Aggregator
Mirai 僵尸网络利用 OFBiz 服务器中存在的路径遍历漏洞进行传播
4 months 3 weeks ago
安全客
新型 Windows 后门 BITSLOTH 利用 BITS 进行隐蔽通信
4 months 3 weeks ago
安全客
网络犯罪分子滥用Cloudflare隧道以逃避检测并传播恶意软件
4 months 3 weeks ago
安全客
财富50强公司支付创纪录的7500万美元勒索软件要求
4 months 3 weeks ago
安全客
迪士尼、耐克、IBM 签名每天锚定 300万封假电子邮件
4 months 3 weeks ago
安全客
利用 NIST 网络安全框架实现身份连续性
4 months 3 weeks ago
安全客
黑客试图出售 4 月份数据泄露的 30 亿人的个人数据
4 months 3 weeks ago
安全客
ISC.AI创新沙盒大赛:数字安全、AI应用、高校新星创新赛道百花齐放
4 months 3 weeks ago
安全客
新的 Windows 后门 BITSLOTH 利用 BITS 进行隐秘通信
4 months 3 weeks ago
网络安全研究人员发现了一个以前未记录的 Windows 后门,它利用名为后台智能传输服务 ( BITS )的内置功能作为命令和控制 (C2) 机制。 Elastic Security Labs 于 2024 年 6 月 25 日发现了这一新发现的恶意软件,该恶意软件与针对南美某政府外交部的网络攻击有关。该活动集群被标记为 REF8747 。 安全研究人员 Seth Goodwin 和 Daniel Stepanic表示:“本文发布时,后门的最新版本具有 35 种处理程序功能,包括键盘记录和屏幕捕获功能。此外,BITSLOTH 还包含许多用于发现、枚举和命令行执行的不同功能。” 据评估,该工具自 2021 年 12 月开始开发,被攻击者用于数据收集目的,目前尚不清楚幕后黑手是谁。 攻击者使用了名为RingQ的开源工具。RingQ 用于加密恶意软件并防止被安全软件检测,然后解密并直接在内存中执行。 2024 年 6 月,安实验室安全情报中心 (ASEC)透露,存在漏洞的 Web 服务器被利用来投放 Web Shell,然后利用这些 Web Shell 通过 RingQ 投递其他有效载荷,包括加密货币挖矿机。 此次攻击还因使用 STOWAWAY 通过 HTTP 代理加密的 C2 流量和名为 iox 的端口转发实用程序而引人注目,后者此前曾被名为Bronze Starlight(又名 Emperor Dragonfly)的网络间谍组织在 Cheerscrypt 勒索软件攻击中利用。 BITSLOTH 采用 DLL 文件(“flengine.dll”)的形式,通过使用与 Image-Line 关联的合法可执行文件(称为FL Studio(“fl.exe”),使用 DLL 侧加载技术进行加载。 研究人员表示:“在最新版本中,开发人员添加了一个新的调度组件,以控制 BITSLOTH 在受害者环境中运行的具体时间。这是我们在其他现代恶意软件家族(如EAGERBEE )中观察到的功能。” BITSLOTH 是一个功能齐全的后门,能够运行和执行命令、上传和下载文件、执行枚举和发现以及通过键盘记录和屏幕捕获收集敏感数据。 它还可以将通信模式设置为 HTTP 或 HTTPS、删除或重新配置持久性、终止任意进程、从机器上注销用户、重新启动或关闭系统,甚至从主机上更新或删除自身。该恶意软件的一个定义方面是它使用 BITS 作为 C2。 研究人员补充道:“这种媒介对对手来说很有吸引力,因为许多组织仍在努力监控 BITS 网络流量和检测异常的 BITS 作业。” 转自军哥网络安全读报,原文链接:https://mp.weixin.qq.com/s/3LDb_jS9vDUZpy-EIu4NnQ 封面来源于网络,如有侵权请联系删除
内容转载
Using the RTL-SDR Blog V3 as a DVB-T Receiver in OpenPli Enigma2
4 months 3 weeks ago
August 5, 2024The RTL-SDR hardware began its life as a DVB-T TV receiver USB stick, but these
以色列黑客组织 WeRedEvils 宣称其摧毁了伊朗互联网
4 months 3 weeks ago
以色列黑客宣布对伊朗持续的互联网中断负责。 该组织以 WeRedEvils 为名开展活动,至少自 2023 年 10 月以来就已存在,这可能是哈马斯袭击以色列的直接后果,从而引发了当前的加沙战争。 “接下来几分钟,我们将攻击伊朗的系统和互联网提供商。”WeRedEvils 昨天在 Telegram 上表示。“猛烈的打击即将到来。” 根据该组织自己的说法,这次攻击是成功的,他们声称已经成功侵入伊朗的计算机系统,窃取数据并导致互联网中断。该组织声称他们已将窃取的信息转交给以色列政府。 作为证据,WeRedEvils 指出,信息和通信技术部网站 ict.gov.ir 目前已瘫痪,伊朗各部委的大多数其他网站也同样瘫痪,并出现“响应时间过长”的错误。一些网站还出现 403 错误。 《The Register》仅找到两个可在美国访问的政府部门页面,一个是该国文化部,另一个是外交部。 目前还不清楚 WeRedEvils 究竟造成了多大的损失,或者它是否应对当前的中断负全部责任。 WeRedEvils 声称,去年 10 月,它曾袭击伊朗电网,导致电网瘫痪两小时。 转自军哥网络安全读报,原文链接:https://mp.weixin.qq.com/s/qzJ9kecAyX8K93tdE7R9lg 封面来源于网络,如有侵权请联系删除
内容转载
CVE-2024-2232 | Macaron Himer Plugin up to 2.1.2 on WordPress Private Group cross-site request forgery
4 months 3 weeks ago
A vulnerability was found in Macaron Himer Plugin up to 2.1.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Private Group Handler. The manipulation leads to cross-site request forgery.
This vulnerability is handled as CVE-2024-2232. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-5081 | WP-FeedStats wp-eMember Plugin up to 10.6.x on WordPress cross site scripting
4 months 3 weeks ago
A vulnerability has been found in WP-FeedStats wp-eMember Plugin up to 10.6.x on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-5081. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-6710 | Ditty Plugin up to 3.1.44 on WordPress cross site scripting
4 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Ditty Plugin up to 3.1.44 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2024-6710. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-6498 | Collect.chat Chatbot Plugin up to 2.4.3 on WordPress Setting cross site scripting
4 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Collect.chat Chatbot Plugin up to 2.4.3 on WordPress. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-6498. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
ACL 2024邀请函丨字节跳动多篇论文中选Oral,邀你共话技术前沿趋势!
4 months 3 weeks ago
报名截止时间:8月9日(周五)24:00 GMT+7
CVE-2024-6270 | Community Events Plugin up to 1.5.0 on WordPress Setting cross site scripting
4 months 3 weeks ago
A vulnerability classified as problematic was found in Community Events Plugin up to 1.5.0 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-6270. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
China-linked APT41 breached Taiwanese research institute
4 months 3 weeks ago
China-linked APT41 breached Taiwanese research institute China-linked group APT41 breached a T
China-linked APT41 breached Taiwanese research institute
4 months 3 weeks ago
China-linked group APT41 breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported that the China-linked group compromised a Taiwanese government-affiliated research institute. The experts attributed the attack with medium confidence to the APT41 group. The campaign started as early as July 2023 and threat actors delivered the ShadowPad malware, Cobalt […]
Pierluigi Paganini