Aggregator

This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of April to June 2024. The...

A vulnerability was found in LaVague 0.3. It has been classified as critical. Affected is an unknown function of the file views/print/printbar.php. The manipulation of the argument views_path leads to file inclusion. This vulnerability is traded as CVE-2007-2607. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

网络安全研究人员发现了一组新的恶意 Python 包，它们以编码评估为幌子针对软件开发人员。 ReversingLabs 研究员 Karlo Zanki表示：“新的样本被追踪到 GitHub 项目，该项目与之前的针对性攻击有关，这些攻击使用虚假的求职面试来引诱开发人员。” 该活动被认为是正在进行的被命名为 VMConnect 的黑客活动的一部分，该活动于 2023 年 8 月首次曝光。有迹象表明，这是朝鲜支持的 Lazarus Group 所为。 朝鲜黑客组织广泛使用求职面试作为感染媒介，他们要么在 LinkedIn 等网站上接触毫无戒心的开发人员，要么诱骗他们下载恶意软件包作为所谓的技能测试的一部分。 这些软件包已直接发布在 npm 和 PyPI 等公共存储库上，或托管在其控制下的 GitHub 存储库上。 ReversingLabs 表示，它发现了嵌入在合法 PyPI 库（如pyperclip和pyrebase ）的修改版本中的恶意代码。 Zanki 表示：“恶意代码存在于 __init__.py 文件及其对应的编译后的 Python 文件（PYC）中，这些文件位于各个模块的 __pycache__ 目录内。” 它以 Base64 编码字符串的形式实现，掩盖了下载器功能，该功能与命令和控制 (C2) 服务器建立联系，以执行作为响应收到的命令。 在软件供应链公司发现的一个编码任务实例中，攻击者试图通过要求求职者在五分钟内构建以 ZIP 文件形式共享的 Python 项目并在接下来的 15 分钟内查找并修复编码缺陷来创造一种虚假的紧迫感。 这使得“攻击者更有可能在未执行任何类型的安全甚至源代码审查的情况下执行该软件包”，Zanki 表示，并补充道，“这确保了此次活动背后的恶意行为者能够在开发人员的系统上执行嵌入的恶意软件。” 上述一些测试声称是针对 Capital One 和 Rookery Capital Limited 等金融机构进行的技术面试，突显攻击者如何冒充该行业的合法公司来完成操作。 目前尚不清楚这些活动的范围有多广，谷歌旗下的 Mandiant 最近也强调，他们会使用 LinkedIn 来搜寻和联系潜在目标。 该公司表示：“在初步聊天对话后，攻击者发送了一个 ZIP 文件，其中包含伪装成 Python 编码挑战的 COVERTCATCH 恶意软件，该恶意软件会下载通过启动代理和启动守护程序持续存在的第二阶段恶意软件来危害用户的 macOS 系统。” 网络安全公司 Genians透露，代号为Konni的朝鲜黑客组织正在加强对俄罗斯和韩国的攻击，通过使用鱼叉式网络钓鱼诱饵来部署 AsyncRAT，并且与代号为CLOUD#REVERSER（又名 puNK-002）的行动有重叠。 其中一些攻击还涉及传播一种名为CURKON的新恶意软件，这是一种 Windows 快捷方式 (LNK) 文件，可用作Lilith RAT的 AutoIt 版本的下载器。 根据 S2W 的说法，该活动已链接到跟踪为 puNK-003 的子集群。 技术报告：https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/G_KWKOfvr-fR6ru0Hmwh1A 封面来源于网络，如有侵权请联系删除

A vulnerability was found in Gallagher Controller 6000 and Controller 7000. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-24972. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Gallagher Controller 6000 and Controller 7000 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component OSDP Message Handler. The manipulation leads to incorrect calculation of buffer size. This vulnerability is known as CVE-2024-39808. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Ivanti Endpoint Manager up to 2022 SU5/2024 and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authentication. This vulnerability was named CVE-2024-8320. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ivanti Endpoint Manager up to 2022 SU5/2024 and classified as critical. This issue affects some unknown processing. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2024-8321. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ivanti Endpoint Manager up to 2022 SU5/2024. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2024-8441. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Ivanti Workspace Control up to 10.18.50.0. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-8012. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Ivanti Endpoint Manager up to 2022 SU5/2024. This issue affects some unknown processing of the component Management Console. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-8191. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Ivanti Endpoint Manager up to 2022 SU5/2024. Affected is an unknown function. The manipulation leads to weak authentication. This vulnerability is traded as CVE-2024-8322. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Phishing remains a significant concern for both individuals and organizations. Recent findings from ThreatLabz have highlighted the alarming prevalence of phishing attacks targeting major brands, with Google, Microsoft, and Amazon emerging as the top three most impersonated companies. This article explores the intricacies of these phishing tactics, the role of certificate authorities and domain registrars, […]

The post Hackers Mimic Google, Microsoft & Amazon Domains for Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Комбинация старых уязвимостей и новых методов поражает тысячи девайсов.

在这个信息爆炸的时代，开源情报已成为一种潮流和趋势。越来越多的人开始关注开源，参与到开源情报的行列中来。

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. This vulnerability is uniquely identified as CVE-2024-8655. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. It is recommended to apply restrictive firewalling.