Aggregator

活动时间：2025.4.25 10:00  ~ 2025.5.11 24:00

JSRC官网报告提交页面全新升级！

活动时间：2025.4.25 10:00  ~ 2025.5.11 24:00

HackerNews 编译，转载请注明出处： 2025年第一季度，多达159个CVE编号被标记为实际遭到利用，高于2024年第四季度的151个。 VulnCheck在与《The Hacker News》共享的报告中表示：“我们持续观察到漏洞被快速利用的现象，28.3%的漏洞在其CVE公开后1天内即遭利用。”这意味着有45个安全漏洞在公开当天就被武器化用于真实攻击。另有14个漏洞在1个月内被利用，还有45个漏洞在一年内遭到滥用。 VulnCheck表示，大部分被利用漏洞存在于内容管理系统（CMS），其次是网络边缘设备、操作系统、开源软件和服务器软件。具体分类如下： 内容管理系统（CMS）（35个） 网络边缘设备（29个） 操作系统（24个） 开源软件（14个） 服务器软件（14个） 该时期被攻击的主要厂商及产品包括：微软Windows（15个漏洞）、博通VMware（6个）、Cyber PowerPanel（5个）、Litespeed Technologies（4个）和TOTOLINK路由器（4个）。 VulnCheck指出：“平均每周披露11.4个KEV漏洞，每月53个。虽然CISA KEV本季度新增80个漏洞，但其中仅有12个此前没有公开的利用证据。”在159个漏洞中，25.8%被发现正在等待或接受NIST国家漏洞数据库（NVD）分析，3.1%被赋予新的“延期”状态。 根据Verizon最新发布的《2025年数据泄露调查报告》，作为数据泄露初始访问途径的漏洞利用量增长34%，占所有入侵事件的20%。谷歌旗下Mandiant收集的数据也显示，漏洞利用连续第五年成为最常观察到的初始感染途径，而窃取凭证已超越钓鱼攻击成为第二大初始访问途径。 Mandiant表示：“在确定初始感染途径的入侵事件中，33%始于漏洞利用。这比2023年（漏洞利用占入侵初始途径的38%）有所下降，但与2022年（32%）基本持平。”尽管攻击者试图逃避检测，防御者在识别入侵方面的能力仍在持续提升。 全球驻留时间中位数（即攻击者从入侵到被检测到在系统中停留的天数）达到11天，较2023年增加1天。     消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic has been found in Rukovoditel 3.2.1. Affected is an unknown function of the file /index.php?module=help_pages/pages&entities_id=24 of the component Add Announcement Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability is traded as CVE-2022-44944. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Rukovoditel 3.2.1. Affected by this vulnerability is an unknown functionality of the file /index.php?module=help_pages/pages&entities_id=24 of the component Add Page Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability is known as CVE-2022-44946. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Rukovoditel 3.2.1. Affected by this issue is some unknown functionality of the file /index.php?module=entities/listing_types&entities_id=24 of the component Highlight Row Handler. The manipulation of the argument Note leads to cross site scripting. This vulnerability is handled as CVE-2022-44947. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Rukovoditel 3.2.1. This affects an unknown part of the file at/index.php?module=entities/entities_groups of the component Entities Group Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-44948. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Rukovoditel 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /index.php?module=entities/fields&entities_id=24 of the component Add New Field Handler. The manipulation of the argument Short Name leads to cross site scripting. This vulnerability was named CVE-2022-44949. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1 and classified as problematic. This issue affects some unknown processing of the file /index.php?module=entities/fields&entities_id=24. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2022-44950. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?module=entities/forms&entities_id=24 of the component Add New Form Tab Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is traded as CVE-2022-44951. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?module=configuration/application. The manipulation of the argument Copyright Text leads to cross site scripting. This vulnerability is known as CVE-2022-44952. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in webTareas 2.4p5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /linkedcontent/listfiles.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability is handled as CVE-2022-44953. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in webTareas 2.4p5. This affects an unknown part of the file /contacts/listcontacts.php. The manipulation of the argument Last Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-44954. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in webTareas 2.4p5. This vulnerability affects unknown code of the file /projects/listprojects.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2022-44956. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in webTareas 2.4p5. This issue affects some unknown processing of the file /clients/listclients.php. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2022-44957. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in webTareas 2.4p5. Affected is an unknown function of the file /meetings/listmeetings.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability is traded as CVE-2022-44959. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in webTareas 2.4p5. This affects the function Chat. The manipulation of the argument Messages leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-44955. It is possible to initiate the attack remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 韩国至少有六家机构已成为黑客组织“Lazarus Group”的攻击目标，此次行动代号为“SyncHole行动”。 根据卡巴斯基今日发布的报告，该活动针对韩国的软件、IT、金融、半导体制造和电信行业。最早的入侵证据于2024年11月首次被发现。 安全研究人员Ryu Sojun和Vasily Berdnikov表示：“此次行动采用了水坑攻击策略与韩国本土软件漏洞利用的复杂组合。攻击者还利用Innorix Agent的一个一日漏洞进行横向移动。” 观察到的攻击为多个已知Lazarus工具变种铺平了道路，包括ThreatNeedle、AGAMEMNON、wAgent、SIGNBT和COPPERHEDGE。这些入侵之所以特别有效，很可能是因为攻击者利用了韩国广泛使用的合法软件Cross EX的安全漏洞。该软件用于在线银行和政府网站支持防键盘记录和基于证书的数字签名。 俄罗斯网络安全厂商表示：“Lazarus Group展现出对这些技术细节的深刻理解，并采用针对韩国的组合策略——将该类软件漏洞与水坑攻击相结合。” 值得注意的是，攻击者利用Innorix Agent的安全漏洞进行横向移动，因为Lazarus Group的Andariel子集群过去曾采用类似手法传播Volgmer和Andardoor等恶意软件。 最新攻击浪潮的起点是水坑攻击，当目标访问多个韩国在线媒体网站后即激活ThreatNeedle的部署。在将访问者重定向到攻击者控制的域名之前，会使用服务器端脚本对访问者进行筛选。 研究人员表示：“我们以中等可信度评估，被重定向的网站可能执行了恶意脚本，针对目标PC上安装的Cross EX的潜在漏洞发起攻击并启动恶意软件。该脚本最终执行了合法的SyncHost.exe，并向该进程注入加载ThreatNeedle变种的shellcode。” 观察到的感染链分为两个阶段：早期使用ThreatNeedle和wAgent，随后通过SIGNBT和COPPERHEDGE建立持久性、进行侦察活动，并在受感染主机上部署凭证转储工具。 攻击中还部署了用于受害者画像和有效载荷投递的LPEClient恶意软件家族，以及名为Agamemnon的下载器——该工具可从命令与控制（C2）服务器下载并执行额外有效载荷，同时采用“地狱之门（Hell’s Gate）”技术在执行期间绕过安全解决方案。 Agamemnon下载的有效载荷之一是通过利用Innorix Agent文件传输工具安全漏洞实现横向移动的专用工具。卡巴斯基称其调查发现了Innorix Agent中另一个未公开的任意文件下载零日漏洞，目前该漏洞已被开发者修复。 卡巴斯基警告称：”预计拉Lazarus Group针对韩国供应链的专业化攻击未来将持续存在。攻击者正通过开发新恶意软件或增强现有恶意软件来尽量减少被检测风险，特别是在改进与C2的通信方式、命令结构及数据收发模式方面投入大量精力。”     消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

美国国防部希望情报界在国内开展监控、跟踪、拦截、渗透、窃听。