Aggregator

A vulnerability was found in Netgear WNR614 and N300. It has been classified as critical. This affects an unknown part of the component PIN Handler. The manipulation leads to cleartext storage of sensitive information in memory. This vulnerability is uniquely identified as CVE-2024-36792. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in Netgear WNR614 and N300. Affected is an unknown function. The manipulation leads to cleartext storage of sensitive information. This vulnerability is traded as CVE-2024-36790. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in Mitel MiContact Center Business up to 10.0.0.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-35284. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in gVectors wpDiscuz Plugin up to 7.6.10 on WordPress. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2023-46310. The attack may be initiated remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 网络安全公司Cisco Talos披露，黑客正利用OpenAI ChatGPT和InVideo AI等热门人工智能工具的虚假安装程序作为诱饵，传播CyberLock、Lucky_Gh0$t勒索软件及新型恶意软件Numero等威胁。 “基于PowerShell开发的CyberLock勒索软件主要针对受害者系统中的特定文件进行加密，”研究员切坦·拉古普拉萨德在报告中指出，“Lucky_Gh0$t则是Yashma勒索软件的变种，属于Chaos勒索软件家族的第六代迭代，仅对勒索程序二进制文件进行了微调。”而Numero属于破坏性恶意软件，通过篡改Windows操作系统图形界面组件使设备瘫痪。 这些正版AI工具在B2B销售和营销领域广受欢迎，表明相关行业的个人与机构成为攻击者的主要目标。虚假网站“novaleadsai[.]com”疑似冒充正规潜在客户开发平台NovaLeads，可能通过SEO投毒技术提升搜索引擎排名。该网站以“首年免费使用，后续月费95美元”为诱饵，诱使用户下载内含恶意.NET可执行文件(“NovaLeadsAI.exe”)的压缩包。该文件实为加载器，用于部署基于PowerShell的CyberLock勒索软件。 该勒索软件具备权限提升功能，若未获管理员权限将自我提权执行，随后加密“C:”、“D:”、“E:”分区中特定扩展名的文件，并投放勒索信索要5万美元门罗币赎金。值得注意的是，攻击者在勒索信中宣称赎金将用于援助巴勒斯坦、乌克兰、非洲、亚洲等“长期遭受不公”地区的妇女儿童。“与无辜生命尤其是儿童的牺牲相比，这笔金额微不足道。遗憾的是，我们认定多数人不会主动施以援手，迫使我们出此下策。”勒索信写道。最后阶段，攻击者利用系统原生二进制工具“cipher.exe”配合“/w”参数清除磁盘可用空间，阻碍取证恢复。 另一攻击者则通过伪造ChatGPT高级版安装程序传播Lucky_Gh0$t勒索软件。恶意自解压安装包内含仿冒微软程序“dwm.exe”的勒索程序“dwn.exe”，同时捆绑微软官方开源AI工具。一旦运行安装程序，脚本即触发勒索程序。这款Yashma变种在加密1.2GB以下文件前会删除卷影副本及备份。勒索信包含专属解密ID，要求受害者通过Session通讯软件联系支付赎金获取解密工具。 此外，黑客还利用AI视频创作平台InVideo AI的伪造安装程序传播破坏性恶意软件Numero。该安装程序作为投放器包含三个组件：Windows批处理文件、VB脚本及Numero可执行程序。启动后，批处理文件通过无限循环调用VB脚本，每60秒中断并重启Numero进程。这款C++编写的32位程序会检测分析工具和调试器进程，随后将桌面窗口标题、按钮及内容覆盖为数字串“1234567890”。 此次披露恰逢谷歌旗下Mandiant曝光利用Facebook和LinkedIn恶意广告的欺诈活动。该活动将用户诱导至冒充Luma AI、Canva Dream Lab、Kling AI等正规AI视频工具的虚假网站。据Morphisec和Check Point本月初揭露，该活动被归因于越南关联组织UNC6032，至少自2024年中持续活跃。 攻击流程中，用户访问虚假网站后被要求输入提示词生成视频。无论输入内容如何，网站都会触发下载基于Rust的投放器STARKVEIL。该程序投放三款信息窃取类模块化恶意软件：使用TOR隧道获取.NET有效载荷的下载器GRIMPULL；收集系统信息及密码管理器/加密货币钱包数据的.NET后门FROSTRIFT；具备键盘记录、远程命令执行等功能的.NET远控木马XWorm。STARKVEIL还通过Python投放器COILHATCH，借助DLL侧加载技术启动上述载荷。 “这些AI工具已不仅针对设计师，任何人都可能被看似无害的广告诱骗，”Mandiant警告道，“尝试最新AI工具的诱惑可能让任何人沦为受害者。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

A vulnerability was found in Apple Mac OS X up to 10.4.5. It has been classified as critical. This affects the function lzwdecodevector of the component ImageIO. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-1982. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in October CMS up to 1.1.1 and classified as critical. Affected by this issue is some unknown functionality of the component Host Header Handler. The manipulation leads to improper neutralization of http headers for scripting syntax. This vulnerability is handled as CVE-2021-21265. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in mbed TLS up to 2.28.6/3.5.1 and classified as problematic. This vulnerability affects the function mbedtls_x509_set_extension. The manipulation leads to integer overflow. This vulnerability was named CVE-2024-23775. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Totolink A3300R 17.0.0cu.557_B20221024 and classified as critical. This vulnerability affects the function setIpv6Cfg. The manipulation of the argument pppoePass leads to command injection. This vulnerability was named CVE-2024-24327. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Totolink A3300R 17.0.0cu.557_B20221024. It has been declared as critical. Affected by this vulnerability is the function setWiFiScheduleCfg. The manipulation of the argument enable leads to command injection. This vulnerability is known as CVE-2024-24331. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in HCL BigFix ServiceNow Data Flow up to 1.2. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2023-37518. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Contact Form Entries Plugin up to 1.3.2 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-1069. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Craft CMS up to 3.0.1. It has been classified as problematic. This affects an unknown part of the component User Creation Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-36259. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. This issue affects some unknown processing of the component Canvas. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-1060. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in springboot-manager 1.6 and classified as problematic. This issue affects some unknown processing of the file /sysContent/add. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-24061. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Travel Journal 1.0. This affects an unknown part of the file /travel-journal/write-journal.php. The manipulation of the argument location leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-24041. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Travel Journal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /travel-journal/write-journal.php. The manipulation of the argument Share Your Moments leads to cross site scripting. This vulnerability was named CVE-2024-24945. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in EyouCMS up to 1.6.4 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument path leads to cross site scripting. The identification of this vulnerability is CVE-2024-23033. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in EyouCMS 1.6.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation of the argument input leads to cross site scripting. This vulnerability is known as CVE-2024-23034. The attack can be launched remotely. There is no exploit available.