Aggregator

A vulnerability, which was classified as critical, has been found in Adobe Illustrator up to 25.4.5/26.0.2. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2022-30642. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Illustrator up to 25.4.5/26.0.2. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2022-30640. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Illustrator up to 25.4.5/26.0.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2022-30639. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Illustrator up to 25.4.5/26.0.2 and classified as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2022-30643. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.

HackerNews 编译，转载请注明出处： 网络安全研究人员发现，朝鲜国家支持的黑客组织Kimsuky发起了新型恶意攻击，利用微软远程桌面服务（RDS）的BlueKeep漏洞（CVE-2019-0708）对日韩重点行业实施系统渗透。该行动被安实验室安全应急中心（ASEC）命名为Larva-24005。 韩国网络安全公司ASEC披露：“部分系统的初始入侵途径确认为RDP协议漏洞（BlueKeep，CVE-2019-0708）利用。尽管在受控系统发现RDP漏洞扫描工具，但尚未发现实际使用证据。” 技术漏洞分析： CVE-2019-0708（CVSS评分9.8）是远程桌面服务中的高危可蠕虫漏洞，允许未认证攻击者远程执行代码，进而安装任意程序、访问数据甚至创建具备完全权限的新账户。微软已于2019年5月发布补丁修复该漏洞，但攻击者仍需通过RDP协议向目标系统发送特制请求方可利用。 攻击链扩展分析： 除BlueKeep外，攻击者还采用钓鱼邮件作为第二入侵向量，利用Equation Editor漏洞（CVE-2017-11882，CVSS评分7.8）触发恶意负载。渗透成功后，攻击者部署名为MySpy的信息窃取器及RDPWrap工具，并修改系统配置开启RDP访问权限。 攻击终局阶段： 最终投放KimaLogger和RandomQuery等键盘记录器实施按键捕获。ASEC确认，自2023年10月以来，攻击活动主要针对韩国软件、能源及金融行业，日本同为重灾区。该组织其他已知目标国家包括美国、中国、德国等13国。 防御建议： 1、立即验证CVE-2019-0708补丁状态 2、强化RDP访问控制策略 3、部署邮件安全网关过滤恶意附件 4、监控异常RDP连接行为 5、定期审计系统日志寻找入侵痕迹 据MITRE ATT&CK框架分析，本次攻击活动涉及T1190（漏洞利用）、T1204（用户执行）、T1059（命令执行）等战术阶段，符合APT组织典型作战模式。目前相关IoC指标已纳入主流威胁情报平台。     消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

一. 公司介绍今年RSAC创新沙盒10强之一的Smallstep[1] 是一家为专注于零信任、身份、证书管理

ProjectDiscovery作为2024年RSAC创新沙盒入围企业，专注于攻击面管理，以开源社区驱动的资产与漏洞发现工具著称。其明星项目Nuclei通过高效的模板扫描技术，助力企业快速识别风险，展现了强大的技术实力与行业影响力

一. 公司介绍今年RSAC创新沙盒10强之一的Smallstep[1] 是一家为专注于零信任、身份、证书管理

ProjectDiscovery作为2024年RSAC创新沙盒入围企业，专注于攻击面管理，以开源社区驱动的资产与漏洞发现工具著称。其明星项目Nuclei通过高效的模板扫描技术，助力企业快速识别风险，展现了强大的技术实力与行业影响力

首届

持续提升安全防护水平和防御能力。

首届

持续提升安全防护水平和防御能力。

首届

持续提升安全防护水平和防御能力。

Suzaku is a threat hunting and fast forensics timeline generator for cloud logs. (Imagine Hayabusa but for cloud logs instead of Windows event logs.) It is currently under active development with basic native sigma detection support for AWS...

The post Suzaku: A sigma-based threat hunting and fast forensics timeline generator for cloud logs appeared first on Penetration Testing Tools.

Mac窃密木马源代码分析

美团官方账号「小团有话说」今日再发表关于「限制骑手去其他平台接单」传闻的声明；包括两位诺贝尔奖得主，以及前总统顾问在内的 24 名经济学家联名发布了一份「反关税宣言」；，小顽童队身高 1.2 米的松延动力 N2 机器人同款上线京东拍卖平台。

MORF – Mobile Reconnaissance Framework Mobile Reconnaissance Framework is a powerful, lightweight, and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information within mobile applications. It is...

The post MORF: Mobile Reconnaissance Framework appeared first on Penetration Testing Tools.