Affected by this issue is some unknown functionality of the component Kiosk Mode. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2023-51772. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in RWS WorldServer up to 11.7.2. This affects an unknown part of the file /clientLogin. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2022-34268. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MuPDF 1.23.4 and classified as problematic. This issue affects the function compute_color of the file jquant2.c. The manipulation leads to divide by zero. The identification of this vulnerability is CVE-2023-51107. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Tenda M3 1.0.0.12(4856) and classified as critical. Affected by this issue is the function upgrade. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2023-51092. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Indi Browser 12.11.23. Affected is an unknown function of the component com.example.gurry.kvbrowswer.webview. The manipulation leads to code injection. This vulnerability is traded as CVE-2023-49001. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mingsoft MCMS 5.2.9. Affected is an unknown function of the file /content/list.do. The manipulation of the argument categoryType leads to sql injection. This vulnerability is traded as CVE-2023-50578. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in ehttp up to 1.0.5. It has been rated as problematic. This issue affects the function read_func of the file epoll_socket.cpp. The manipulation leads to use after free. The identification of this vulnerability is CVE-2023-52266. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Acer/Aopen/Dell/Formelife/Gigabyte/Fujitsu/HP/Lenovo/Supermicro/Intel Product. Affected is an unknown function of the component Platform Key Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2024-8105. Access to the local network is required for this attack to succeed. There is no exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to apply a patch to fix this issue.

Octoscan Octoscan is a static vulnerability scanner for GitHub action workflows. Usage download remote workflows Octoscan can be run against a local git repository or you can download all the workflows with the dl action: analyze...

The post octoscan: A static vulnerability scanner for GitHub action workflows appeared first on Penetration Testing Tools.

Car rental giant Avis said a cyberattack in August exposed the sensitive information of almost 300,

以色列研究人员设计了一种新的攻击技术，该技术依靠来自内存总线的无线电信号从隔离系统中窃取数据。 据以色列内盖夫本·古里安大学的 Mordechai Guri 介绍，恶意软件可用于对敏感数据进行编码，而这些数据可使用软件定义无线电 (SDR) 硬件和现成的天线从远处捕获。 该攻击名为RAMBO，允许攻击者以每秒 1,000 比特的速度窃取编码文件、加密密钥、图像、按键和生物特征信息。测试在最远 7 米（23 英尺）的距离内进行。 隔离系统在物理和逻辑上与外部网络隔离，以保证敏感信息的安全。虽然这些系统提供了更高的安全性，但它们并不能防范恶意软件，有数十个已记录的恶意软件家族针对它们，包括Stuxnet、Fanny和PlugX。 在新的研究中，发表了多篇有关隔离网络攻击尝试技术论文的 Mordechai Guri 解释说，隔离系统上的恶意软件可以操纵 RAM 来生成时钟频率修改后的编码无线电信号，然后从远处接收这些信号。 攻击者可以使用适当的硬件接收电磁信号，解码数据并检索被盗信息。 RAMBO 攻击首先在隔离系统上部署恶意软件，可以通过受感染的 USB 驱动器、使用有权访问系统的恶意内部人员或通过破坏供应链将恶意软件注入硬件或软件组件。 攻击的第二阶段涉及数据收集、通过隔离网络隐蔽通道（在本例中是来自 RAM 的电磁发射）进行信息泄露以及远距离检索。 Guri 解释说，数据通过 RAM 传输时会发生快速的电压和电流变化，从而产生电磁场，这些电磁场可以以取决于时钟速度、数据宽度和整体架构的频率辐射电磁能。 研究人员解释说，发射器可以通过以与二进制数据相对应的方式调制内存访问模式来创建电磁隐蔽通道。 通过精确控制与内存相关的指令，该学者能够使用该隐蔽通道传输编码数据，然后使用 SDR 硬件和基本天线在远处检索它。 Guri 指出：“通过这种方法，攻击者可以以每秒数百比特的速率将数据从隔离网络的计算机泄露到附近的接收器。” 研究人员详细介绍了可以实施的几种防御和保护对策，以防止 RAMBO 攻击。   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/qMsQJFXPH1IN6K78cqoGdg 封面来源于网络，如有侵权请联系删除。

複数のアルプスシステムインテグレーション製品およびそのOEM製品には、クロスサイトリクエストフォージェリの脆弱性が存在します。

AHWT – another hardening tool for Windows operating systems The program is a script generator with a collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjustments. All parameters are...

The post AHWT: Hardening tool for Windows operating systems appeared first on Penetration Testing Tools.

一图概览