Aggregator

Гибридная криптография и QUIC вошли в ядро.

漏洞原理，环境构建，攻击复现三位一体， Metarget靶场和Coogo助力还原IngressNightmare攻击链

漏洞原理，环境构建，攻击复现三位一体， Metarget靶场和Coogo助力还原IngressNightmare攻击链

漏洞原理，环境构建，攻击复现三位一体， Metarget靶场和Coogo助力还原IngressNightmare攻击链

漏洞原理，环境构建，攻击复现三位一体， Metarget靶场和Coogo助力还原IngressNightmare攻击链

漏洞原理，环境构建，攻击复现三位一体， Metarget靶场和Coogo助力还原IngressNightmare攻击链

漏洞原理，环境构建，攻击复现三位一体， Metarget靶场和Coogo助力还原IngressNightmare攻击链

Overview Recently, NSFOCUS CERT detected that the Babuk2 group has been frequently publishing sensitive data of several well-known organizations on its dark web site. The data is from multiple sectors, including government, finance, internet, healthcare, and education, across various countries and regions. Up to this month, at least 71 victims’ data has been disclosed, and […]

The post A Deep Analysis of the Ransomware Group Babuk2’s Recent Activities appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post A Deep Analysis of the Ransomware Group Babuk2’s Recent Activities appeared first on Security Boulevard.

HackerNews 编译，转载请注明出处： ESET在调查几个知名勒索软件组织之间的关联时发现，越来越多的勒索软件组织开始将用于禁用端点检测和响应（EDR）解决方案的工具纳入其武器库。 在2024年LockBit和BlackCat勒索软件组织消亡后，新的威胁者崭露头角，其中包括2024年2月出现的RansomHub，这是一个勒索软件即服务（RaaS）组织。 随着勒索软件附属组织从不同团体迁移到RansomHub，例如据称是Change Healthcare黑客事件背后的BlackCat附属组织，RansomHub成为并一直保持着在该领域的主导威胁地位。 2024年5月，RansomHub在其武器库中添加了EDRKillShifter，这是一种针对众多安全解决方案的自定义EDR杀手工具，它依赖密码来保护在执行过程中充当中间层的shellcode。 EDR杀手是在受害者的网络上执行的，旨在使任何在本地终端上运行的安全解决方案失明、损坏或终止。虽然可以使用简单的脚本，但更复杂的工具会部署易受攻击的驱动程序，然后利用这些驱动程序进行恶意活动。 RansomHub通过其RaaS面板向其附属组织提供了EDRKillShifter，但ESET观察到它被用于涉及Play、Medusa和BianLian等其他勒索软件变种的攻击中。 由于BianLian和Play是比较封闭的勒索软件操作，它们能够获得EDRKillShifter的访问权限，这表明它们可能与RansomHub合作，在其攻击中重新利用RaaS的工具。 “我们高度确信所有这些攻击都是由同一个威胁者执行的，该威胁者是这四个勒索软件组织的附属组织，”ESET指出，并将该威胁者称为QuadSwitcher。 ESET还表示，其他勒索软件附属组织也被看到使用EDRKillShifter，并补充说这并不是威胁者用来禁用安全软件的唯一工具。事实上，勒索软件附属组织使用的EDR杀手种类有所增加。 EDR杀手的使用增加被视为对安全解决方案更有效地检测文件加密恶意软件的反应。ESET指出，加密器很少收到重大更新，以避免引入缺陷的风险。 ESET还指出，虽然有超过1700个易受攻击的驱动程序可以供EDR杀手解决方案使用，但只有少数几个被滥用，因为针对它们有经过测试的代码，威胁者无需从头编写新代码。 除了RansomHub，只有另一个RaaS运营商被观察到在其服务中添加了EDR杀手，即Embargo，其泄露网站上仅列出了14名受害者。该工具被称为MS4Killer，基于公开的概念验证（PoC）代码。   消息来源：Security Week；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

The Globee Awards is an annual competition celebrating companies in various fields, including technology-related businesses, since 2003. This year, the winners were announced on March 13, and ANY.RUN is one of them! We earned silver in the Outstanding Threat Detection and Response category.  Thank You!  It’s a pleasure to share the news with our lovely […]

The post ANY.RUN Wins Globee Awards 2025 for Outstanding Threat Detection and Response appeared first on ANY.RUN's Cybersecurity Blog.

通过分析 Lyft 网约车平台上逾 22 万人的数据，研究人员报告，有色人种司机比白人司机更可能因超速收到罚单，而且即使其超速行驶的严重程度相同，他们面临的罚款也会更高。执法中存在的种族定性是美国社会中的一个亟待解决的问题。利用拼车平台 Lyft 的高频 GPS 位置数据，研究人员估测了种族定性对超速罚单和罚款的影响。该分析涵盖了 2017 年至 2020 年在佛罗里达州运营的 22 万 2838 名 Lyft 司机。Lyft 司机使用智能手机应用以 10 秒为间隔将精确的位置和速度数据传输到 Lyft 系统，从而为研究人员提供详细的实时驾驶信息。研究人员将该数据集与佛罗里达州政府的超速违规记录进行了匹配；这些记录详细记录了交通拦截和涉事司机的驾照信息。作者发现，即使在行驶速度、地点、车辆特征及其他相关变量等因素受控的的情况下，少数族裔司机因超速而被开罚单的可能性也明显高于白人司机，而且罚款额也更高。研究结果表明，与白人司机相比，少数族裔司机在交通拦截期间被开罚单的可能性要高 24% 至 33%，罚款金额也要高 23% 至 34%。此外，分析显示，白人司机和少数族裔司机在事故率或再犯率上没有显著差异，表明这些差异是由执法偏见而非司机行为所致。

A vulnerability classified as problematic was found in Byron gitoxide up to 0.35.x on Windows. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper handling of windows device names. This vulnerability is known as CVE-2024-35197. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Eclipse Ditto up to 3.5.5. It has been rated as problematic. This issue affects some unknown processing of the component Explorer User Interface. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-5165. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.10.5/16.11.2/17.0.0. It has been declared as problematic. This vulnerability affects unknown code of the component Kubernetes Agent Server. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2023-7045. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in xpro 140+ Widgets Plugin up to 1.4.3.1 on WordPress. Affected by this issue is the function export_content. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-4471. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in OpenProject and classified as problematic. This issue affects some unknown processing of the component Add Attachment Handler. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2024-35224. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.