Aggregator

A vulnerability was found in Celk Saude 3.1.252.1 and classified as problematic. This issue affects some unknown processing. The manipulation of the argument erro leads to basic cross site scripting. The identification of this vulnerability is CVE-2024-51182. The attack may be initiated remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 美国网络安全与基础设施安全局（CISA）周四警告美国联邦机构，需防范针对微软 Outlook 关键远程代码执行（RCE）漏洞的攻击。 该漏洞由 Check Point 的漏洞研究人员 Haifei Li 发现，编号为 CVE-2024-21413，CVSS 评分为 9.8。漏洞源于在使用易受攻击的 Outlook 版本打开包含恶意链接的电子邮件时，未正确验证输入。 攻击者利用此漏洞可以绕过受保护视图（Protected View），以编辑模式而非只读模式打开恶意 Office 文件，从而获得远程代码执行能力。微软在一年前修补了该漏洞，并警告称即使在预览恶意构建的 Office 文档时，预览窗格也是一个攻击向量。 Check Point 解释称，这一安全漏洞（代号为 Moniker Link）允许威胁行为者绕过 Outlook 对电子邮件中嵌入的恶意链接的内置保护，方法是使用 file:// 协议并在指向攻击者控制的服务器的 URL 中添加感叹号。 CISA 已将该漏洞添加到其已知被利用漏洞（KEV）目录中，并根据强制性业务指令（BOD）22-01，要求联邦机构在 2 月 27 日前的三周内确保其网络的安全。 “这类漏洞是恶意网络行为者频繁利用的攻击向量，对联邦企业构成重大风险，”该网络安全机构警告。 虽然 CISA 主要关注提醒联邦机构尽快修补这些漏洞，但私营组织也被建议优先修补这些漏洞，以阻止正在进行的攻击。   消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, has been found in EthereumICO Plugin up to 2.4.6 on WordPress. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12921. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Bulk Me Now Plugin up to 2.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-12638. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Bulk Me Now Plugin up to 2.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12708. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Tracking Code Manager Plugin up to 2.3.x on WordPress. Affected is an unknown function of the component Metabox Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10309. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 据韩国网络安全公司AhnLab Security Intelligence Center（ASEC）2月6日消息，与朝鲜有关的国家级黑客组织Kimsuky被发现利用名为forceCopy的信息窃取恶意软件进行鱼叉式网络钓鱼攻击。 攻击活动始于2024年3月，攻击者通过伪装成Microsoft Office或PDF文档的Windows快捷方式（LNK）文件的钓鱼邮件开始攻击。打开附件会触发PowerShell或mshta.exe的执行，这些是微软合法的二进制文件，用于下载和运行来自外部源的下一阶段有效载荷。 此次攻击最终部署了已知的木马PEBBLEDASH和开源远程桌面工具RDP Wrapper的自定义版本。攻击者还使用了代理恶意软件，通过RDP建立与外部网络的持久通信。此外，Kimsuky还被发现使用基于PowerShell的键盘记录器记录按键，并使用新的forceCopy窃取恶意软件复制存储在Web浏览器相关目录中的文件。 “所有恶意软件安装的路径都是Web浏览器的安装路径，”ASEC表示。“据推测，威胁行为者试图绕过特定环境中的限制，窃取存储凭据的Web浏览器配置文件。” 使用RDP Wrapper和代理工具来控制受感染主机，表明Kimsuky的战术发生了变化，该组织历史上一直使用定制的后门程序。 Kimsuky，也被称为APT43、Black Banshee、Emerald Sleet、Sparkling Pisces、Springtail、TA427和Velvet Chollima，被认为与朝鲜主要对外情报机构侦察总局（Reconnaissance General Bureau）有关。 自2012年以来，Kimsuky一直活跃，擅长组织定制的社会工程攻击，能够绕过电子邮件安全防护。2024年12月，网络安全公司Genians透露，该黑客组织一直在发送来自俄罗斯服务的钓鱼信息，以进行凭证窃取。   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

reFlutter This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has a snapshot deserialization process modified...

The post reFlutter: Flutter Reverse Engineering Framework appeared first on Penetration Testing Tools.

RTI-Toolkit RTI-Toolkit is an open-source PowerShell toolkit for Remote Template Injection attacks. This toolkit includes a PowerShell script named PS-Templator.ps1 which can be used from both an attacking and defensive perspective. The following tables present...

The post RTI-Toolkit: open-source PowerShell toolkit for Remote Template Injection attacks appeared first on Penetration Testing Tools.

MSSqlPwner MSSqlPwner is an advanced and versatile pentesting tool designed to seamlessly interact and pwn MSSQL servers. That tool is based on impacket, which allows attackers to authenticate to databases using clear-text passwords NTLM...

The post MSSqlPwner: pentesting tool designed to seamlessly interact and pwn MSSQL servers appeared first on Penetration Testing Tools.

A vulnerability was found in Infoseek Ultraseek Server 3.1. It has been declared as critical. This vulnerability affects unknown code of the component HTTP GET Handler. The manipulation as part of Long Request leads to memory corruption. This vulnerability was named CVE-1999-0996. The attack can be initiated remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： 网络安全公司卡巴斯基周二表示，其检测并阻止了一次由SparkCat恶意软件发起的攻击，该软件利用光学字符识别（OCR）技术从图像中提取加密钱包的恢复短语。 这次攻击活动始于2024年3月，通过在苹果和谷歌的应用商店上分发虚假应用来窃取用户的加密钱包助记词。这些应用伪装成人工智能、食品配送和Web3应用，虽然其中一些应用似乎提供了合法功能，但实际上却隐藏着恶意软件。 卡巴斯基研究人员德米特里·卡利宁和谢尔盖·普扎表示，这些应用会解密并启动一个使用谷歌ML Kit库构建的OCR插件，用于识别图库中图像中的文本。匹配从命令和控制（C2）服务器接收到的关键词的图像会被发送到服务器。 值得注意的是，这是首次在苹果应用商店中发现具有OCR功能的恶意软件。谷歌应用商店中的受感染应用下载量已超过242,000次。 SparkCat恶意软件的iOS版本同样依赖谷歌的ML Kit库进行OCR操作，以窃取包含助记词的图像。该恶意软件的一个显著特点是使用基于Rust的通信机制与C2服务器进行通信，这在移动应用中较为罕见。 进一步分析关键词和这些应用的可用区域表明，该活动主要针对欧洲和亚洲的用户。研究人员评估认为，此次恶意活动是由一名精通中文的威胁行为者所为。 “该木马特别危险的地方在于，其应用内没有任何恶意植入的迹象，”研究人员表示，“它所请求的权限可能看起来是其核心功能所需的，或者乍一看似乎无害。” 与此同时，网络安全公司Zimperium zLabs披露了另一针对印度安卓设备用户的移动恶意软件活动，该活动通过WhatsApp分发恶意APK文件，伪装成银行和政府应用，以窃取用户的敏感信息和财务数据。 Zimperium zLabs表示，已识别出与该活动相关的1,000多个虚假应用，攻击者利用大约1,000个硬编码电话号码作为短信和一次性密码（OTP）的泄露点。 “与传统依赖C&C服务器窃取OTP的银行木马不同，此次恶意软件活动利用真实电话号码重定向短信，为执法机构追踪幕后威胁行为者留下了可追溯的数字线索，”安全研究员阿齐姆·亚斯万特表示。 此次攻击活动名为FatBoyPanel，目前已收集了约2.5GB的敏感数据，这些数据全部托管在无需身份验证即可访问的Firebase端点上。 这包括来自印度银行的短信、银行详细信息、信用卡和借记卡信息，以及约50,000名用户的政府颁发身份证明细节，其中大多数用户位于印度的西孟加拉邦、比哈尔邦、贾坎德邦、卡纳塔克邦和中央邦。 这些事件敲响了警钟，提醒用户在下载应用时，即使是在官方应用商店中，也应仔细审查应用代码，包括检查开发者的真实性。 这一情况也与2024年针对苹果macOS系统的24个新恶意软件家族的出现相吻合，较2023年的21个有所增加，据安全研究员帕特里克·沃德尔表示。 这与针对桌面操作系统用户的InfoStealer攻击激增相一致，如Poseidon、Atomic和Cthulhu等。 “利用macOS的InfoStealer通常会利用原生的AppleScript框架，”Palo Alto Networks Unit 42的研究人员汤姆·法克特曼、陈艾利克和汤姆·莎伦在本周发布的一份报告中表示。 “该框架提供了广泛的操作系统访问权限，并且其自然语言语法简化了执行过程。由于这些提示可能看起来像是合法的系统提示，威胁行为者利用这一框架通过社会工程手段诱骗受害者。”   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

2月7日19点30白帽子章华鹏开年第一场直播预告

2月7日19点30白帽子章华鹏开年第一场直播预告

A vulnerability, which was classified as problematic, has been found in Bulk Me Now Plugin up to 2.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-12709. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in jetmonsters Stratum Plugin up to 1.4.7 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13642. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in kstover Ninja Forms Plugin up to 3.8.24 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13470. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the argument data_info[content] leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0871. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation of the argument browserLang leads to cross site scripting. This vulnerability is known as CVE-2025-0869. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in cyberchimps Responsive Blocks Plugin up to 1.9.9 on WordPress. This issue affects some unknown processing. The manipulation of the argument section_tag leads to cross site scripting. The identification of this vulnerability is CVE-2024-13732. The attack may be initiated remotely. There is no exploit available.