Aggregator

这篇文章介绍了错误代码521的原因及解决方法。该错误通常由Cloudflare引发，表示与原始服务器的连接超时。常见原因是服务器问题、网络延迟或配置错误。解决方法包括检查服务器状态、优化网络连接或联系Cloudflare技术支持以排查问题。

HackerNews 编译，转载请注明出处： 研究人员发现 WatchGuard Fireware OS 存在一个严重漏洞（CVSS4.0 评分 9.3），攻击者可利用该漏洞远程执行任意代码。 该漏洞编号为 CVE-2025-9242，属于越界写入漏洞，影响两类场景：一是使用 IKEv2 协议的移动用户 VPN；二是配置了动态网关对等体、且使用 IKEv2 协议的分支机构 VPN（BOVPN）。 WatchGuard 在安全公告中指出，即便 Firebox 安全平台此前配置过上述 VPN 及 IKEv2 网关对等体，仍可能存在漏洞风险。 该漏洞影响以下 Fireware OS 版本，包含提及的最高版本： 11.10.2 至 11.12.4_Update1 12.0 至 12.11.3 2025.1 WatchGuard Firebox 是一款下一代防火墙（NGFW），承担安全网关职能，可控制外部网络与可信网络间的流量，还集成了入侵防御、反垃圾邮件、内容过滤等高级功能。 该设备部署方式灵活，可作为物理设备、云端服务或虚拟机使用。 Shadowserver 基金会表示，依据 10 月 17 日的 IP 数据扫描结果，目前可能有超过 7.1 万台设备存在该漏洞。 该漏洞详情已在美国国家漏洞数据库（NVD）上线，WatchGuard 也已发布相关安全公告。 若 Firebox 仅配置了 “指向静态网关对等体的分支机构 VPN 隧道”，且设备所有者无法立即将系统升级至修复漏洞的 Fireware OS 版本，WatchGuard 已提供临时规避方案。 WatchGuard 在公告中还指出，鉴于针对各类厂商暴露 VPN 的攻击愈发频繁，建议将 BOVPN 安全访问策略配置为更窄的范围，以处理传入的 VPN 流量。   消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

LinkedInDumper Python 3 script to dump company employees from LinkedIn Voyager API. The results contain firstname, lastname, position

The post LinkedInDumper: dump employee information from LinkedIn Voyager API appeared first on Penetration Testing Tools.

文章描述了一个关于错误代码521的问题及其解决方法。

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一场神秘的针对性钓鱼攻击活动。该活动冒充乌克兰总统办公室，且在发起当天便宣告终止，其目的是入侵参与战争救援工作的相关机构。 根据网络安全公司 SentinelLabs 周三发布的报告，10 月 8 日开展的这场单日攻击活动，目标群体包括国际红十字会、挪威难民委员会、联合国儿童基金会的工作人员，以及其他参与战争救援的非政府组织人员。 SentinelLabs 表示，目前尚不清楚这场被标记为PhantomCaptcha的攻击活动背后主使是谁，但从目标清单可推测，攻击者试图 “获取与乌克兰援助相关的人道主义行动、重建规划及国际协调工作等方面的情报”。 SentinelOne 研究负责人汤姆・黑格尔在报告中写道，从最初的基础设施注册到攻击实施当天，这场针对性钓鱼攻击经过了六个月的准备。但攻击活动仅持续一天，相关基础设施便下线，“这表明攻击者具备精密的规划能力和对操作安全的高度重视”。 攻击手段与方式 黑客还向乌克兰顿涅茨克、第聂伯罗彼得罗夫斯克、波尔塔瓦和尼古拉耶夫斯克地区的政府机构发起攻击。 他们发送了一份伪装成乌克兰总统办公室官方文件的八页PDF文档，内含恶意程序。意图引导受害者陷入一套复杂的多阶段攻击链，以此获取受害者信任并绕过传统安全防护措施。 若受害者点击 PDF 中的嵌入链接，可能会被重定向至一个伪装成视频会议应用 Zoom 官方网站的域名，而该域名实际由俄罗斯服务商 KVMKA 掌控。 尽管攻击发起当天该服务器便无法解析，但 SentinelLabs 通过 VirusTotal 数据库获取了服务器响应数据，发现其是一个伪装成 Cloudflare 分布式拒绝服务（DDoS）防护网关的虚假页面。 这为入侵受害者设备提供了两种可能的途径。 一种是将受害者重定向至真实的密码保护 Zoom 会议，黑格尔写道，这可能便于黑客与受害者进行实时社会工程学诈骗通话。 另一种则是诱导受害者不慎执行复制到剪贴板的命令，研究人员将后一种手段称为ClickFix或 Paste and Run技术。 SentinelLabs 称，PhantomCaptcha攻击的变种手段会欺骗 Windows 用户，让其从虚假的 Cloudflare DDoS 防护网关复制 “令牌”，随后按下 “Windows + R” 组合键，粘贴 “令牌” 并执行命令 —— 而该命令实际是一段旨在入侵用户电脑的 PowerShell 脚本。 攻击者能力评估 研究人员表示：“这种社会工程学攻击手段极具效力，因为恶意代码是由用户自行执行的，能够避开那些仅专注于检测恶意文件的终端安全防护系统。” 尽管黑客很快关闭了面向公众的诱骗域名，但 SentinelLabs 发现，后台命令与控制基础设施在初始攻击日之后仍处于活跃状态，“这表明基础设施具备高度隔离性，且需要维护部分基础设施以控制已入侵的系统”。 研究人员发现，在攻击次日（10 月 9 日），一个与公众诱骗域名 URL 相似的新域名完成注册，“这可能意味着攻击者计划继续开展攻击活动”。 他们的基础设施分析还发现，该攻击与另一范围更广的攻击活动存在关联。后者 “利用成人社交与娱乐内容作为诱饵，且可能与俄罗斯 / 白俄罗斯的技术开发源头有关”，不过该攻击活动被列为单独的行动集群进行追踪。 具体而言，后一攻击活动的主题与报告中提及的 “乌克兰利沃夫市一家名为‘公主男士俱乐部’（Princess Men’s Club）的成人娱乐场所” 相关，包含一个网站和一个安卓应用安装包，旨在从受入侵设备中窃取各类个人信息与设备数据。 SentinelLabs 补充称，PhantomCaptcha攻击活动的时间线显示，攻击者 “既了解进攻性操作，也熟悉防御性检测能力”。不过该公司在发布报告时表示，暂无法将这一行动集群归属于某一已知黑客组织。 该公司表示，此次攻击活动的精密程度 “表明攻击者具备高水平的操作规划能力，从长期准备、基础设施隔离到刻意控制曝光度等方面均能体现这一点”。     消息来源：therecord.media； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

橙色 iPhone 17 Pro 系列金属框架出现褪色变粉红色问题，与氧化铝涂层受损有关。苹果建议避免使用漂白剂或过氧化物清洁，并防止长时间紫外线照射。部分用户已获免费更换服务。

A vulnerability was found in Palo Alto PAN-OS, Cloud NGFW and Prisma Access and classified as problematic. Impacted is an unknown function of the component GlobalProtect. Executing manipulation can lead to resource consumption. This vulnerability is registered as CVE-2025-0114. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Dassault Systèmes ENOVIA Change Manager and classified as problematic. Affected is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-0830. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Dassault Systèmes ENOVIA Collaborative Industry Innovator and classified as problematic. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-0832. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Dassault Systèmes ENOVIA Collaborative Industry Innovator. It has been rated as problematic. This vulnerability affects unknown code. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-0833. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in TeleMessage Service up to 2025-05-05. This affects an unknown function. Executing manipulation can lead to use of password hash instead of password for authentication. This vulnerability is registered as CVE-2025-48925. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.

A vulnerability marked as critical has been reported in TeleMessage Service up to 2025-05-05. Impacted is an unknown function of the component Admin Panel. This manipulation causes authentication bypass using alternate channel. This vulnerability is tracked as CVE-2025-48926. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product is a managed service, which means users themselves cannot handle vulnerability countermeasures.

A vulnerability described as problematic has been identified in TeleMessage Service up to 2025-05-05. The affected element is an unknown function. Such manipulation leads to insecure storage of sensitive information. This vulnerability is listed as CVE-2025-48929. The attack may be performed from remote. In addition, an exploit is available. This product is a managed service, therefore users are not responsible for maintaining vulnerability countermeasures.

A vulnerability, which was classified as problematic, has been found in TeleMessage Service up to 2025-05-05. This impacts an unknown function. The manipulation leads to cleartext storage of sensitive information in memory. This vulnerability is documented as CVE-2025-48930. The attack needs to be performed locally. Additionally, an exploit exists. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A vulnerability labeled as critical has been found in TeleMessage Archiving Backend up to 2025-05-05. This affects an unknown part of the component API Call Handler. Such manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2025-47730. The attack may be launched remotely. Furthermore, there is an exploit available. This product is provided as a managed service, meaning users do not have the ability to maintain vulnerability countermeasures themselves.

A vulnerability classified as critical has been found in Xmlsoft libxslt up to 1.1.42. Impacted is an unknown function. The manipulation leads to use after free. This vulnerability is documented as CVE-2024-55549. The attack needs to be performed locally. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in 274056675 springboot-openai-chatgpt e84f6f5. This impacts the function Submit of the file /api/blade-user/submit of the component User Handler. The manipulation results in improper authorization. This vulnerability was named CVE-2025-2320. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.

文章探讨了水平和垂直越权漏洞及其测试方法。水平越权指同一权限级别用户间数据操控，案例包括修改帖子、地址等；垂直越权指低权限用户访问高权限接口或功能。通过抓包、篡改ID、时间戳生成ID等方式测试水平越权；提取前端接口、猜测参数等方式挖掘垂直越权。总结指出水平越权常见于用户绑定数据，垂直越权有三种场景：GET型接口直接测试、前端触发无需构造参数、猜测参数构造请求。

A vulnerability, which was classified as critical, was found in PHPTB Topic Boards 2.0. This affects an unknown part of the file emailvalidate.php. The manipulation of the argument mid results in sql injection. This vulnerability was named CVE-2005-2587. The attack may be performed from remote. In addition, an exploit is available.