Aggregator

Nabla是一款二进制分析工具，支持SSCS、安全分析、逆向工程等功能。它通过Goblin和Wasmparser库提供命令行界面，可分析、比较二进制文件、扫描CVE漏洞、创建签名证明，并支持与分析结果进行聊天互动（需许可证）。开发者寻求反馈，并可提供免费试用许可证以获取营销素材。

这篇文章描述了一个关于错误代码521的情况。

HackerNews 编译，转载请注明出处： 研究人员发现名为“DoubleTrouble”的安卓银行木马近期大幅升级传播手段与技术能力，对欧洲用户构成严重威胁。该木马最初通过仿冒大型银行的钓鱼网站传播，现已扩展至利用Discord平台托管恶意APK文件进行分发，显著增加了检测与防御难度。 Zimperium研究人员分析了当前攻击活动的9个样本及25个早期变种。据周三发布的报告显示，新版木马新增多项敏感数据窃取、设备操控及传统移动防御规避功能。 实时监控技术升级 木马安装后会伪装为合法应用（使用谷歌Play图标），诱导用户开启安卓无障碍服务。借此权限，木马可在后台隐蔽运行。其采用基于会话的安装方式，将恶意负载隐藏在应用资源目录中，有效规避早期检测。最新版本核心功能包括： 通过媒体投影（MediaProjection）与虚拟显示（VirtualDisplay）接口实现实时屏幕录制。 伪造锁屏覆盖界面窃取PIN码、密码及解锁图案。 基于无障碍事件监控的键盘记录。 针对性拦截银行应用或安全工具。 仿冒合法登录界面的定制化钓鱼覆盖层。 窃取数据经编码后传输至远程命令控制（C2）服务器，目标涵盖银行应用、密码管理工具及加密货币钱包的凭证。通过实时镜像用户设备屏幕，攻击者可绕过多因素认证，直接获取用户所见敏感内容。 全功能命令控制系统 该木马响应数十种C2服务器指令，支持远程攻击者： 模拟点击滑动操作 触发伪造UI元素 显示黑屏或更新界面 操控系统级设置 特定指令（如发送密码、启动图形拦截、屏蔽应用）使攻击者在窃密同时能主动阻挠用户操作。Zimperium警告称，DoubleTrouble采用的混淆技术、动态覆盖层与实时视觉窃取能力，标志着移动威胁正朝适应性强、持久化方向演进。其持续升级的传播手法与技术特性，对个人用户与金融机构均构成严峻挑战。       消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

腾讯玄武实验室与清华大学团队发现无线网络中存在基于数据帧长度的侧信道攻击漏洞，可无需破解加密劫持TCP/UDP连接，影响5G、4G及Wi-Fi环境。

A vulnerability was found in Siemens RUGGEDCOM ROX 2.14.1/2.15.1 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation of the argument action leads to cross site scripting. The identification of this vulnerability is CVE-2023-36390. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in novel-plus 3.6.2. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2023-37847. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Kubernetes. It has been declared as critical. This vulnerability affects unknown code of the component CSI Proxy. The manipulation leads to improper input validation. This vulnerability was named CVE-2023-3893. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. This vulnerability is traded as CVE-2023-7021. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. This vulnerability is traded as CVE-2024-1251. The attack needs to be done within the local network. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Social Login Plugin up to 2.7.7 on WordPress. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-10114. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in kwestion505 Bandsintown Events Plugin up to 1.3.1 on WordPress. It has been classified as problematic. This affects the function bandsintown_events of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13802. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in RafflePress Giveaways and Contests Plugin up to 1.12.5 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-1935. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in GPAC up to 2.2.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2023-5520. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in akashmalik Scratch and Win Plugin up to 2.8.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-13316. The attack can be initiated remotely. There is no exploit available.

文章介绍了Cloudflare错误代码521的原因及解决方法，指出该错误通常由服务器无法响应请求引起，并建议检查服务器状态和网络配置以解决问题。

HackerNews 编译，转载请注明出处： 霍尼韦尔近期修补了其工业过程控制与自动化解决方案Experion过程知识系统（PKS）中的多个漏洞。美国网络安全和基础设施安全局（CISA）上周发布公告披露了这些漏洞的存在。 根据公告，Honeywell Experion PKS产品——版本早于R520.2 TCU9 Hot Fix 1及R530 TCU3 Hot Fix 1的版本——存在六个漏洞，其中包括被归类为“严重”和“高危”级别的漏洞。多数严重和高危漏洞影响控制数据访问（CDA）组件，可导致远程代码执行。两个高危漏洞可能被用于拒绝服务（DoS）攻击，而一个中危漏洞可能被用于操纵通信信道并引发系统异常行为。 CISA指出，受影响产品在全球范围内使用，涉及关键制造、化工、能源、水务及医疗等关键基础设施领域。霍尼韦尔在声明中回应：“我们高度重视安全问题并迅速采取行动评估和修复问题。发现漏洞后，已为Experion PKS产品（含C300 PCNT02、C300 PCNT05、FIM4、FIM8、UOC、CN100、HCA、C300PM、C200E等型号）及OneWireless WDM发布更新。用户必须按安全通告升级至指定版本以增强防护。” 俄罗斯网络安全公司Positive Technologies因报告漏洞获得致谢。该公司工业控制系统负责人Dmitry Sklyar表示：“漏洞在Experion PKS设备（含现场级网络转换器和I/O模块）中发现。受影响设备通常部署于工业设施的隔离网段，难以通过互联网远程利用。”他解释称：“漏洞存在于缺乏身份认证功能的网络协议处理程序中，攻击者只需接入隔离网段即可利用。成功利用可在受控设备上执行任意代码，可能操纵工业流程及设备——包括停止/重启设备、修改网络设置、篡改过程参数等。”他建议企业“部署漏洞管理系统进行防护”。 本月初，霍尼韦尔旗下公司Tridium开发的Niagara框架也被披露存在十余个漏洞。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

英伟达宣布GTX 7XX/9XX/10XX系列显卡将在2025年10月停止功能更新，转为提供3年安全更新至2028年10月。此后不再支持新功能、游戏优化及兼容性适配，建议游戏玩家考虑升级显卡以获得更好的体验。