Aggregator

A vulnerability was found in Tenda M3 1.0.0.12(4856) and classified as critical. Affected by this issue is the function upgrade. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2023-51092. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Indi Browser 12.11.23. Affected is an unknown function of the component com.example.gurry.kvbrowswer.webview. The manipulation leads to code injection. This vulnerability is traded as CVE-2023-49001. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mingsoft MCMS 5.2.9. Affected is an unknown function of the file /content/list.do. The manipulation of the argument categoryType leads to sql injection. This vulnerability is traded as CVE-2023-50578. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in ehttp up to 1.0.5. It has been rated as problematic. This issue affects the function read_func of the file epoll_socket.cpp. The manipulation leads to use after free. The identification of this vulnerability is CVE-2023-52266. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Acer/Aopen/Dell/Formelife/Gigabyte/Fujitsu/HP/Lenovo/Supermicro/Intel Product. Affected is an unknown function of the component Platform Key Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2024-8105. Access to the local network is required for this attack to succeed. There is no exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to apply a patch to fix this issue.

Octoscan Octoscan is a static vulnerability scanner for GitHub action workflows. Usage download remote workflows Octoscan can be run against a local git repository or you can download all the workflows with the dl action: analyze...

The post octoscan: A static vulnerability scanner for GitHub action workflows appeared first on Penetration Testing Tools.

Car rental giant Avis said a cyberattack in August exposed the sensitive information of almost 300,

以色列研究人员设计了一种新的攻击技术，该技术依靠来自内存总线的无线电信号从隔离系统中窃取数据。 据以色列内盖夫本·古里安大学的 Mordechai Guri 介绍，恶意软件可用于对敏感数据进行编码，而这些数据可使用软件定义无线电 (SDR) 硬件和现成的天线从远处捕获。 该攻击名为RAMBO，允许攻击者以每秒 1,000 比特的速度窃取编码文件、加密密钥、图像、按键和生物特征信息。测试在最远 7 米（23 英尺）的距离内进行。 隔离系统在物理和逻辑上与外部网络隔离，以保证敏感信息的安全。虽然这些系统提供了更高的安全性，但它们并不能防范恶意软件，有数十个已记录的恶意软件家族针对它们，包括Stuxnet、Fanny和PlugX。 在新的研究中，发表了多篇有关隔离网络攻击尝试技术论文的 Mordechai Guri 解释说，隔离系统上的恶意软件可以操纵 RAM 来生成时钟频率修改后的编码无线电信号，然后从远处接收这些信号。 攻击者可以使用适当的硬件接收电磁信号，解码数据并检索被盗信息。 RAMBO 攻击首先在隔离系统上部署恶意软件，可以通过受感染的 USB 驱动器、使用有权访问系统的恶意内部人员或通过破坏供应链将恶意软件注入硬件或软件组件。 攻击的第二阶段涉及数据收集、通过隔离网络隐蔽通道（在本例中是来自 RAM 的电磁发射）进行信息泄露以及远距离检索。 Guri 解释说，数据通过 RAM 传输时会发生快速的电压和电流变化，从而产生电磁场，这些电磁场可以以取决于时钟速度、数据宽度和整体架构的频率辐射电磁能。 研究人员解释说，发射器可以通过以与二进制数据相对应的方式调制内存访问模式来创建电磁隐蔽通道。 通过精确控制与内存相关的指令，该学者能够使用该隐蔽通道传输编码数据，然后使用 SDR 硬件和基本天线在远处检索它。 Guri 指出：“通过这种方法，攻击者可以以每秒数百比特的速率将数据从隔离网络的计算机泄露到附近的接收器。” 研究人员详细介绍了可以实施的几种防御和保护对策，以防止 RAMBO 攻击。   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/qMsQJFXPH1IN6K78cqoGdg 封面来源于网络，如有侵权请联系删除。

複数のアルプスシステムインテグレーション製品およびそのOEM製品には、クロスサイトリクエストフォージェリの脆弱性が存在します。

AHWT – another hardening tool for Windows operating systems The program is a script generator with a collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjustments. All parameters are...

The post AHWT: Hardening tool for Windows operating systems appeared first on Penetration Testing Tools.

一图概览

既是挑战，也是机遇

HyperDbg Debugger HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing. HyperDbg is designed...

The post HyperDbg: open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger appeared first on Penetration Testing Tools.

openappsec open-appsec (openappsec.io) builds on machine learning to provide preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy (soon), and API Gateways....

The post openappsec: machine learning security engine to prevents threats against Web Application & APIs appeared first on Penetration Testing Tools.

It takes more than technical knowledge to write about cybersecurity in a way people want to read. It takes creativity, discipline, and other key skills.

Vulnerability / Hardware SecurityA novel side-channel attack has been found to leverage radio sign

A vulnerability, which was classified as critical, was found in tcpdump up to 4.9.1. This affects the function chdlc_print of the file print-chdlc.c of the component Cisco HDLC Parser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-13687. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

该安全漏洞还影响了防火墙的SSLVPN功能，且已被黑客用以网络攻击。该公司提醒客户尽快为受影响的产品打上补丁。

华为三折叠手机预约量突破 300 万人；美的集团有望成为香港股市三年来最大上市项目；盖茨： AI 比电动汽车用电量小得多。