Aggregator

文章解释了HTTP错误代码521的原因及其解决方法，指出该错误通常由源服务器无法连接导致，并建议检查服务器状态、网络配置和防火墙设置以解决问题。

HackerNews 编译，转载请注明出处： 网络安全研究人员发现一种名为“Plague”的新型Linux后门程序，该恶意软件已逃避检测长达一年之久。Nextron Systems研究员Pierre-Henri Pezier指出：“该植入程序被构建为恶意PAM（可插拔认证模块），使攻击者能静默绕过系统认证，获取持久SSH访问权限”。 可插拔认证模块（Pluggable Authentication Module，PAM）是Linux及UNIX系统中用于管理用户对应用程序和服务认证的共享库集合。由于PAM模块会被加载至特权认证进程中，恶意模块可实现凭证窃取、绕过认证检查，同时规避安全工具检测。 该网络安全公司表示，自2024年7月29日起，其在VirusTotal平台发现多个Plague样本，但所有反恶意引擎均未将其标记为恶意。此外，多个样本的存在表明幕后未知威胁组织正积极开发该恶意软件。 Plague具备四项核心能力： 静态凭证：支持隐蔽访问 抗分析能力：通过反调试与字符串混淆技术抵抗逆向工程 会话痕迹清除：通过取消设置环境变量（如SSH_CONNECTION、SSH_CLIENT）及重定向HISTFILE至/dev/null，阻止Shell命令记录，从而消除审计痕迹 Pezier强调：“Plague深度集成于认证堆栈中，可存活于系统更新过程且几乎不留取证痕迹。结合分层混淆与环境篡改技术，使其极难被传统工具检测。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

基于W01fh4cker大佬的LearnJavaMemshellFromZero从零掌握java内存马的复现重组版本，整篇文章均可复现，目录层级比较多建议https://github.com/d0ctorsec/LearnJavaMemshellFromZero-Recurrence下载阅读。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.12.8. This issue affects some unknown processing of the component amdgpu. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-47142. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.10.41/5.12.8. Affected is the function device_add. The manipulation leads to incomplete cleanup. This vulnerability is traded as CVE-2021-47143. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.123/5.10.41/5.12.8. This vulnerability affects unknown code of the component gve. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2021-47141. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.12.8 and classified as critical. This issue affects the function iommu_change_dev_def_domain. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2021-47140. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.41/5.12.8. It has been declared as problematic. Affected by this vulnerability is the function register_netdev in the library lib/cpu_rmap.c. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2021-47139. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

当前环境出现异常状态，需完成验证操作后才能继续访问。

Kali Linux发布适用于macOS的容器版，借助苹果新容器框架和Docker Hub镜像快速启动。无需虚拟机更简单便捷，但目前网络和硬件直通有限制。仅支持搭载M系列芯片的Mac设备。

文章解释了error code 521的原因及其对网络连接的影响，并提供了诊断和解决该问题的方法。

HackerNews 编译，转载请注明出处： 东南亚电信组织近期遭国家级威胁组织CL-STA-0969定向攻击，该组织通过部署定制化工具实现对目标网络的远程控制。Palo Alto Networks旗下Unit 42实验室披露，2024年2月至11月期间监测到多起针对该地区关键电信基础设施的攻击事件，攻击者利用Cordscan等工具收集移动设备位置数据。 值得注意的是，调查人员在受感染系统和网络中未发现数据外泄证据，也未观察到攻击者尝试追踪或联络移动网络内部设备。研究人员强调：“该威胁组织具备极高的操作安全（OPSEC）规范，综合运用多种防御规避技术躲避检测”。 该组织自2020年起持续针对南亚、非洲电信实体实施情报窃取活动。部分攻击手法还与“LightBasin”（又名UNC1945）及金融犯罪组织“UNC2891”存在关联——后者以劫持ATM基础设施著称。 攻击者通过SSH认证机制的暴力破解获取访问权限，采用针对电信设备内置账户的定制化字典列表实施突破。 恶意工具链 AuthDoor：覆盖合法PAM模块实施凭证窃取，通过硬编码魔术密码维持持久访问 GTPDoor：滥用GPRS隧道协议控制面（GTP-C）在电信漫游网络建立隐蔽C2通道 EchoBackdoor：通过ICMP回显请求数据包被动接收指令，未加密返回执行结果 SGSN模拟器：模拟服务GPRS支持节点，绕过企业防火墙限制 ChronosRAT：模块化ELF后门支持远程Shell、键盘记录及端口转发 NoDepDNS：基于Golang的DNS隧道后门，通过原始套接字解析53端口UDP指令 防御规避 攻击组合利用DNS隧道传输流量、通过被控移动运营商中转通信、清除认证日志、禁用SELinux安全模块及进程名称伪装等技术。同时部署Microsocks代理、FRP反向代理及ProxyChains等公开工具，并利用Linux本地提权漏洞（CVE-2021-4034等）扩大控制范围。 本次披露恰逢中国国家计算机网络应急技术处理协调中心（CNCERT）指控美国情报机构： 利用Microsoft Exchange零日漏洞（2022年7月-2023年7月）窃取中国军工企业国防情报 针对高科技军事院校及科研机构实施数据窃取 2024年7-11月通过电子文件系统漏洞攻击中国通信卫星企业 对此，美国前总统特朗普曾公开承认：“我们同样对他们实施网络行动，这就是世界的运行规则。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in BoastMachine up to 3.1. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument _server["php_self" leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2006-2491. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Sangwan Kim Bookmark4U 2.0. Affected by this issue is some unknown functionality of the file inc/dbase.php of the component htaccess. The manipulation of the argument include_prefix leads to file inclusion. This vulnerability is handled as CVE-2006-2877. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in BosDev BosDates 3.0/3.1/3.2/4.0 and classified as critical. This issue affects some unknown processing of the file payment.php. The manipulation of the argument insPath leads to file inclusion. The identification of this vulnerability is CVE-2006-3957. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in BlueShoes Blueshoes Framework up to 4.6_public. It has been classified as critical. This affects an unknown part in the library lib/googlesearch/googlesearch.php. The manipulation of the argument APP[path][lib] leads to file inclusion. This vulnerability is uniquely identified as CVE-2006-5250. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in CutePHP CuteNews up to 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file index.php?mod=main&opt=personal. The manipulation of the argument avatar_file leads to unrestricted upload. This vulnerability was named CVE-2019-11447. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in GetSimple CMS up to 3.3.15. Affected by this issue is some unknown functionality of the file theme-edit.php. The manipulation leads to credentials management. This vulnerability is handled as CVE-2019-11231. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in AROX School-ERP Pro. It has been declared as critical. This vulnerability affects unknown code of the file import_stud.php of the component Session Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2019-13294. The attack can be initiated remotely. Furthermore, there is an exploit available.