Aggregator

AI不是涂上就专业的万金油，虽可用但亦不可轻信~

AI不是涂上就专业的万金油，虽可用但亦不可轻信~

AI不是涂上就专业的万金油，虽可用但亦不可轻信~

AI不是涂上就专业的万金油，虽可用但亦不可轻信~

HackerNews 编译，转载请注明出处： YouTube 上推广游戏外挂的视频被用于传播一种名为 Arcane 的未被记录在案的盗取器恶意软件，该软件可能针对俄语用户。 卡巴斯基在一份分析报告中表示：“这种恶意软件的有趣之处在于它收集的信息量之大。”它会从 VPN 和游戏客户端，以及 ngrok、Playit、Cyberduck、FileZilla 和 DynDNS 等各种网络工具中抓取账户信息。 攻击链涉及在 YouTube 视频中分享指向受密码保护的存档文件的链接，打开后，该存档文件会解压出一个名为 start.bat 的批处理文件，该文件负责通过 PowerShell 检索另一个存档文件。 随后，该批处理文件利用 PowerShell 启动新下载存档文件中嵌入的两个可执行文件，同时禁用 Windows SmartScreen 保护功能，并将每个驱动器根文件夹设置为 SmartScreen 过滤器的例外。 这两个二进制文件中，一个是加密货币矿工，另一个是名为 VGS 的盗取器，它是 Phemedrone 盗取器恶意软件的一个变种。截至 2024 年 11 月，攻击者已被发现用 Arcane 替代了 VGS。 “尽管其中很多内容是从其他盗取器中借鉴而来的，但我们无法将其归因于任何已知的家族。”这家俄罗斯网络安全公司指出。 除了从各种基于 Chromium 和 Gecko 的浏览器中窃取登录凭证、密码、信用卡数据和 Cookie 外，Arcane 还能够收集全面的系统数据，以及以下多个应用程序的配置文件、设置和账户信息： VPN 客户端：OpenVPN、Mullvad、NordVPN、IPVanish、Surfshark、Proton、hidemy.name、PIA、CyberGhost 和 ExpressVPN 网络客户端和工具：ngrok、Playit、Cyberduck、FileZilla 和 DynDNS 通讯软件：ICQ、Tox、Skype、Pidgin、Signal、Element、Discord、Telegram、Jabber 和 Viber 电子邮件客户端：Microsoft Outlook 游戏客户端和服务：Riot Client、Epic、Steam、Ubisoft Connect（原 Uplay）、Roblox、Battle.net 以及各种 Minecraft 客户端 加密货币钱包：Zcash、Armory、Bytecoin、Jaxx、Exodus、Ethereum、Electrum、Atomic、Guarda 和 Coinomi 此外，Arcane 还被设计为能够截取受感染设备的屏幕截图，枚举正在运行的进程，并列出已保存的 Wi-Fi 网络及其密码。 “大多数浏览器会生成唯一密钥，用于加密其存储的敏感数据，如登录信息、密码、Cookie 等。”卡巴斯基表示，“Arcane 利用数据保护 API（DPAPI）获取这些密钥，这是盗取器的典型行为。” “但 Arcane 还包含一个名为 Xaitax 的工具的可执行文件，它利用该工具破解浏览器密钥。为此，该工具会被秘密地写入磁盘并启动，盗取器从其控制台输出中获取所需的全部密钥。” 此外，该盗取器恶意软件还采用了一种单独的方法，通过调试端口启动浏览器副本，从而从基于 Chromium 的浏览器中提取 Cookie。 该行动背后的不明威胁行为者已经扩大了他们的业务范围，包括一个名为 ArcanaLoader 的加载器，该加载器声称用于下载游戏外挂，但实际上却传播盗取器恶意软件。俄罗斯、白俄罗斯和哈萨克斯坦已成为此次行动的主要目标。 “这场特定的活动之所以有趣，是因为它展示了网络犯罪分子的灵活性，他们始终在更新他们的工具和分发方法。”卡巴斯基表示，“此外，Arcane 盗取器本身也很有趣，因为它收集了各种不同的数据，并且使用了各种技巧来提取攻击者想要的信息。” 消息来源：TheHackerNews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

QCSuper QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G (and for certain models 5G) radio frames, among other things. It will allow you to generate PCAP captures of it using either...

The post QCSuper: capture raw 2G/3G/4G/ 5G radio frames appeared first on Penetration Testing Tools.

A vulnerability was found in Kashipara E-learning Management System 1.0. It has been classified as critical. This affects an unknown part of the file /teacher_signup.php. The manipulation of the argument class_id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-54920. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in SlideDeck 1 Lite Content Slider Plugin up to 1.4.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13224. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Information Kerala Mission SANCHAYA 3.0.4. Affected by this vulnerability is an unknown functionality of the component Property Tax Payment Portal. The manipulation leads to external control of assumed-immutable web parameter. This vulnerability is known as CVE-2025-25382. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Intrexx Portal Server up to 12.0.2. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-26816. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in significant-gravitas autogpt up to 0.5.0. This issue affects some unknown processing of the file workflow-checker.yml of the component Pull Request Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-8156. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in danswer-ai danswer up to 0.3.94. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insufficient isolation of system-dependent functions. This vulnerability was named CVE-2024-9612. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.2.0-rc2. Affected is the function vcc_open of the file drivers/tty/vcc.c. The manipulation leads to use after free. This vulnerability is traded as CVE-2023-23039. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 6.1.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file net/mpls/af_mpls.c of the component sysctl Table Registration Handler. The manipulation leads to double free. This vulnerability is known as CVE-2023-26545. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Qt up to 5.15.16/6.2.10/6.5.3/6.6.1. Affected is an unknown function of the file network/access/http2/hpacktable.cpp of the component HTTP2 HAndler. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2023-51714. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.8.2/6.9-rc1. This affects the function rebalance_wq_table of the component crypto. The manipulation leads to divide by zero. This vulnerability is uniquely identified as CVE-2024-26945. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.2. It has been classified as critical. This affects the function zcrypt_card of the component s390. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-26957. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MediaTek MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8188, MT8370 and MT8390. It has been classified as problematic. Affected is an unknown function of the component Da. The manipulation leads to improper handling of faults that lead to instruction skips. This vulnerability is traded as CVE-2024-20060. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Samsung Exynos 980, Exynos 850, Exynos 1280, Exynos 1380 and Exynos 1330. This affects the function slsi_set_delayed_wakeup_type. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-27380. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.0 and classified as problematic. Affected by this issue is the function dev_queue_xmit of the component ipvlan. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2022-48651. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.