Aggregator

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2017-0189. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Win32k. The manipulation leads to information disclosure. This vulnerability is known as CVE-2017-0188. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as problematic. Affected by this issue is some unknown functionality of the component Win32k. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2017-0191. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Hyper-V up to 2016. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper input validation. This vulnerability is known as CVE-2017-0185. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Microsoft Hyper-V. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2017-0184. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Hyper-V. This issue affects some unknown processing of the component Network Switch. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2017-0186. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

error code: 521

近日，网络安全研究员Jeremiah Fowler透露，一家总部位于英国伦敦的人工智能开发平台Builder.ai，由于数据库配置错误，该平台遭遇了重大数据泄露事件，共计泄露数据超过300万条，1.29TB。 Builder.ai是Microsoft Power Platform的一部分，在全球多个地区设有分支机构，它允许企业通过自动执行流程和预测结果来提高业务绩效。Builder.ai可以与Microsoft Dataverse以及各种云数据源（如SharePoint、OneDrive或Azure）集成，方便用户访问和管理业务数据。Builder.ai提供了多种预生成的AI模型，用户可以直接使用这些模型，而无需从头开始构建，用户可以根据业务需求创建自定义的AI模型，用于分析文本、图像、结构化数据等。 根据Fowler在Website Planet的报告，泄露的敏感信息包括客户成本提案、保密协议、发票、税务文件、内部沟通记录、秘密访问密钥、客户个人信息以及电子邮件往来截图。数据库中约有337434个发票（18GB）和32,810个文件（4GB），标记为主服务协议。 “将文档和访问密钥以明文形式存储在同一数据库中，可能造成严重的安全漏洞。如果数据库意外曝光或被未经授权访问，恶意攻击者可能利用这些密钥访问链接系统、云存储或其他敏感资源，无需额外身份验证。” 数据库配置错误是常见问题，但最新报告显示，即使是ShinyHunters和Nemesis这样的黑客组织也在积极入侵暴露的数据库，这表明如果数据库落入恶意威胁攻击者手中，可能会危及公司声誉和用户隐私。 泄露的文档对黑客来说是宝贵的资源，可以用于社交工程攻击。例如制作含有恶意软件的虚假发票，以欺骗Builder.ai的客户。此外数据中的内部信息可能被用来对Builder.ai员工发起有针对性的钓鱼攻击，泄露的云存储访问密钥还可能允许未经授权访问其他位置存储的更敏感数据。 更糟糕的是，Builder.ai 应急响应流程十分迟缓。在研究人员通知后，Builder.ai花了整整一个月才保护数据库，并称“复杂的系统依赖”是延迟的原因。尽管解释不够明确，但这表明数据库曝光可能涉及第三方承包商。 研究人员强调，在构建系统时减少依赖性的重要性，以避免妨碍应急响应。为了最小化风险，Fowler建议组织应安全存储管理凭据和访问密钥，对其进行加密，存储在专用系统中，并与其他敏感数据隔离，以防止被利用。   转自FreeBuf，原文链接：https://www.freebuf.com/news/418279.html 封面来源于网络，如有侵权请联系删除

In this Help Net Security interview, Jason Passwaters, CEO of Intel 471, discusses how integrating cybercrime intelligence into an organization’s security strategy enables proactive threat management and how measuring intelligence efforts can help mitigate risks before they escalate. Passwaters also shares best practices for building a robust intelligence program, focusing on data sources, adversary identification, and collaboration between the private sector and law enforcement.

The post Maximizing the impact of cybercrime intelligence on business resilience appeared first on Help Net Security.

A vulnerability classified as problematic has been found in Microsoft Hyper-V. This affects an unknown part of the component Network Switch. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2017-0183. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Hyper-V. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Network Switch. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2017-0182. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Cisco IOS up to 15.3(1)T2. It has been classified as critical. This affects an unknown part of the component SSL VPN Implementation. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2013-6686. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS and classified as problematic. This issue affects some unknown processing of the component IPSec Tunnel Implementation. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2013-6694. The attack may be initiated remotely. There is no exploit available. It is recommended to apply the suggested workaround.

A vulnerability, which was classified as critical, was found in Cisco ASA up to 9.1.1.3. Affected is an unknown function of the component Management Session Requests. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2013-6707. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM DB 9.5/9.7/9.8/10.1/10.5 and classified as problematic. This issue affects some unknown processing of the component XML Query Handler. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2014-8901. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ATutor. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2012-6528. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SAP Internet Transaction Server 4620.2.0.323011. It has been rated as critical. This issue affects some unknown processing in the library wgate.dll. The manipulation of the argument ~theme/~template leads to path traversal. The identification of this vulnerability is CVE-2003-0748. The attack may be initiated remotely. Furthermore, there is an exploit available.

error code: 521

Wiz Threat Research 揭示了一个由讲罗马尼亚语的威胁组织 Diicot（又称 Mexals）策划的新恶意软件活动。该活动以 Linux 环境为目标，采用了先进的恶意软件技术，标志着其能力显著升级。该组织一直利用 Linux 系统进行加密劫持，使用 XMRig 等工具和复杂的自传播机制。 据 Wiz Research 称，与早期迭代版本相比，更新后的恶意软件显示出惊人的复杂程度，凸显了攻击者适应和完善其战术的能力。报告指出：“我们分析的恶意软件包括一些显著的改进，反映了更高的复杂程度。”主要的进步包括引入了新的指挥控制（C2）基础设施，从基于 Discord 的 C2 过渡到 HTTP，以及采用 Zephyr 协议和 Monero 挖矿。 Diicot 图表 | 来源：Wiz Research Wiz Research 该恶意软件还改进了混淆技术。例如，修改后的 UPX 标头现在包括损坏的校验和，使标准解包工具失效。这些变化表明，该恶意软件正在努力绕过现代安全措施，阻挠自动检测。 该活动的一个突出特点是它能够根据环境调整自己的行为。在云环境中，恶意软件会优先向其他主机传播，而在传统环境中，它会部署加密有效载荷。报告解释说，“云检测逻辑”“基于远程机器的 Linux 发行版和版本”，显示了该组织对目标的细致关注。 调查中发现的有效载荷包括： Brute-Spreader： 在网络中传播并保持持久性的主要有效载荷。 反向外壳 (client.go)： 允许攻击者完全远程控制被入侵的机器。 SSH 标记扫描器： 识别弱 SSH 凭据以获得初始访问权限。 该活动对运行 OpenSSH 的 Linux 系统构成重大风险。薄弱的凭证和错误配置的安全设置很容易成为这种高级恶意软件的入口点。Wiz 研究人员强调：“如果你的系统依赖 SSH 且没有适当的安全保护，它们很容易成为攻击目标。” 加密劫持仍然是 Diicot 行动的核心动机。攻击者从 Monero 挖矿中赚取了超过 16,000 美元，还从 Zephyr 协议中赚取了更多难以追踪的收入。除了经济损失，企业还面临数据外渗、系统受损和潜在运营中断的风险。 随着 Diicot 集团的不断发展，防御策略也必须与时俱进。Wiz Research 建议加强 SSH 配置，强制执行强密码，并部署能够识别混淆有效载荷的高级检测机制。   转自安全客，原文链接：https://www.anquanke.com/post/id/302932 封面来源于网络，如有侵权请联系删除