Aggregator

A vulnerability identified as problematic has been detected in ASPjar Guestbook 1.0. Affected by this vulnerability is an unknown functionality. Performing manipulation of the argument web site results in basic cross site scripting. This vulnerability is identified as CVE-2002-1729. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Alt-N MDaemon up to 5.0.5 and classified as critical. This impacts an unknown function. The manipulation of the argument Password with the input MServer results in hard-coded credentials. This vulnerability is known as CVE-2002-1738. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

黑客组织Scattered LapSus Hunters威胁谷歌解雇两名安全研究人员并停止调查其组织，否则将泄露谷歌数据库。但近期未发生严重安全事故，且无证据支持威胁真实性，谷歌未回应。

这篇文章介绍了通过Kusto解决八个数据分析挑战的过程，并探讨了AI在解决问题中的作用与局限性。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

最近闲暇时间在重读毛主席的《论持久战》，结合当前网络安全建设中的一些问题，颇有感悟，与大家分享。

文章介绍了错误代码521的原因、影响及解决方法，并强调了预防措施的重要性。

HackerNews 编译，转载请注明出处： 网络安全研究人员指出，Android恶意软件领域出现新趋势：传统上用于投放银行木马的“投放器应用”（dropper apps），如今也开始传播短信窃取器和基础间谍软件等更简单的恶意软件。 荷兰移动安全公司ThreatFabric在上周的报告中表示，这些攻击活动通过伪装成印度等亚洲地区政府或银行应用的投放器应用进行传播。 该公司认为，这一转变源于谷歌最近在新加坡、泰国、巴西和印度等特定市场试行的安全保护措施。这些措施会阻止用户侧载（sideloading）那些请求敏感权限（如短信和无障碍服务）的可疑应用，而无障碍服务是Android设备上常被滥用以执行恶意操作的设置。 ThreatFabric解释道：“Google Play Protect的防御机制，尤其是定向试点计划，能越来越有效地在风险应用运行前将其拦截。其次，攻击者希望其操作能适应未来。” “即便将基础有效负载封装在投放器中，攻击者也能获得一个保护壳，既能规避当前的检查，又能保持足够灵活性，以便日后更换负载和调整攻击活动。” ThreatFabric称，尽管谷歌的策略通过甚至在用户与恶意应用交互前就阻止其安装，提高了门槛，但攻击者正在尝试新的方法来规避这些保护措施——这显示出安全领域永无休止的“打地鼠”游戏。 这包括在设计投放器时考虑谷歌的试点计划，使其不申请高风险权限，仅显示一个无害的“更新”屏幕，从而在这些地区绕过扫描。 然而，只有当用户点击“更新”按钮时，真正的有效负载才会从外部服务器获取或解包，随后便开始申请实现其目标所需的权限。 “作为另一项扫描的一部分，Play Protect可能会显示风险警报，但只要用户接受这些警报，应用就会被安装，有效负载也就成功投递。”ThreatFabric指出，“这揭示了一个关键漏洞：如果用户坚持点击安装，Play Protect仍会允许风险应用通过，恶意软件也就依然能绕过试点计划。” RewardDropMiner就是这样一个投放器，它曾被发现在传播间谍软件负载的同时，还会分发一个可远程激活的门罗币加密货币挖矿程序。不过，该工具的最新变种已不再包含挖矿功能。 通过RewardDropMiner投递的一些恶意应用（均针对印度用户）列举如下： PM YOJANA 2025 (com.fluvdp.hrzmkgi) °RTO Challan (com.epr.fnroyex) SBI Online (com.qmwownic.eqmff) Axis Card (com.tolqppj.yqmrlytfzrxa) 其他可避免触发Play Protect或试点计划的投放器变种包括SecuriDropper、Zombinder、BrokewellDropper、HiddenCatDropper和TiramisuDropper。 谷歌在回应The Hacker News的置评请求时表示，尚未在Play商店中发现任何使用这些技术分发应用的情况，并称正在持续增加新的保护措施。 一位发言人表示：“无论应用来自何处——即使是由‘投放器’应用安装——Google Play Protect都会通过自动检查威胁来帮助保护用户安全。” “在本报告发布之前，Google Play Protect已针对这些已识别的恶意软件版本提供了保护。根据我们当前的检测，Google Play上未发现包含这些版本恶意软件的应用。我们正在不断强化保护措施，帮助用户免受恶意行为者的侵害。” CIS构建工具包 与此同时，Bitdefender实验室警告称，一场新的恶意广告活动正在利用Facebook广告，以提供免费的Android版TradingView应用高级版本为诱饵，最终部署改进版的Brokewell银行木马，用以监控、控制受害设备并窃取敏感信息。 自2025年7月22日起，已运行不少于75条恶意广告，仅在欧洲联盟就覆盖了数万名用户。这场针对Android的攻击浪潮只是一个更大规模恶意广告操作的一部分，该操作还滥用Facebook广告，伪装成各种金融和加密货币应用来针对Windows桌面用户。 这家罗马尼亚网络安全公司表示：“这次活动展示了网络犯罪分子如何精细调整策略以适应用户行为。通过针对移动用户并将恶意软件伪装成受信任的交易工具，攻击者希望从人们对加密应用和金融平台日益增长的依赖中获利。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

2025年8月，WhatsApp修复了一个严重的零点击漏洞CVE-2025-55177，该漏洞与苹果ImageIO框架的漏洞CVE-2025-43300组合使用，形成了一个复杂的攻击链，攻击者无需用户交互即可入侵设备并窃取敏感数据。

A scammer that spoofed a city supplier convinced employees in the City of Baltimore's Accounts Payable Department to send two EFT payments totaling more than $1.5 million to a bank account they controlled and illustrating the ongoing threat posed by BEC fraud.

The post Scammer Spoofs a City Supplier, Steals $1.5 Million From Baltimore appeared first on Security Boulevard.

巴尔的摩市因内部控制系统漏洞，在2019年、2022年和2024年分别遭遇三起欺诈性供应商计划攻击，损失超百万元。最新一起中，骗子伪造供应商信息并入侵其Workday账户，诱骗财务部门更改银行账户信息并转移资金。事件暴露了验证流程不足的问题，并促使该市加强内部审核流程和员工培训以防范类似事件再次发生。

欧空局木星冰卫星探测器飞回金星进行第二次引力弹弓加速，因轨道过近太阳导致高温关闭传感器无法拍摄。其主要任务是研究木星和木卫三，并计划明年1月再次经过地球进行第三次加速。美国的欧罗巴快船已发射，将于2030年抵达木星轨道。

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.9.10. This vulnerability affects the function ila_output of the file net/core/dst_cache.c. Performing manipulation results in information disclosure. This vulnerability is known as CVE-2024-41081. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.10. It has been declared as critical. This affects the function io_register_iowq_max_workers of the component io_uring. The manipulation results in deadlock. This vulnerability is known as CVE-2024-41080. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.10.222/5.15.163/6.1.100/6.6.41/6.9.10. This vulnerability affects unknown code of the component null_blk. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2024-41077. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.100/6.6.41/6.9.10. This issue affects some unknown processing of the component nvmet. The manipulation of the argument cqe.result results in improper initialization. This vulnerability is cataloged as CVE-2024-41079. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.100/6.6.41/6.9.10. This affects the function nfs4_set_security_label of the component NFSv4. Executing manipulation can lead to memory leak. This vulnerability is tracked as CVE-2024-41076. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.100/6.6.41/6.9.10. Affected by this issue is the function ondemand_id of the component cachefiles. Performing manipulation results in insufficiently random values. This vulnerability is identified as CVE-2024-41075. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

文章介绍了错误代码521的原因及解决方法，指出该错误通常由Cloudflare引起，常见于服务器连接被重置的情况，并提供了排查和修复的建议。