Aggregator

底座基于Grok和Mixtral

首先声明，也是刚开始玩IoT，学习了解路由器这些固件模拟以及漏洞复现，菜鸟一个，主要是记录一下自己走过的坑。

Currently trending CVE - Hype Score: 2 - TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Currently trending CVE - Hype Score: 1 - Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from ...

Currently trending CVE - Hype Score: 1 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to ...

HackerNews 编译，转载请注明出处： 网络安全研究人员发现两个本地权限提升（LPE）漏洞，攻击者可借此在主流Linux发行版中获取root权限。Qualys披露的两处漏洞如下： CVE-2025-6018：SUSE 15的可插拔认证模块（PAM）配置缺陷，允许普通用户获取“活跃用户权限”（allow_active） CVE-2025-6019：通过udisks守护进程，利用libblockdev漏洞将活跃用户权限提升至root Qualys威胁研究部门高级经理Saeed Abbasi指出：“这类现代‘本地到root’漏洞利用技术，彻底消除了普通登录用户与完全控制系统之间的安全屏障。攻击者通过串联udisks合法功能（如循环挂载）和PAM/环境特性，能在数秒内突破polkit的allow_active信任区，获取root控制权。” 漏洞细节 CVE-2025-6018存在于openSUSE Leap 15和SUSE Enterprise 15的PAM配置中，致使远程SSH等普通会话被误判为物理在场操作，从而授予本应受限的polkit操作权。 CVE-2025-6019则影响默认安装于多数Linux发行版的udisks服务，结合前漏洞可让攻击者获得完整root权限。Abbasi强调：“尽管名义上需要‘allow_active’权限，但udisks几乎预装在所有Linux系统中。而包括本次PAM漏洞在内的技术，进一步削弱了权限壁垒。” 攻击后果 获取root权限后，攻击者能完全控制系统：关闭安全防护（如EDR）、植入持久后门、篡改配置，并将受控设备作为渗透内网的跳板。 影响范围与验证 Qualys已开发概念验证（PoC）代码，确认漏洞影响Ubuntu、Debian、Fedora及openSUSE Leap 15等主流发行版。其中openSUSE/SUSE同时受两漏洞影响，其他发行版主要面临CVE-2025-6019风险。 修复方案 立即安装补丁：各发行版已推送libblockdev安全更新（如Debian/Ubuntu需升级至libblockdev≥2.30或3.3.1） 临时缓解措施： 修改polkit规则，将org.freedesktop.udisks2.modify-device操作的allow_active=yes设为auth_admin 非必要场景可关闭udisks服务：systemctl mask udisks2.service 关联漏洞披露 Linux PAM维护者同时修复高危路径遍历漏洞CVE-2025-6020（CVSS 7.8）。该漏洞存在于pam_namespace模块（≤1.7.0版本），允许本地用户通过符号链接攻击和竞争条件提权至root。缓解方案包括禁用pam_namespace或确保其不操作用户可控路径。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

根据2025年06月05日考试及之前备考笔记整理的CISSP备考指南

HackerNews 编译，转载请注明出处： OpenAI与美国国防部签署价值2亿美元的合同，旨在提升其人工智能能力，包括强化网络防御。该公司本周宣布启动“OpenAI for Government”计划，通过AI解决方案增强美国政府工作人员的效能。 美国国防部（DoD）将成为该计划的首个受益方，通过其首席数字与人工智能办公室（CDAO）开展试点项目。OpenAI声明称：“这份上限2亿美元的合同将借助OpenAI行业领先的专业能力，帮助国防部探索前沿AI如何变革行政运营——从优化军人及家属的医疗保健服务，到精简项目与采购数据处理，再到支持主动网络防御。”该公司同时强调“所有应用场景必须符合OpenAI的使用政策和准则”。 国防部表示，这笔资金将用于开发“原型前沿AI能力，以应对作战领域和企业领域的关键国家安全挑战”。网络安全媒体SecurityWeek已联系OpenAI获取更多网络防御能力细节，若获回应将更新报道。 AI治理与应用安全公司PointGuard AI高级官员Willy Leichter通过邮件评论：“生成式AI必将在国防和行政运营中发挥关键作用。鉴于AI发展的迅猛势头，外包给行业领导者比政府完全自主开发更切实可行。以国防部的标准看，2亿美元投入或许不算庞大，但这份一年期合同让OpenAI获得了宝贵的机会来原型开发广泛用例。如同私营领域，许多AI实验可能不尽如人意，但另一些或带来突破性成果。关键在于快速推进，而本次计划已迈出坚实的第一步。”       消息来源： securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 新型安卓恶意软件“Godfather”通过虚拟环境窃取银行数据。该恶意软件利用嵌入虚拟化框架的APK文件，整合开源工具VirtualApp引擎和Xposed框架创建隔离环境。当用户设备安装目标银行应用时，恶意程序将其置入虚拟容器，通过“桩活动”(StubActivity)在宿主应用中启动。此举欺骗安卓系统使其误判为合法应用运行，实则拦截并操控所有操作。 核心欺骗技术 意图劫持：利用无障碍服务权限拦截银行应用启动指令，将其重定向至虚拟容器内的桩活动 视觉伪装：用户所见界面与真实银行应用完全一致，但所有交互数据（账号、密码、PIN码、触屏操作）均通过API钩子技术被窃取 场景欺骗：在关键操作节点弹出虚假锁屏界面诱骗输入密码，执行交易时显示伪装更新/黑屏界面掩盖后台操作 相比2022年Group-IB分析的版本（仅覆盖400个应用、16国），新版具备三大突破： 攻击范围：目标应用扩展至全球500余个银行/加密货币/电商平台 虚拟化深度：构建完整虚拟文件系统，伪造虚拟进程ID，实现更彻底的运行环境隔离 设备兼容：通过桩活动声明机制规避安卓系统对未注册活动的检测 威胁演变轨迹 2021年3月：由ThreatFabric首次发现，初代版本基于银行木马Anubis代码改造 2022年12月：进化至采用HTML覆盖攻击界面，移除GPS跟踪等冗余功能 2024年6月：Zimperium捕获最新变种，确认其具备虚拟环境操控能力，当前主要针对土耳其银行，但底层框架支持全球多区域攻击 防御建议 仅通过Google Play或可信渠道安装应用 启用Play Protect防护功能并定期更新系统 警惕应用索取的权限请求，特别是无障碍服务权限 该攻击模式与2023年末出现的FjordPhantom恶意软件类似，均通过虚拟化技术绕过检测。但Godfather的攻击广度与技术复杂度显著提升，标志着移动银行威胁进入新阶段。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Mozilla Thunderbird up to 102.8. It has been classified as problematic. Affected is an unknown function of the component JIT Code Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-25751. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 110. It has been classified as critical. This affects an unknown part of the component JIT Code Handler. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2023-25751. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 110. Affected by this issue is some unknown functionality of the component Throttled Stream Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2023-25752. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Thunderbird up to 102.8. This affects an unknown part of the component Throttled Stream Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2023-25752. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in libarchive up to 3.3.x. Affected by this issue is some unknown functionality of the file archive_read_support_format_rar.c. The manipulation leads to use after free. This vulnerability is handled as CVE-2019-18408. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in libarchive 3.4.0. This affects the function archive_wstring_append_from_mbs of the file archive_string.c. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2019-19221. An attack has to be approached locally. There is no exploit available.

A vulnerability, which was classified as critical, was found in libarchive. This affects an unknown part of the component Access Control List Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2021-23177. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in libarchive and classified as critical. This vulnerability affects unknown code of the component Access Control List Handler. The manipulation leads to link following. This vulnerability was named CVE-2021-31566. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was suspected in pymongo up to 4.6.2. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was found in Linux Kernel 6.2.16. It has been classified as problematic. Affected is the function ipv4_send_dest_unreach of the file net/ipv4/route.c of the component IPv4 Handler. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-42754. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.