Aggregator

От фишинга до кредитов: как мошенники превращали смартфоны в ловушку.

A vulnerability was found in Xen and classified as problematic. Affected by this issue is some unknown functionality of the component BTC SRSO Mitigation Handler. The manipulation leads to protection mechanism failure. This vulnerability is handled as CVE-2024-31142. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in White Bear Solutions WBSAirback 21.02.04 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/DeviceS3. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-3787. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Google Android 13/14. This affects an unknown part of the file CompanionDeviceManagerService.java. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-0022. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in VMware Avi Load Balancer up to 22.1.5/30.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-22264. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Base64 Encoder Decoder Plugin up to 0.9.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-3823. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Linux Kernel up to 6.8 on AMD. Affected by this vulnerability is an unknown functionality of the component Virtual Interrupt Handler. The manipulation leads to injection. This vulnerability is known as CVE-2024-25742. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in tine 2.0/2.0 2017.02.4/2.0 2017.08.4. This issue affects the function getRegistryData of the file setup.php of the component LDAP Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-36070. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in NetEase taurusxin ncmdump 1.3.2. Affected is the function NeteaseCrypt::FixMetadata of the file /src/ncmcrypt.cpp of the component NCM File Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-34952. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, was found in pdfjs-dist. Affected is an unknown function of the file PDF.js. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2024-4367. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

OpenAI ChatGPT 的新功能催生出一场吉卜力工作室动画风格图像的生成热潮。OpenAI CEO 奥尔特曼也将 X 平台（原推特）头像换成了吉卜力风格的图像，上传至社交平台（SNS）的此类生成图像层出不穷，但也有人担心这会引发著作权问题。部分美国媒体指出，新功能使得“复制著作权受保护作品的风格变得更加容易”。报道同时指出，知识产权专家认为在法律上这属于“灰色地带”，可能会引发著作权纠纷。

A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope

Как "халявный" интернет становится ловушкой для ваших данных.

A vulnerability classified as problematic was found in Linux Kernel up to 6.7.5. This vulnerability affects the function register_netdevice_notifier of the component hv_netvsc. The manipulation leads to privilege escalation. This vulnerability was named CVE-2024-26820. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.17/6.7.5. This issue affects the function algif_hash of the component crypto. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-26824. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda AC500 2.0.1.9. It has been declared as critical. This vulnerability affects unknown code of the file /goform/setVlanInfo. The manipulation of the argument port leads to buffer overflow. This vulnerability was named CVE-2023-46060. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Sharp Rouvo V. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-38302. The attack needs to be approached locally. There is no exploit available.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.6.17/6.7.5. This affects an unknown part of the component SMB Client. The manipulation of the argument id/uid/cruid leads to privilege escalation. This vulnerability is uniquely identified as CVE-2024-26822. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 网络安全研究人员揭示了一种新型的“钓鱼即服务”（PhaaS）平台。该平台利用域名系统（DNS）中的邮件交换（MX）记录生成虚假登录页面，伪造约114个品牌，以骗取用户凭据。 DNS情报公司Infoblox正在追踪此次活动，并将该钓鱼套件及相关攻击活动命名为Morphing Meerkat（变形猫鼬）。 “该攻击者通常利用广告技术基础设施中的开放重定向漏洞，劫持域名进行钓鱼活动，并通过包括Telegram在内的多种渠道分发窃取的凭据。”Infoblox在与《The Hacker News》分享的报告中表示。 Forcepoint在2024年7月记录了一次利用该PhaaS工具包的攻击活动。攻击者在钓鱼邮件中插入链接，伪装成共享文档。受害者点击链接后会被重定向至Cloudflare R2上的虚假登录页面，输入凭据后信息将通过Telegram传输至攻击者手中。 据估计，Morphing Meerkat已发送了数千封垃圾邮件。为了绕过安全过滤，攻击者主要依赖受感染的WordPress网站以及Google旗下DoubleClick等广告平台的开放重定向漏洞。 此外，该钓鱼套件还支持实时翻译，能够将钓鱼页面的内容动态转换为包括英语、韩语、西班牙语、俄语、德语、中文和日语在内的十多种语言，针对全球用户进行攻击。 钓鱼页面还具备多项反分析措施，例如禁止鼠标右键点击和屏蔽键盘快捷键（如Ctrl + S用于保存网页、Ctrl + U用于查看网页源代码），进一步阻碍安全研究人员的分析。 Morphing Meerkat真正独特之处在于它通过从Cloudflare或Google获取的DNS MX记录识别受害者的邮件服务提供商（如Gmail、Microsoft Outlook或Yahoo!）。随后，它会动态生成相应的虚假登录页面，以增加欺骗的可信度。 如果钓鱼套件无法识别受害者的MX记录，则会默认显示一个伪装成Roundcube的登录页面。 “这种攻击方式为攻击者带来了显著优势，”Infoblox表示。“它使攻击者能够针对特定受害者进行定向攻击，通过与受害者实际使用的邮件服务提供商高度一致的网页内容，提高欺骗成功率。” “整体钓鱼体验显得更加真实，因为登录页面的设计通常与钓鱼邮件中的消息相匹配。这种技术进一步诱骗受害者在钓鱼页面中提交他们的邮箱凭据。” 消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文