Пробел в архитектуре = минус бизнес. Как не потерять всё?
Вебинар 24 апреля: кейсы применения решений при построении системы безопасности объектов критической информационной инфраструктуры.
Aggregator
Ушла без следа — вернулась без предупреждения: HelloKitty снова атакует инфраструктуру
4 months 3 weeks ago
Вредонос научился новым трюкам, пока все думали, что он мёртв.
内核提权案例分析一
4 months 3 weeks ago
分析内核提权中uaf和rop用法
日产 Leaf 电动汽车被曝存在漏洞,黑客可远程操控车辆
4 months 3 weeks ago
HackerNews 编译,转载请注明出处: 研究人员发现,日产Leaf电动汽车存在一系列漏洞,攻击者可利用这些漏洞远程入侵车辆,进行监视甚至接管车辆的多项功能。这项研究由提供汽车和金融服务行业渗透测试及威胁情报服务的公司PCAutomotive开展,并在2025年4月1日举办的Black Hat Asia 2025上进行了详细展示。 研究人员以2020年生产的第二代日产Leaf为研究对象,发现其信息娱乐系统的蓝牙功能存在漏洞,可被攻击者利用作为入侵车辆内部网络的入口。攻击者随后能够提升权限,并通过车载通信模块建立命令与控制(C&C)通道,从而通过互联网直接、隐蔽且持续地访问电动汽车。 研究人员展示了攻击者如何利用这些漏洞监视车主,例如跟踪车辆位置、截取信息娱乐系统屏幕截图以及录制车内人员对话。此外,攻击者还能远程操控车辆的多项物理功能,包括车门、雨刷、喇叭、后视镜、车窗、车灯,甚至方向盘,即使车辆处于行驶状态也不例外。 这些漏洞共被分配了八个CVE编号,从CVE-2025-32056到CVE-2025-32063。研究人员表示,漏洞披露流程始于2023年8月,日产在2024年1月确认了这些发现,但直到最近才完成CVE分配。 日产的一位发言人表示:“PCAutomotive就其研究与日产取得了联系。出于安全原因,我们拒绝透露具体的对策或细节。为了我们客户的出行安全和安心,我们将继续开发并推出对抗日益复杂网络攻击的技术。” 消息来源:securityweek; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews
CloudWeGo 技术沙龙·深圳站回顾:云原生 × AI 时代的微服务架构与技术实践
4 months 3 weeks ago
作为云原生与 AI 微服务融合领域的深度技术聚会,本次活动吸引了来自企业、开发者社区的百余位参与者,共同探讨如何通过开源技术应对智能时代的架构挑战。
AO3 进入了新时代
4 months 3 weeks ago
由于同人作品被无缘无故删除,同人社群决定创造自己的网站掌握自己的命运。这就是 Archive of Our Own(AO3)成立的背景。早期的 AO3 同人作品主要围绕西方影视剧和书籍,但随着越来越多的用户涌入该平台,AO3 已发展为一个庞然大物,覆盖的领域也越来越广。根据 Semrush 的数据,AO3 有 800 万注册用户和每月 10 亿次访问量,是全球第 38 大最受欢迎网站,也是美国第 18 大最受欢迎的网站。自 2015 年以来,动漫、韩国流行乐和游戏等圈子的粉丝涌入了 AO3,其流行榜单先后被防弹少年团和 Minecraft 粉丝占据。除此之外,AO3 的另一大变化是 F/F 女性同人的兴起。数据显示,自 2010 年以来,AO3 上带有女性同人标签的同人作品比例已从 5% 上升至 9%。
Google рекомендует: вот вам 35 расширений для… тотальной слежки?
4 months 3 weeks ago
Они выглядят вполне прилично, но ведут себя подозрительно странно.
Sharing Is (Not) Caring: How Shared Credentials Open the Door to Breaches
4 months 3 weeks ago
Tomer Peled
安全动态回顾|国家网络安全通报中心:重点防范境外恶意网址和恶意IP Sensata Technologies遭勒索软件攻击
4 months 3 weeks ago
快速浏览!2025.4.7—4.13安全动态周回顾。
AWS推出ML-KEM来保护TLS免受量子威胁
4 months 3 weeks ago
要在使用AWS服务(如KMS、ACM或Secrets Manager)时激活ML-KEM后量子TLS,用户需要更新其客户端sdk并显式启用该功能。
别再被网络攻击 “拿捏”!经纬信安欺骗防御解决方案助你“逆天改命”
4 months 3 weeks ago
经纬信安欺骗防御解决方案
Morocco Investigates Social Security Agency Data Leak
4 months 3 weeks ago
A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.
Kristina Beek, Associate Editor, Dark Reading
CVE-2024-1146 | Devklan Alma Blog up to 2.1.10 Community Description/Community Rules cross site scripting
4 months 3 weeks ago
A vulnerability was found in Devklan Alma Blog up to 2.1.10. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument Community Description/Community Rules leads to cross site scripting.
The identification of this vulnerability is CVE-2024-1146. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-2606 | Mozilla Firefox up to 123 memory corruption
4 months 3 weeks ago
A vulnerability classified as critical was found in Mozilla Firefox up to 123. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2024-2606. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-2633 | Cegid Meta4 HR 819.001.022 dumpenv.jsp lang cross site scripting
4 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Cegid Meta4 HR 819.001.022. This affects an unknown part of the file /sitetest/english/dumpenv.jsp. The manipulation of the argument lang leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-2633. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-2634 | Cegid Meta4 HR 819.001.022 generico_login.jsp lang cross site scripting
4 months 3 weeks ago
A vulnerability has been found in Cegid Meta4 HR 819.001.022 and classified as problematic. This vulnerability affects unknown code of the file /sse_generico/generico_login.jsp. The manipulation of the argument lang leads to cross site scripting.
This vulnerability was named CVE-2024-2634. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-29143 | Cozmoslabs Passwordless Login Plugin up to 1.1.2 on WordPress cross site scripting
4 months 3 weeks ago
A vulnerability was found in Cozmoslabs Passwordless Login Plugin up to 1.1.2 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-29143. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-29142 | WebberZone Better Search Plugin up to 3.3.0 on WordPress Search Result cross site scripting
4 months 3 weeks ago
A vulnerability was found in WebberZone Better Search Plugin up to 3.3.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Search Result Handler. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-29142. The attack may be launched remotely. There is no exploit available.
vuldb.com
TPCTF2025复现(全)
4 months 3 weeks ago
重新回味一下当时做出的,品鉴当时没做出的
CVE-2024-29141 | PDF Embedder Plugin up to 4.6.4 on WordPress cross site scripting
4 months 3 weeks ago
A vulnerability was found in PDF Embedder Plugin up to 4.6.4 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-29141. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com