Aggregator

HackerNews 编译，转载请注明出处： 网络安全组织Cybereason披露，Qilin勒索软件团伙近期推出“呼叫律师”功能，为其附属团伙提供法律支持以胁迫受害者支付赎金。这一策略表明该组织正扩大业务范围，试图填补其他网络犯罪集团退出后的市场空白。 Qilin自2022年8月活跃至今，曾因2024年6月攻击英国医疗服务提供商Synnovis引发关注。该团伙采用“双重勒索”模式：先窃取并加密受害者数据，随后以公开数据为要挟索要赎金。其运营模式为勒索软件即服务（RaaS），向附属团伙提供攻击工具和基础设施，并从赎金中抽取15%-20%的分成。与其他勒索组织类似，Qilin明确禁止附属团伙攻击独联体国家系统。 该团伙正从单纯的恶意软件提供商转型为全链条网络犯罪平台，除提供高级攻击工具外，还新增法律咨询、垃圾邮件服务及海量数据存储支持。随着老牌勒索组织衰落，Qilin正主导新一代RaaS运营模式。 据Cybereason报告显示，“呼叫律师”功能可在赎金谈判阶段提供法律咨询，通过三种手段施压受害者： 引入法律风险评估，夸大潜在损失 根据不同司法管辖区对数据泄露行为进行违法等级认定 支持律师与受害企业直接谈判 Qilin在操作面板中宣称：“点击目标界面的‘呼叫律师’按钮，我们的法律团队将私下提供专业支持。律师介入聊天能对公司形成间接压力，提高赎金金额——因为企业通常希望避免法律诉讼。法律部门的合作优势包括：指导如何对拒付赎金的企业制造最大经济损失（及未来规避类似情况）、数据法律价值评估、多法域违法等级认定、潜在损害赔偿法律评估（含诉讼成本/声誉风险）。” 该团伙同步升级技术能力，2025年4月新增网络传播功能及DDoS攻击选项，增强不同攻击场景的适应性。Qualys报告指出：“依托包含法律支持（呼叫律师）的强大运营模式，配合激励政策和技术保障，该组织正实现前所未有的勒索成功率。” 活动热力图显示Qilin正加速扩大攻击范围，形成持续升级的威胁态势。对此Cybereason提出防御建议：“企业需建立主动防御体系应对Qilin等高级威胁，包括加强员工安全意识、验证事件响应机制、硬化技术环境等措施，系统性降低风险暴露面。”       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

一、《框架》内容解读（二）人工智能安全风险（三）人工智能安全应对措施（四）建立风险治理体系二、《框架》指导实

Iranian hackers are breaching home surveillance cameras to monitor the movements of Israeli citizens in real time, according to Rafael Franco, former Deputy Director of Israel’s National Cyber Directorate. He stated that in recent...

The post Iran Hacking Israeli Home Cams: Real-Time Monitoring of Citizens & Missile Strikes Revealed appeared first on Penetration Testing Tools.

Fraudsters have developed a method to intercept search queries from users seeking 24/7 customer support from companies such as Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. By posing as legitimate support...

The post Warning: New “Search Poisoning” Scam Injects Fake Support Numbers on Legitimate Brand Sites appeared first on Penetration Testing Tools.

A vulnerability was found in Beijing Baidu Netcom Science & Technology Baidu Lite App 6.40.0 on iOS and classified as problematic. This issue affects some unknown processing of the component Link Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-56952. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Baidu Input Method 12.6.13 on iOS. Affected is an unknown function of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-56953. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Beijing Baidu Netcom Science & Technology Haokan Video 7.70.0 on iOS and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-56954. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Kingsoft WPS Office 12.20.0 on iOS and classified as problematic. This issue affects some unknown processing of the component Link Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-56957. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Tencent QQMail 6.6.4 on iOS. It has been classified as problematic. Affected is an unknown function of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-56955. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. The identification of this vulnerability is CVE-2025-6497. Attacking locally is a requirement. Furthermore, there is an exploit available.

A dispute has arisen within the Linux kernel development community over recent modifications proposed for the Bcachefs file system. These changes were submitted after the official feature merge window for the 6.16 release had...

The post Linux Kernel Filesystem Feud: Torvalds Rejects Bcachefs Feature, Citing Merge Window Rules appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 网络安全研究员杰里米亚·福勒发现一个疑似属于房地产管理公司的数据库，内含大量未加密的个人身份信息(PII)。该数据库高达116.24GB，包含约17万条记录，且未设置密码保护，处于完全开放状态。 暴露的数据类型包括： 姓名与出生日期 社会安全号码 实际住址及电子邮箱 员工人事档案（含处分/解雇/辞职文件） 内部管理文件（安防记录/事件报告/警方档案/维修单据/报销明细） 福勒获取的样本数据显示，汽车旅馆员工的个人身份信息以明文形式存储在电子表格中。由于数据未经加密，黑客可轻易获取这些信息用于身份盗窃、金融欺诈或精准钓鱼攻击。 福勒在网站星球报告中指出：“数据库还包含房产检查报告、租客驱逐通知、员工降职解聘函、零用金报表，以及含有支付卡类型和末四位卡号的消费凭证。”他特别强调这是近年来接触过最值得警惕的数据库之一，因其涉及： 涉案人员逮捕记录 个人医疗状况文件 物业损毁现场照片 这些记录疑似关联加利福尼亚州的收益地产投资公司，该公司在美国多地经营房产项目。虽然数据归属指向该企业，但福勒无法确认是公司自身还是第三方服务商管理疏漏导致泄露。在收到漏洞披露通知当日，该数据库访问权限已被立即限制。       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Less than four months remain until the end of support for Windows 10, prompting companies across Europe to actively replace their aging, yet still serviceable desktop computers in anticipation of transitioning to Microsoft’s next-generation...

The post Windows 10 End-of-Life Fuels European PC Upgrade Boom Ahead of October Deadline appeared first on Penetration Testing Tools.

A vulnerability classified as critical has been found in eFiction 1.1. This affects an unknown part of the file viewuser.php. The manipulation of the argument uid leads to sql injection. This vulnerability is uniquely identified as CVE-2005-4170. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Hangzhou Bobo Technology UU Game Booster 10.6.13 on iOS. This issue affects some unknown processing of the component Link Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-56951. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in KuGou Music 20.0.0 on iOS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-56948. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Guangzhou Polar Future Culture Technology University Search 2.27.0 on iOS. This affects an unknown part of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-56949. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in KuGou Concept 4.0.61 on iOS. This vulnerability affects unknown code of the component Link Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-56950. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in LearnDash 6.7.1 and classified as problematic. This issue affects some unknown processing of the component Profile Image Upload Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-56940. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in LearnDash 6.7.1. This vulnerability affects unknown code of the component ld-comment-body Class. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-56939. The attack can be initiated remotely. There is no exploit available.