Aggregator

A vulnerability classified as problematic has been found in Apache Tomcat 4.1.24. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2007-3385. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in ASN1C 7.0.0. Affected is the function rtxMemHeapAlloc in the library asn1rt_a.lib. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2016-5080. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

#硬件设备 B 站 UP 主在液氦加持下将 14900KF 超频至 9.121GHz，打破超频爱好者 @Elmor 的世界纪录。这也是目前第二位将 CPU 超频至 9GHz 以上的爱好

Researchers analyzed new versions of the Banshee macOS Stealer sample that initially evaded detection by most antivirus engines, as analysis revealed that the malware employed a unique string encryption technique.  The encryption method was identical to that used by Apple’s XProtect antivirus engine for encrypting YARA rules within its binaries. By leveraging this shared encryption […]

The post 100 Million macOS Users At Risk – New Banshee Malware Attacks Bypassing Apple’s XProtect appeared first on Cyber Security News.

error code: 521

HackerNews 编译，转载请注明出处： 网络犯罪分子正采用一种名为“交易模拟欺诈”的新手段窃取加密货币，其中一起攻击成功盗取了价值约46万美元的143.45枚以太坊。 此次由ScamSniffer发现的攻击，凸显了现代Web3钱包中交易模拟机制存在的漏洞，该机制本应用于保护用户免受欺诈和恶意交易侵害。 攻击原理 交易模拟功能允许用户在签署和执行区块链交易前预览预期结果。 该功能旨在通过帮助用户验证交易内容（如转账的加密货币数量、燃气费及其他交易费用以及链上数据变化等）来增强安全性和透明度。 攻击者诱导受害者访问一个模仿合法平台的恶意网站，该网站启动了一个看似“领取”功能的操作。交易模拟显示用户将获得少量以太坊。 然而，模拟与执行之间存在时间延迟，攻击者利用这一时间差更改链上合约状态，从而在交易获得批准后改变其实际执行内容。 受害者信任钱包的交易模拟结果并签署了交易，导致网站将其钱包中的所有加密货币转至攻击者钱包。 攻击流程 ScamSniffer指出一起真实案例，受害者在状态更改后30秒签署了欺诈交易，导致资产（143.35枚以太坊）全部损失。 ScamSniffer警告称：“这种新的攻击方式标志着网络钓鱼技术的重大演变。攻击者不再依赖简单的欺骗手段，而是利用用户依赖的受信任钱包功能。这种复杂手段使得检测尤为困难。” 初始模拟（上）与篡改后的交易（下） 区块链监测平台建议，Web3钱包应降低模拟刷新频率以匹配区块链区块时间，在关键操作前强制刷新模拟结果，并添加过期警告以提醒用户风险。 从用户角度来看，这一新型攻击表明不应信任钱包模拟。 加密货币持有者应谨慎对待不明网站上的“免费领取”优惠，并仅信任经过验证的去中心化应用（dApps）。   消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in Yahoo! Messenger up to 8.1.0.249. Affected is an unknown function of the component ActiveX Control Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2007-3147. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Yahoo! Messenger up to 8.1.0.249 and classified as very critical. This vulnerability affects unknown code in the library ywcvwr.dll of the component ActiveX Control. The manipulation leads to memory corruption. This vulnerability was named CVE-2007-3148. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenSSL up to 0.9.8e and classified as problematic. Affected by this issue is the function BN_from_montgomery of the file crypto/bn/bn_mont.c. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2007-3108. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

金山云入驻补天专属SRC金山云正式上线补天专属SRC啦欢迎各位白帽黑客积极反馈安全漏洞！关于金山云北京金山云网络技术有限公司（以下简称金山云），是金山软件旗下云计算企业，跻身于中国公有云市场三甲。

2025.01.14 10点正式开通测试

主站 分类 漏洞 工具 极客

安全研究人员成功入侵iPhone 15和iPhone 15 Pro引入的苹果ACE3 USB-C控制器，引发了对设备安全性和潜在漏洞的质疑。