Aggregator

Kali Linux发布适用于macOS的容器版，借助苹果新容器框架和Docker Hub镜像快速启动。无需虚拟机更简单便捷，但目前网络和硬件直通有限制。仅支持搭载M系列芯片的Mac设备。

文章解释了error code 521的原因及其对网络连接的影响，并提供了诊断和解决该问题的方法。

HackerNews 编译，转载请注明出处： 东南亚电信组织近期遭国家级威胁组织CL-STA-0969定向攻击，该组织通过部署定制化工具实现对目标网络的远程控制。Palo Alto Networks旗下Unit 42实验室披露，2024年2月至11月期间监测到多起针对该地区关键电信基础设施的攻击事件，攻击者利用Cordscan等工具收集移动设备位置数据。 值得注意的是，调查人员在受感染系统和网络中未发现数据外泄证据，也未观察到攻击者尝试追踪或联络移动网络内部设备。研究人员强调：“该威胁组织具备极高的操作安全（OPSEC）规范，综合运用多种防御规避技术躲避检测”。 该组织自2020年起持续针对南亚、非洲电信实体实施情报窃取活动。部分攻击手法还与“LightBasin”（又名UNC1945）及金融犯罪组织“UNC2891”存在关联——后者以劫持ATM基础设施著称。 攻击者通过SSH认证机制的暴力破解获取访问权限，采用针对电信设备内置账户的定制化字典列表实施突破。 恶意工具链 AuthDoor：覆盖合法PAM模块实施凭证窃取，通过硬编码魔术密码维持持久访问 GTPDoor：滥用GPRS隧道协议控制面（GTP-C）在电信漫游网络建立隐蔽C2通道 EchoBackdoor：通过ICMP回显请求数据包被动接收指令，未加密返回执行结果 SGSN模拟器：模拟服务GPRS支持节点，绕过企业防火墙限制 ChronosRAT：模块化ELF后门支持远程Shell、键盘记录及端口转发 NoDepDNS：基于Golang的DNS隧道后门，通过原始套接字解析53端口UDP指令 防御规避 攻击组合利用DNS隧道传输流量、通过被控移动运营商中转通信、清除认证日志、禁用SELinux安全模块及进程名称伪装等技术。同时部署Microsocks代理、FRP反向代理及ProxyChains等公开工具，并利用Linux本地提权漏洞（CVE-2021-4034等）扩大控制范围。 本次披露恰逢中国国家计算机网络应急技术处理协调中心（CNCERT）指控美国情报机构： 利用Microsoft Exchange零日漏洞（2022年7月-2023年7月）窃取中国军工企业国防情报 针对高科技军事院校及科研机构实施数据窃取 2024年7-11月通过电子文件系统漏洞攻击中国通信卫星企业 对此，美国前总统特朗普曾公开承认：“我们同样对他们实施网络行动，这就是世界的运行规则。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in BoastMachine up to 3.1. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument _server["php_self" leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2006-2491. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Sangwan Kim Bookmark4U 2.0. Affected by this issue is some unknown functionality of the file inc/dbase.php of the component htaccess. The manipulation of the argument include_prefix leads to file inclusion. This vulnerability is handled as CVE-2006-2877. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in BosDev BosDates 3.0/3.1/3.2/4.0 and classified as critical. This issue affects some unknown processing of the file payment.php. The manipulation of the argument insPath leads to file inclusion. The identification of this vulnerability is CVE-2006-3957. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in BlueShoes Blueshoes Framework up to 4.6_public. It has been classified as critical. This affects an unknown part in the library lib/googlesearch/googlesearch.php. The manipulation of the argument APP[path][lib] leads to file inclusion. This vulnerability is uniquely identified as CVE-2006-5250. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in CutePHP CuteNews up to 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file index.php?mod=main&opt=personal. The manipulation of the argument avatar_file leads to unrestricted upload. This vulnerability was named CVE-2019-11447. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in GetSimple CMS up to 3.3.15. Affected by this issue is some unknown functionality of the file theme-edit.php. The manipulation leads to credentials management. This vulnerability is handled as CVE-2019-11231. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in AROX School-ERP Pro. It has been declared as critical. This vulnerability affects unknown code of the file import_stud.php of the component Session Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2019-13294. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in OpenBSD up to 6.6. This issue affects the function _dl_setup_env of the file ld.so of the component setuid Program Handler. The manipulation of the argument LD_LIBRARY_PATH leads to improper privilege management. The identification of this vulnerability is CVE-2019-19726. The attack needs to be approached locally. Furthermore, there is an exploit available.

在红队渗透过程中，数据外发和回传是常见的任务之一，尤其在对目标文件系统进行信息收集、凭据导出、WebShell落地或敏感文件抓取之后，为了避免引起告警或减小传输体积，往往需要对收集到的数据进行压缩处理。

这篇文章解释了错误代码521的原因和解决方法。

HackerNews 编译，转载请注明出处： 英国人工智能安全研究所（AI Security Institute）联合国际合作伙伴启动1500万英镑专项研究计划，聚焦人工智能对齐（AI alignment）领域。该项目旨在确保先进AI系统始终按预期目标运作，防止其行为偏离开发者设定的目标、政策与要求。 核心合作方 加拿大人工智能安全研究所、加拿大高等研究院（CIFAR）、施密特科学基金会、亚马逊云服务（AWS）、Anthropic、Halcyon Futures、安全人工智能基金、英国研究与创新署（UKRI）及高级研究与发明署（ARIA）共同参与。 研究紧迫性 英国科技大臣彼得·凯尔（Peter Kyle）指出：“先进AI系统已在部分领域超越人类能力，使该项目变得空前紧迫。人工智能对齐致力于确保系统始终符合人类最佳利益——这正是研究所自成立以来的核心使命：守护国家安全，防范技术演进中AI可能引发的重大风险”。他同时强调：“负责任地发展AI需全球协同努力，此基金将推动AI更可靠、更可信，助力经济增长、优化公共服务并创造高技能岗位”。 AI错位风险分类 故意错位：攻击者操控AI系统实施定向攻击 无意错位：因防护机制缺失导致系统行为失控 具体威胁形态包括： 模型投毒：攻击者篡改训练数据，诱发输出偏见或植入后门 提示注入：恶意指令突破系统防护，实现越狱操控 数据泄露：设计缺陷致AI误披露敏感信息 资源消耗失控：无约束的自我复制行为耗尽系统资源 研究目标 项目将开发创新技术，确保AI系统在能力提升过程中保持目标一致性，增强透明度及人类监管有效性。此举回应了AI自主性日益增强背景下，全球对系统可控性的迫切需求。       消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章介绍了最近公开的windows域大杀器CVE-2025-33073漏洞，并且从攻击和防御两个角度去探索该漏洞，以及探索了一些新的姿势。

微软升级Microsoft 365智能服务后端基础设施，要求用户更新Office至16.0.18827.20202及以上版本以继续使用大声朗读、音频转录和听写等功能。企业需管理员手动升级，个人用户默认自动更新。旧版本将于2026年1月停止支持。

LLM作为一种里程碑式的AI技术出现，使得AI安全开始进入了安全圈“平民层”的视野，以往这种高门槛的AI安全领域的研究内容多是集中在学术圈，实验室等，在网络安全中的实践也多是赋能安全，利用机器学习技术提高防御检测能力，而非是AI本身的安全风险与攻防。

A vulnerability has been found in Linux Kernel up to 5.10.41/5.12.8 and classified as problematic. This vulnerability affects the function skb_ext_add of the file net/openvswitch/flow.c. The manipulation leads to uninitialized pointer. This vulnerability was named CVE-2021-47136. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.4.123/5.10.41/5.12.8. This affects an unknown part of the component cxgb4. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2021-47138. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.123/5.10.41/5.12.8. It has been rated as critical. Affected by this issue is some unknown functionality of the component lantiq. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2021-47137. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.