Aggregator

文章描述了一个错误代码521的情况及其相关问题。

HackerNews 编译，转载请注明出处： 网络安全研究人员披露了一场新型攻击活动，该活动疑似通过一款此前未被记录的.NET 恶意软件（代号 “CAPI 后门程序”），针对俄罗斯汽车行业与电子商务领域发起攻击。 根据 Seqrite 实验室的调查，此次攻击链的核心环节是发送钓鱼邮件，邮件中包含一个 ZIP 压缩包，攻击者通过该压缩包触发感染流程。该网络安全公司的分析基于 2025 年 10 月 3 日上传至 VirusTotal 平台的一个 ZIP 样本。 该 ZIP 压缩包内包含两个关键文件： 一份俄语诱饵文档，伪装成与所得税法规相关的通知； 一个 Windows 快捷方式（LNK 文件）。 这份 LNK 文件与 ZIP 压缩包同名（即 “Перерасчет заработной платы 01.10.2025”，俄语意为 “2025 年 10 月 1 日薪资重算”），其作用是借助微软合法二进制文件 “rundll32.exe” 执行.NET 植入程序（“adobe.dll”）。这种技术被称为 “living-off-the-land（LotL，就地取材）”，是网络攻击者常用的手段之一。 Seqrite 指出，该后门程序具备多项核心功能： 检查自身是否以管理员权限运行； 收集已安装的杀毒软件列表； 打开诱饵文档作为伪装，同时秘密连接远程服务器（地址：91.223.75 [.] 96）以接收后续执行指令。 通过这些指令，CAPI 后门程序可实现以下恶意操作： 从谷歌 Chrome、微软 Edge、火狐（Mozilla Firefox）等浏览器中窃取数据； 截取屏幕截图； 收集系统信息； 枚举文件夹内容； 将获取的结果回传至远程服务器。 此外，该后门程序还会执行一系列检测，判断当前运行环境是合法主机还是虚拟机。它通过两种方式实现持久化： 创建计划任务； 在 Windows “启动” 文件夹中生成 LNK 文件，确保复制到 Windows Roaming 文件夹的后门 DLL 文件能随系统自动启动。 Seqrite 判断攻击者瞄准俄罗斯汽车行业的依据是：与此次攻击活动相关的一个域名 “carprlce [.] ru”，疑似仿冒合法域名 “carprice [.] ru”（“carprice [.] ru” 通常与汽车价格查询、汽车行业服务相关）。 研究人员普里亚・帕特尔（Priya Patel）与苏巴吉特・辛格（Subhajeet Singha）表示：“该恶意载荷是一款.NET DLL 文件，既具备窃取功能，又能为后续恶意活动建立持久化机制。”   消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

In recent weeks, a surge of phishing campaigns has emerged in which attackers impersonate popular password managers —

The post Phishing Campaign Targets Master Passwords of Top Managers appeared first on Penetration Testing Tools.

微软PowerToys新增Light Switch工具，默认启用后导致Windows 11深浅色模式频繁切换BUG。用户因不知情花费大量时间排查问题。建议暂时关闭该功能以避免困扰。

A vulnerability was found in SysAdmin Magazine man.sh. It has been rated as problematic. This impacts an unknown function. Performing manipulation results in improper privilege management. This vulnerability was named CVE-1999-1179. The attack may be initiated remotely. There is no available exploit. This vulnerability is historically significant due to its background and the way it was received.

A vulnerability categorized as problematic has been discovered in Sambar Server 4.1. This affects an unknown part of the file dumpenv.pl of the component HTTP Request Handler. The manipulation results in information disclosure. This vulnerability was named CVE-1999-1178. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Apache HTTP Server 1.3.1. It has been rated as problematic. This affects an unknown part of the component MIME Header Handler. This manipulation causes denial of service (Sioux). This vulnerability appears as CVE-1999-1199. The attack may be initiated remotely. In addition, an exploit is available. This vulnerability is considered historic because of its background and reception. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in Lincoln D. Stein nph-publish 1.2. This affects an unknown function of the file nph-publish.cgi of the component Foöe Upload Handler. The manipulation of the argument pathname results in path traversal. This vulnerability is cataloged as CVE-1999-1177. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Nlog. It has been declared as critical. This affects an unknown function of the file nlog-smb.pl. The manipulation of the argument ipaddress results in improper privilege management. This vulnerability is identified as CVE-1999-1278. The attack can be executed remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in HP HP-UX 11.00/11.11/11.22. This affects an unknown part of the file rpc.mountd of the component Error Message Handler. The manipulation results in information disclosure. This vulnerability is reported as CVE-1999-1225. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as problematic has been reported in Arpanet perlshop. This issue affects some unknown processing of the file perlshop.cgi of the component Shopping Cart. This manipulation causes information disclosure. The identification of this vulnerability is CVE-1999-1374. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft IIS 4.0. The affected element is an unknown function of the file fpcount.exe of the component Frontpage Server Extensions. This manipulation causes memory corruption. The identification of this vulnerability is CVE-1999-1376. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

Microsoft has released its Digital Defense Report 2025, documenting a sharp surge in attacks targeting digital identities, the

The post The AI-Powered Threat: Microsoft Reveals Surge in Identity and Nation-State Attacks appeared first on Penetration Testing Tools.

文章介绍了Cloudflare的521错误代码，解释了该错误的原因及其对网站访问的影响，并提供了可能的解决方法。

HackerNews 编译，转载请注明出处： 欧洲刑警组织于周五宣布，已捣毁一个运作 SIM 卡农场的复杂 “网络犯罪即服务”（CaaS）平台。该平台为客户实施钓鱼攻击、投资诈骗等各类犯罪活动提供支持。 这场名为 “SIM 卡卡特尔行动”（Operation SIMCARTEL）的多国执法协作行动，共开展了 26 次搜查，逮捕 7 名嫌疑人，查获 1200 台 SIM 卡盒设备（内含 4 万张在用 SIM 卡）。其中 5 名被拘留者为拉脱维亚公民。 此外，行动还拆除了 5 台服务器，并于 2025 年 10 月 10 日接管了用于宣传该服务的两个网站 ——gogetsms [.] com 和 apisim [.] com，目前这两个网站已显示查封横幅。同时，执法人员查扣 4 辆豪华汽车，冻结嫌疑人银行账户资金 43.1 万欧元（约合 50.2 万美元）、加密货币账户资金 26.6 万欧元（约合 31 万美元）。 参与行动的国家与造成的损失 此次行动由奥地利、爱沙尼亚、芬兰、拉脱维亚四国执法部门牵头，欧洲刑警组织（Europol）与欧洲司法组织（Eurojust）协同参与。 据欧洲刑警组织透露，该犯罪网络已被证实与奥地利 1700 多起独立网络诈骗案、拉脱维亚 1500 多起独立网络诈骗案相关。这两个国家因此遭受的损失分别约为 450 万欧元（约合 525 万美元）和 42 万欧元（约合 48.9 万美元）。 该机构表示：“这个犯罪网络及其基础设施具备高度技术复杂性，使得全球范围内的犯罪者能够利用这项 SIM 卡盒服务，实施各类与电信相关的网络犯罪及其他犯罪活动。” 犯罪网络的运作模式与危害 该犯罪基础设施提供注册于 80 多个国家 / 地区的电话号码，供犯罪活动使用，包括在社交媒体和通信平台上创建虚假账户。其主要目的是隐藏犯罪者的真实身份与所在位置。据悉，通过该服务创建的在线虚假账户累计已超过 4900 万个。 这些虚假账户随后被用于实施钓鱼攻击和短信钓鱼攻击（smishing），并通过诱骗受害者向虚假交易计划投入资金来进行金融诈骗。另一种诈骗手法是，犯罪者在 WhatsApp 上冒充受害者的子女，谎称更换了新号码，以 “紧急情况” 为由要求对方转账，金额通常在四位数（欧元）级别。 此外，借助该平台还可能实施敲诈勒索、移民走私、传播儿童性虐待材料（CSAM）等其他犯罪行为。 涉事网站的宣传与用户反馈 从互联网档案馆（Internet Archive）存档的页面可见，GoGetSMS 网站曾将自身宣传为 “快速、安全获取临时电话号码” 的渠道，声称提供超过 1000 万个电话号码，可接收来自 160 多个在线服务的验证码。 GoGetSMS 网站还在页面上推广 “将现有 SIM 卡变现” 的功能，声称通过其 “专用软件” 可将 SIM 卡转化为 “创造被动收入的有力资产”，SIM 卡持有者每接收一条短信就能获得收益。 在评论网站 Trustpilot 上，该平台的付费用户抱怨 “无法获取可用的临时电话号码”。一名用户称，自己在该平台上付费购买了美国号码，却未得到可用的号码，“尝试了多次，既浪费时间又浪费钱。客服完全无回应 —— 不给帮助、不退款，什么都没有。” 拉脱维亚国家警察局在联合声明中指出，该平台专为 “匿名通信与匿名支付” 设计，已对多个国家的 3200 人造成影响。   消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Microsoft has unveiled a new tool designed to assess the effectiveness of artificial intelligence in cybersecurity. The platform,

The post Beyond Chatbots: Microsoft’s New Tool Measures if AI Can Think Like a Cyber Analyst appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, has been found in PHPOpenChat. The affected element is an unknown function of the file ENGLISH_poc.php. This manipulation of the argument poc_root_path causes file inclusion. This vulnerability appears as CVE-2005-0862. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as problematic has been found in PHPOpenChat 3.0.0/3.0.1/3.0.2. This affects an unknown function of the file regulars.php. Performing manipulation of the argument chatter results in basic cross site scripting. This vulnerability is identified as CVE-2005-0863. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in Phpoutsourcing Zorum 3.5. Impacted is an unknown function of the file gorum/prod.php. This manipulation of the argument argv causes memory corruption. The identification of this vulnerability is CVE-2005-2651. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in PHPOpenChat 2.3.4/3.0.1. The impacted element is an unknown function of the file poc_loginform.php of the component Login. Such manipulation of the argument sourcedir leads to file inclusion. This vulnerability is referenced as CVE-2005-0862. It is possible to launch the attack remotely. Furthermore, an exploit is available.