Aggregator
TryHackMe - SeeTwo
10 months ago
The Story of Finding and Mitigating CVE-2021–42063 Vulnerability in Lenovo’s SAP Knowledge…
10 months ago
T(ROP)H: Thread Hijacking with ROP
10 months ago
Oski Lab: Cyber Defenders Write-up
10 months ago
Python Basics Tryhackme
10 months ago
PRE-ACCOUNT TAKEOVER through Oauth misconfiguration on a mailing website
10 months ago
网络攻击扰乱美国超市药房运营,超 2000 家门店受影响
10 months ago
国际零售巨头皇家阿霍德德尔海兹集团(Ahold Delhaize)日前确认,旗下Food Lion、Stop & Shop等多个美国超市品牌的系统中断,是因为持续的“网络安全问题”所引发。公司表示,他们已关闭了一些系统,这对部分药房及电商业务造成了影响。 这家总部位于荷兰的跨国企业,在欧洲以阿尔伯特·海恩(Albert Heijn)和德尔海兹(Delhaize)等品牌闻名,在美国市场则拥有Stop & Shop、Hannaford、Giant和Food Lion等品牌,公司官网显示这些品牌在美国市场拥有超过2000家门店。 图:该公司官网显示美国市场的品牌数据 该公司在上周五(8日)发布的声明中指出:“在问题首次被发现时,我们的安全团队立即在外部网络安全专家的协助下展开了调查。同时,我们也已通知执法部门。” “皇家阿霍德德尔海兹集团美国分公司旗下的所有品牌店铺仍正常营业,继续为客户提供服务。我们将持续采取措施,以进一步保护我们的系统。客户、员工和合作伙伴的安全始终是我们的首要任务。” “我们对于此次事件可能给客户和合作伙伴带来的不便深感抱歉。” 员工顾客在社交媒体上反馈吐槽 据悉,美国零售店面临的问题已经持续了一周。由于网络安全调查通常需要较长时间,案件的具体细节仍在收集中。但是,受影响店铺的员工们已在社交媒体上分享了他们的经历。 Stop & Shop的部分顾客最近反映,他们所在的超市药房因IT问题暂时无法补充药品。为应对这一问题,药品被转移至附近的沃尔格林药房,但由于商店的电话线路也出现了问题,处理过程受到了影响。 不过,地方新闻报道称,药房的IT问题目前已经得到解决,现在可以正常补充处方药。 一位自称负责向商店运送物资的人员表示,发票上的价格与实际成本不符。 不同商店受到影响的程度有所差异。截至11月9日,部分商店的服务已经恢复正常,而另一些商店仍然没有互联网连接,只能依靠员工的个人热点来维持运营。 Food Lion的Reddit社区尤其活跃,用户们讨论了员工在店铺内遇到的类似问题。 关于交货延迟或缺失的报告频繁出现,且部分到货物资供应不足。截至11月10日,也出现了与Stop & Shop类似的发票与实际价格不匹配现象。同时,电话线路依然无法使用。 有些用户反映,Food Lion To Go和Instacart的订单无法处理,后者的恢复时间也一再推迟。此外,部分支付服务也受到了限制。 据称,在某些地点,一线员工被经理告知不要与同事讨论此问题,目的是防止信息在社交媒体上扩散。然而,也有员工表示,他们的店铺并没有受到这样的限制。 一名员工还表达了对财务数据可能被影响的担忧。该员工声称,在事件发生几天后,他的借记卡被用于多次欺诈性消费,但目前尚不清楚这两件事是否有关联。 官方缺乏进一步的信息更新 外媒The Register就此问题询问了皇家阿霍德德尔海兹集团,是否有任何数据在此次攻击中遭到泄露,但并未收到回复。 本文发布时,Hannaford的网站仍处于宕机状态,显示消息:“抱歉!我们的服务器出现了技术问题。我们正在尽快恢复服务。” The Register尝试从英国访问其他美国品牌的网站(Giant、Food Lion和Stop & Shop),但即便使用VPN,也无法绕过其网络保护层,访问被阻止。 在美国,这四大零售品牌共拥有约2000家店铺,均可能受到此次网络安全事件的影响。 其中,Food Lion拥有超过1000家门店,员工人数超过8.2万人,每周服务超过1000万名顾客。如果问题持续影响这些店铺,潜在影响规模将非常巨大。 转自安全内参,原文链接:https://www.secrss.com/articles/72373 封面来源于网络,如有侵权请联系删除
内容转载
Stored XSS Filter Bypass in the Skills section
10 months ago
How a Unique Combination Opened the Door to an IDOR
10 months ago
Comprehensive Bug Bounty Hunting Methodology (2024 Edition)
10 months ago
How i earned easy$$$ by deleting user comments on any post
10 months ago
如何使用Locksmith查找和修复AD证书服务中的错误安全配置
10 months ago
该工具可以快速查找查找和修复活动目录 Active Directory 证书服务中的常见错误配置。
CVE-2001-1422 | AT&T WinVNC 3.3.3 Authentication missing encryption (VU#303080 / XFDB-5992)
10 months ago
A vulnerability was found in AT&T WinVNC 3.3.3. It has been classified as critical. This affects an unknown part of the component Authentication. The manipulation leads to missing encryption of sensitive data.
This vulnerability is uniquely identified as CVE-2001-1422. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2001-1424 | Alcatel Speed Touch Home KHDSAA.108/KHDSAA.132/KHDSBA.133/KHDSAA.134 improper authentication (VU#212088 / Nessus ID 10760)
10 months ago
A vulnerability has been found in Alcatel Speed Touch Home KHDSAA.108/KHDSAA.132/KHDSBA.133/KHDSAA.134 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication.
This vulnerability was named CVE-2001-1424. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2001-1425 | Alcatel Speed Touch Home KHDSAA.108/KHDSAA.132/KHDSBA.133/KHDSAA.134 privileges management (VU#243592 / Nessus ID 10760)
10 months ago
A vulnerability was found in Alcatel Speed Touch Home KHDSAA.108/KHDSAA.132/KHDSBA.133/KHDSAA.134 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper privilege management.
The identification of this vulnerability is CVE-2001-1425. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2001-1423 | Advanced Poll up to 1.60 Flat File Database logged_in privileges management (VU#140723 / XFDB-7861)
10 months ago
A vulnerability was found in Advanced Poll up to 1.60 and classified as critical. This issue affects some unknown processing of the component Flat File Database Handler. The manipulation of the argument logged_in leads to improper privilege management.
The identification of this vulnerability is CVE-2001-1423. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2001-1421 | AOL Instant Messenger up to 4.7 Font denial of service (VU#530299 / XFDB-7757)
10 months ago
A vulnerability classified as problematic was found in AOL Instant Messenger up to 4.7. This vulnerability affects unknown code of the component Font Handler. The manipulation leads to denial of service.
This vulnerability was named CVE-2001-1421. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Voidmaw: A new bypass technique for memory scanners
10 months ago
VOIDMAW This is a new bypass technique for memory scanners. It is useful in hiding problematic code that will be flagged by the antivirus vendors. This is basically an improved version of Voidgate, but without...
The post Voidmaw: A new bypass technique for memory scanners appeared first on Penetration Testing Tools.
ddos
cwe_checker: finds vulnerable patterns in binary executables
10 months ago
cwe_checker cwe_checker is a suite of tools to detect common bug classes such as use of dangerous functions and simple integer overflows. These bug classes are formally known as Common Weakness Enumerations (CWEs). Its main goal is...
The post cwe_checker: finds vulnerable patterns in binary executables appeared first on Penetration Testing Tools.
ddos