Aggregator

HackerNews 编译，转载请注明出处： 黑客组织宣称窃取6400万条T-Mobile用户数据，包含税务ID、设备识别码等新型敏感字段，数据时效截至2025年6月1日。若属实，这将成为T-Mobile近五年内第9次重大数据泄露。 T-Mobile在美国拥有约1.31亿客户，2024年营收超810亿美元。其多数股权由欧洲最大、全球第五大电信运营商德国电信持有。 与此同时，Cybernews研究团队分析了帖子附件中的数据样本。研究人员称，该样本于东部时间凌晨2点左右上传，包含大量敏感细节： 全名 出生日期 税务ID 完整地址 电话号码 电子邮箱地址 设备唯一识别码 网站行为追踪码 IP地址 威胁行为者可利用这些被盗信息实施身份盗窃、金融诈骗和钓鱼攻击。例如，恶意行为者可能使用个人详细信息开设欺诈账户、提交虚假纳税申报或申请贷款。同时，设备识别码、网站行为追踪码与IP地址的组合，可被用于收集用户数据、分析其在线习惯。攻击者利用此类情报对高价值目标实施鱼叉式钓鱼攻击。 研究团队无法准确判定黑客宣称窃取的6400万条记录是否对应同等数量的独立个体。Cybernews个人数据泄露检查工具显示，样本中至少部分邮箱地址曾出现在T-Mobile历史泄露事件中。团队还指出，本次泄露似乎包含此前未出现的数据类型（如电话号码），但目前无法100%验证数据真实性。 “若数据属实，暴露6400万条高度敏感信息将引发严重的身份盗窃/欺诈、监控及更精准的客户定向攻击风险，”研究团队表示。若泄露数据确属新增，受影响个人将面临严峻隐私威胁。“T-Mobile屡次发生数据泄露事件，这令人质疑其持续性安全漏洞及防护措施的有效性。” 德国电信旗下的T-Mobile在2020年代屡遭黑客攻击。去年10月，该公司因系列数据泄露事件同意支付超1575万美元罚款。和解协议覆盖四起独立事件，其中两起导致数千万客户数据暴露： 2021年8月事件影响7660万客户 2023年1月事件泄露3700万用户详细信息 和解还涉及2022年攻击者访问T-Mobile管理平台的事件，以及2023年攻击者窃取账户凭证查看特定客户数据的事件。       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

自动化爬虫介绍什么是自动化爬虫 1. 爬虫主要可以分为协议爬虫和自动化爬虫 2. 协议爬虫：模拟发送数据

APT-C-56（透明部落）针对Linux系统的DISGOMOJI变体攻击活动分析；Stealth Falcon 组织利用微软 WebDAV 0day 漏洞开展间谍活动；Bitter 使用定制工具逃避复杂攻击检测

Australian Securities Commission Says HSBC Ignored Repeated Internal Warnings
Some lessons come with a price. The recent lawsuit against HSBC by the Australian Securities and Investments Commission claims the bank prioritized profits over customer safety. Despite repeated internal warnings from its own fraud experts, HSBC failed to act.

Hackers Use TeamFiltration Penetration Testing Tool
A threat actor is using the password spraying feature of the TeamFiltration pentesting tool to launch attacks against Microsoft Entra accounts - and finding success. The threat actor has targeted more than 80,000 user accounts across roughly 100 cloud tenants.

300-Person Acquisition Expands Managed Services, Adds Legal and Forensics Expertise
The acquisition of Aon’s 300-person cyber unit enhances LevelBlue’s incident response and managed security services. It brings legal experience, global coverage and new law firm partnerships to strengthen its channel strategy and customer support, said CEO Bob McCullen.

Multi-Line Insurance Company Warns Customers of Potential Scams
Erie Indemnity Corp., which offers a wide range of insurance including Medicare supplements and cyber coverage, has notified the U.S. Securities and Exchange Commission that it has been responding to a cyber incident since last weekend. The company is also warning customers of potential scams.

WhatsApp CEO Says UK Request Sets "Dangerous Precedent"
Instant messaging app WhatsApp is seeking to join Apple's legal battle with the U.K. government over end-to-end encryption. Apple is challenging a Home Office order requiring the device maker to provide law enforcement with unencrypted copies of customer data.

HackerNews 编译，转载请注明出处： 网络安全监督组织公民实验室（Citizen Lab）披露，美国监控公司Paragon制造的间谍软件近期锁定了第二名意大利记者，这使已导致意大利总理焦尔吉娅·梅洛尼政府与Paragon终止合作的监控丑闻再添新疑点。 公民实验室在周四发布的报告中指出，调查记者西罗·佩莱格里诺（Ciro Pellegrino）的iPhone存在遭Paragon精密间谍软件攻击的证据。佩莱格里诺供职于网络媒体Fanpage，该媒体主编弗朗切斯科·坎切拉托（Francesco Cancellato）此前已公开表示，他是2025年1月收到WhatsApp间谍软件攻击警报的数十名用户之一。 Fanpage持续发布针对梅洛尼政府的批评性报道，尤其曾揭露其政党青年分支与新纳粹活动关联的独家新闻。该媒体记者遭监控的指控在意大利国内引发巨大争议。本周一，意大利政府与Paragon宣布终止合作，但双方对解约责任各执一词。 面对质询，Paragon援引其向以色列媒体《国土报》提供的声明称，曾向意大利当局提供验证系统是否被滥用的方案，但遭政府拒绝。 意大利政府未回应路透社就公民实验室报告提出的置评请求。佩莱格里诺在那不勒斯通过短信向路透社表示，发现自己成为间谍软件目标的感觉“极其可怕”，并强调手机是“存储个人健康数据、新闻来源等一切信息的生命黑匣子”。 意大利议会安全委员会（COPASIR）6月9日报告称，情报部门曾在执法工作中使用Paragon工具截获移民海上救援活动人士的通信，但“未发现针对Fanpage主编坎切拉托实施监控的证据”。人权组织“现在访问”（Access Now）高级律师纳塔利娅·克拉皮瓦指出：“佩莱格里诺的受害事实，严重质疑了议会调查的充分性。”该委员会未回应质询，仅表示保留进一步调查权。 公民实验室报告同时提到一名遭Paragon间谍软件攻击的欧洲记者（匿名），但以“保护隐私”为由拒绝透露其身份及攻击细节。       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 美国主要财产保险公司伊瑞保险（Erie Insurance）近日向监管机构及客户通报了一起网络安全事件及相关网络瘫痪。作为财富500强企业，该公司拥有超7000名员工和14000名代理人，其母公司伊瑞赔偿公司（Erie Indemnity Company）去年营收近40亿美元，目前持有超600万份有效保单。 然而，该公司昨日警告客户称，因上周六（6月7日）确认的“信息安全事件”导致“持续网络瘫痪”。公司官网公告声明： “6月7日星期六，伊瑞保险信息安全团队发现异常网络活动。我们立即采取行动应对此情况以保护系统和数据。自周六起，我们持续实施防护措施保障系统安全。 停电期间，伊瑞保险不会致电或发送电子邮件要求客户付款。最佳做法是：勿点击未知来源链接，勿通过电话或电子邮件提供个人信息。” 后一项提示表明，该公司担忧网络犯罪分子可能已获取客户数据，或正利用本次事件发起钓鱼攻击。 美国证券交易委员会文件显示，除已通报执法部门及正在执行事件响应协议外，暂无其他进展说明： “公司持续采取防护措施，并在领先第三方网络安全专家协助下开展全面的取证分析，以彻底查明事件全貌。鉴于事件发生时间较短，调查与响应仍在进行中，事件完整范围、性质及最终影响尚不明确。” 尽管具体细节未明，此次网络瘫痪极可能是该公司为遏制攻击影响范围而主动采取的隔离措施。鉴于保险公司持有大量敏感客户数据，它们已成为网络攻击的高频目标。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability has been found in Moodle and classified as critical. This vulnerability affects unknown code of the component Badge Recipient Handler. The manipulation leads to improper control of resource identifiers. This vulnerability was named CVE-2024-48900. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in PeoplePond Plugin up to 1.1.9 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-8085. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Widgets Reset Plugin up to 0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-8082. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in WP-FeedStats events-calendar Plugin up to 1.0.4 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8701. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in CYAN Backup Plugin up to 2.5.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9662. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in CYAN Backup Plugin up to 2.5.2 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9663. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in AI ChatBot for WordPress Plugin up to 6.2.3 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0329. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.