Aggregator

腾讯啄木鸟代码安全团队研发了一款AI大模型自动化漏洞检测工具，在实战中拿到多个github项目的0day

腾讯啄木鸟代码安全团队研发了一款AI大模型自动化漏洞检测工具，在实战中拿到多个github项目的0day

1. 序章之《白帽寓言》我本是一名普通的小白帽，有一天上班路上，遇到了位神秘老者，他拦住我，问道：小伙子，你是做什么的？我大声回答：我是挖洞的！老者摸着胡须，目光炯炯望着我：刚刚我看路边有人弄丢了几把

Also: Bitfinex Hacker Lichtenstein's Social Media Post From Prison
This week's stories include updates on hackers in the DMM Bitcoin and Bitfnex cases, South Korea sanctioning North Korean hackers, Trump naming an exec director for Digital Assets Council, Craig Wright's prison sentence and the Interpol's red notice for Hex founder.

2024 Marked the Government's Increasing Role Mandating Cybersecurity
Australia announced a flurry of cybersecurity legislation and regulations in 2024, spotlighting the government's intent to fortify the nation's cybersecurity in the wake of the Medibank and Optus incidents. The government vowed to transform the country into the world's "most cyber-secure."

Federal 'Rip-and-Replace' Program Gets Funding Boost in Defense Bill
The 2025 National Defense Authorization Act includes $3 billion to fund an FCC program aimed at replacing Chinese-made telecommunications equipment across the country amid heightened threats from Beijing following the discovery of the Salt Typhoon cyberespionage campaign.

The 'Eagle S' Forms Part of Sanctions-Busting Russian Shadow Fleet, Says EU
Finnish police boarded Thursday an oil tanker suspected of rupturing telecommunications and electricity cables running beneath the Baltic Sea in a Christmas Day incident. They escorted the tanker, the Eagle S, into Finnish waters as part of a criminal investigation into damage caused on Wednesday.

A vulnerability was found in Lotus Domino 5.0.8/5.0.9/5.0.9a. It has been classified as problematic. This affects an unknown part of the component Banner Grabbing Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2002-2191. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Tom K Forum Userbar Plugin 2.2. Affected by this vulnerability is an unknown functionality of the file userbarsettings.php. The manipulation of the argument image2 leads to sql injection. This vulnerability is known as CVE-2011-4569. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 4.13.10. This affects an unknown part of the file net/xfrm/xfrm_user.c of the component XFRM Dump Policy. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2017-16939. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

error code: 521

HackerNews 编译，转载请注明出处： 近日，欧洲航天局（ESA）官方网店成为黑客的攻击目标。攻击者在结账环节植入了恶意JavaScript代码，制造了一个假冒的Stripe支付页面。 欧洲航天局致力于拓展太空探索边界，通过培训宇航员和研发火箭、卫星等设备，深入探索宇宙奥秘，其预算超过100亿欧元。 目前，ESA网店已暂停服务，页面显示“暂时脱离轨道”。该恶意脚本已收集顾客信息，包括支付卡数据等敏感内容。 电子商务安全专家Sansec昨日发现此恶意脚本，并发出警告，称网店系统与ESA内部系统可能存在集成，这或将威胁到ESA员工的安全。 Sansec发现，窃取信息的域名与官方销售ESA商品的网店域名相同，但使用了不同的顶级域（TLD）。 虽然欧洲航天局的官方商店使用“.com”后缀的“esaspaceshop”域名，但黑客使用的是相同的名称，且顶级域名为“.pics”（即esaspaceshop[.]pics），这一点在ESA商店的源代码中可以看到： 恶意JavaScript代码注入到ESA网店 该脚本包含了来自Stripe SDK的混淆HTML代码，当客户尝试完成购买时，加载了一个虚假的Stripe支付页面。 值得注意的是，虚假的Stripe页面并不显得可疑，尤其是在它从ESA官方网店加载时。 虚假的Stripe支付页面显示在ESA网店中 网络应用安全公司Source Defense Research确认了Sansec的发现，并监测到ESA官方网店曾加载了虚假的Stripe支付页面。 BleepingComputer昨日就此事向ESA求证。在收到回复前，我们发现网店虽已撤下虚假支付页面，但恶意脚本仍潜藏在网站源代码中。 ESA后续回应称，该网店并未托管在其基础设施上，且机构不管理商店数据，因不拥有这些数据。这一信息通过whois查询得到验证，查询显示了ESA域名（esa.int）及其网店的完整信息，但出于隐私保护，联系数据已被隐藏。 消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Remote Clinic 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file patients/register-report.php. The manipulation of the argument Fever/Blood Pressure leads to cross site scripting. This vulnerability was named CVE-2021-30039. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as very critical, was found in Microsoft Windows up to Server 2022. Affected is an unknown function of the component HTTP Protocol Stack. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2022-21907. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in HexChat 2.10.2. It has been classified as critical. This affects the function inbound_cap_ls of the file common/inbound.c of the component CAP LS Message Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-2233. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Printix Secure Cloud Print Management 1.3.1035.0. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2022-25089. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

error code: 521

HackerNews 编译，转载请注明出处： 自10月起，一个基于Mirai的新型僵尸网络开始活跃利用DigiEver DS-2105 Pro NVR设备中的一个未打补丁的远程代码执行漏洞。该漏洞尚未获得正式的跟踪编号。 该僵尸网络的攻击目标不仅限于DigiEver设备，还包括多个网络视频录制机（NVR）和固件版本过时的TP-Link路由器。 TXOne研究员Ta-Lun Yen去年在罗马尼亚布加勒斯特的DefCamp安全会议上曾展示过一个影响多个DVR设备的类似漏洞。Akamai的研究员发现，尽管该僵尸网络自11月中旬才开始大规模利用这一漏洞，但相关活动迹象至少可以追溯到9月。 此外，这个新型的Mirai恶意软件变种还针对TP-Link设备上的CVE-2023-1389漏洞和Teltonika RUT9XX路由器上的CVE-2018-17532漏洞发起了攻击。 攻击DigiEver NVR 被利用来攻破DigiEver NVR的漏洞是一个远程代码执行（RCE）漏洞，攻击者通过利用’/cgi-bin/cgi_main.cgi’ URI中的不正确用户输入验证来发动攻击。 这使得远程未认证的攻击者能够通过特定参数（如HTTP POST请求中的ntp字段）注入命令，如’curl’和’chmod’。 Akamai表示，该Mirai僵尸网络的攻击与Ta-Lun Yen演示中描述的攻击非常相似。 通过命令注入，攻击者从外部服务器获取恶意软件二进制文件，并将设备纳入其僵尸网络。通过添加定时任务（cron jobs），攻击者实现了持久化。 一旦设备被攻陷，它将被用于发起分布式拒绝服务（DDoS）攻击，或通过利用漏洞集和凭证列表传播到其他设备。 Akamai指出，这个新的Mirai变种在技术上具有显著特点，它运用了XOR和ChaCha20加密技术，并且能够针对x86、ARM和MIPS等多种系统架构发起攻击。 Akamai评论道：“尽管采用复杂的解密手段并非首次出现，但这无疑表明Mirai僵尸网络的运营者正在持续更新其战术、技术和程序。” 研究人员进一步强调：“这一现象尤为值得关注，因为许多基于Mirai的僵尸网络至今仍依赖从原始Mirai恶意软件源代码中沿用的字符串混淆逻辑。” 此外，该僵尸网络还利用了另外两个已知漏洞：CVE-2018-17532（影响Teltonika RUT9XX路由器）和CVE-2023-1389（影响TP-Link设备）。 Akamai报告的末尾提供了与该活动相关的攻击指示符（IoC）以及用于检测和防御该威胁的Yara规则，以帮助企业和安全团队有效应对这一新型Mirai变种带来的挑战。   消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文