Aggregator

IntroductionIn recent years, Large Language Models (LLMs) have revolutionized the way we generate t

[福]农历 腊月廿三 [福]甲辰年 龙 【腊月二十三也是俗称的小年】 小年是大年的前奏曲，小年意味着人们开始准备年货[礼物]，准备过个好年，新年要有新气象，表达了中国劳动人民一种辞旧迎新、迎祥纳福的美好愿望。

IntroductionLarge Language Models (LLMs) have revolutionized the way we interact with technology, e

We’re excited to announce that the

HackerNews 编译，转载请注明出处： 网络安全研究人员警告称，一种新型大规模攻击活动正在利用AVTECH IP摄像头和华为HG532路由器的安全漏洞，将这些设备纳入一个名为Murdoc Botnet的Mirai僵尸网络变种。Qualys安全研究员Shilpesh Trivedi在分析中指出：“此次持续的攻击活动展现了增强的能力，通过利用漏洞来入侵设备并建立广泛的僵尸网络。”该活动自2024年7月开始，至今已感染超过1,370个系统。大多数感染事件发生在马来西亚、墨西哥、泰国、印尼和越南。 证据表明，该僵尸网络利用已知的安全漏洞（如CVE-2017-17215和CVE-2024-7029）来获取对物联网（IoT）设备的初始访问权限，并通过shell脚本下载下一阶段的恶意负载。该脚本会根据设备的CPU架构，获取并执行僵尸网络恶意软件。这些攻击的最终目标是利用僵尸网络发动分布式拒绝服务（DDoS）攻击。 几周前，一个名为“gayfemboy”的Mirai僵尸网络变种被发现，自2024年11月初以来，它一直在利用最近披露的Four-Faith工业路由器的安全漏洞。2024年年中，Akamai还透露，CVE-2024-7029被恶意行为者利用，将AVTECH设备纳入僵尸网络。 上周，有关另一场大规模DDoS攻击活动的细节浮出水面，该活动自2024年底以来一直针对日本的主要公司和银行，通过利用漏洞和弱凭据来组建一个物联网僵尸网络。 此次DDoS攻击活动主要针对电信、技术、托管、云计算、银行、游戏和金融服务行业。超过55%的受感染设备位于印度，其次是南非、巴西、孟加拉国和肯尼亚。 Trend Micro表示：“该僵尸网络包含源自Mirai和BASHLITE的恶意软件变种。其命令包括可以采用多种DDoS攻击方法、更新恶意软件以及启用代理服务的指令。”这些攻击涉及入侵物联网设备，部署一个加载器恶意软件，该恶意软件会获取实际负载，然后连接到命令与控制（C2）服务器，等待进一步的DDoS攻击和其他用途的指令。为了防范此类攻击，建议监控由任何不受信任的二进制文件/脚本执行所产生的可疑进程、事件和网络流量。同时，建议应用固件更新并更改默认用户名和密码。     消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

EDRSandblast-GodFault Integrates GodFault into EDR Sandblast, achieving the same result without the use of any vulnerable drivers. EDRSandBlast is a tool written in C that weaponizes a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object...

The post EDRSandblast-GodFault: weaponize a vulnerable signed driver to bypass EDR detections appeared first on Penetration Testing Tools.

Flutter Spy Flutter Spy is a Bash-based command-line tool designed to provide insightful code analysis and data extraction capabilities from built Flutter apps with reverse engineering. It empowers developers, bug hunters, and security enthusiasts...

The post flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps appeared first on Penetration Testing Tools.

HTMLSmuggler HTMLSmuggler – JS payload generator for IDS bypass and payload delivery via HTML smuggling. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems,...

The post HTMLSmuggler: JS payload generator for IDS bypass and payload delivery via HTML smuggling appeared first on Penetration Testing Tools.

A vulnerability was found in File Manager Plugin and File Manager Pro Plugin on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2023-6825. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as critical, was found in Post Form Plugin up to 2.8.7 on WordPress. This affects an unknown part of the component Media Upload. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-1169. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Post Form Plugin up to 2.8.7 on WordPress and classified as critical. This issue affects some unknown processing of the component Media Deletion. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-1170. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Booster for WooCommerce Plugin up to 7.1.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1534. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mollie Forms Plugin up to 2.6.3 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-1645. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in LadiApp Plugin up to 4.4 on WordPress and classified as critical. This issue affects the function ladiflow_save_hook. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2023-4626. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Prime Slider Plugin up to 3.13.2 on WordPress. Affected by this vulnerability is an unknown functionality of the component Mercury Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1508. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Prime Slider Plugin up to 3.13.2 on WordPress. Affected by this issue is some unknown functionality of the component Rubix Widget. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-1507. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in Fortra FileCatalyst up to 5.1.5. Affected by this issue is some unknown functionality of the component ftpservlet. The manipulation leads to external control of assumed-immutable web parameter. This vulnerability is handled as CVE-2024-25153. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Fortra FileCatalyst up to 3.8.8. This affects an unknown part of the component URL Validation Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-25154. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Fortra FileCatalyst 3.8.6/3.8.7/3.8.8 and classified as problematic. This vulnerability affects unknown code of the component Web Server. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-25155. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.