Aggregator

A vulnerability was found in Microsoft Windows up to Server 2016. It has been rated as critical. Affected by this issue is some unknown functionality of the component SMBv2/SMBv3. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2017-0016. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Edge. This affects an unknown part. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2017-0012. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

一、境外厂商产品漏洞1、Google Chrome安全绕过漏洞（CNVD-2024-48384）Google Chrome是美国谷歌（Google）公司的一款Web浏览器。Google Chrome存

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

About 75% of healthcare sector entities that suffered a ransomware attack over the past year were targeted on a weekend or holiday, highlighting the need for organizations to bolster staffing and related strategies during these vulnerable times, said Jeff Wichman of security firm Semperis.

Researchers Trace 61% of Known Losses This Year to Pyongyang-Backed Hackers
Hackers tied to North Korea's cash-strapped totalitarian dictatorship this year stole a record amount of cryptocurrency, totaling $1.34 billion across 47 incidents, or about double their known haul for 2023, reported blockchain analytics firm Chainalysis.

Infrastructure Problems Blamed; Users Appear to Move to Similar FlowerStorm Service
As the end of the year approaches, it's out with the old and in with the new as researchers report that Rockstar 2FA, which once facilitated prolific phishing-as-a-service hits, has crashed and burned, apparently leading many one-time users to move to rival FlowerStorm.

AI Can Fake Alignment to New Instructions to Avoid Retraining
Advanced artificial intelligence models can feign alignment with new training goals while secretly adhering to their original principles, a study shows. Alignment faking isn't likely to cause immediate danger but may pose a challenge as AI systems grow more capable.

Major Chinese Router Manufacturer Facing Increased Scrutiny After Chinese Espionage
U.S. authorities have launched multiple investigations while reportedly considering banning the widely popular Chinese-manufactured TP-Link routers amid ongoing security risks linked to Chinese cyberespionage and hacking campaigns targeting American critical infrastructure sectors.

A vulnerability, which was classified as problematic, was found in Apache Hive up to 3.x. This affects an unknown part of the component Signed Cookie Handler. The manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2024-23945. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache Spark up to 3.3.3/3.4.1/3.5.0 and classified as problematic. This vulnerability affects unknown code of the component Signed Cookie Handler. The manipulation leads to information exposure through error message. This vulnerability was named CVE-2024-23945. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in xemle home-gallery up to 1.15.0. Affected is an unknown function. The manipulation leads to reliance on reverse dns resolution. This vulnerability is traded as CVE-2024-53275. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability has been found in xemle home-gallery up to 1.15.0 and classified as problematic. Affected by this vulnerability is the function fetch of the file app.js of the component Setting Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2024-53276. The attack can be launched remotely. There is no exploit available.

error code: 521

美国网络安全和基础设施安全局（CISA）将其已知被利用漏洞（KEV）目录中增加了一个Acclaim Systems USAHERDS漏洞，该漏洞被追踪为CVE-2021-44207（CVSS评分：8.1）。 USAHERDS是由Acclaim Systems开发的基于网络的应用程序，旨在协助美国州政府追踪和管理动物健康和疾病爆发。它是AgraGuard产品套件的一部分，该套件包括USAHERDS、USALIMS、USAPlants、USAFoodSafety和USAMeals，旨在支持农业和食品安全运营。 该漏洞被中国网络间谍组织APT41利用，入侵了多个美国州政府网络。 这个漏洞源于硬编码凭证漏洞，影响了Acclaim USAHERDS网络应用程序7.4.0.1及更早版本。知道静态ValidationKey和DecryptionKey值的攻击者可以利用它们在运行应用程序的系统上执行任意代码。 攻击者可以制作恶意ViewState数据以绕过MAC检查，并触发服务器端代码执行。 “Acclaim USAHERDS网络应用程序7.4.0.1及更早版本，在2021年11月之前构建的版本使用了静态的ValidationKey和DecryptionKey值。”咨询报告中写道。“高风险——知道ValidationKey和DecryptionKey可以用来在运行应用程序的系统上实现远程代码执行。” 安全研究人员Douglas Bienstock来自Mandiant，他向公司报告了这个问题。Acclaim Systems通过在2021年11月发布补丁来解决这个问题，以修复漏洞。 根据《约束性操作指令》（BOD）22-01：减少已知被利用漏洞的重大风险，联邦民事机构必须在截止日期前解决已识别的漏洞，以保护他们的网络不受目录中漏洞被利用的攻击。 专家们还建议私营组织审查目录，并解决其基础设施中的漏洞。 CISA命令联邦机构在2025年1月13日之前修复此漏洞。     消息来源：securityaffairs；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as critical has been found in Oracle Enterprise Manager Ops Center 12.3.3/12.4.0. This affects an unknown part of the component Apache Commons FileUpload. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2019-0211. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.