Aggregator

速查！

近期，根据微步情报局跟踪及研判，发现当前存在多个漏洞被利用，涉及电子文档安全管理系统、电子邮件系统、应用程序开发框架等多个产品及软件。现汇总如下，建议企业尽快自查：Microsoft Exchange

A vulnerability classified as problematic has been found in wedevs WP Project Manager Plugin up to 2.6.15 on WordPress. This affects an unknown part of the file /wp-json/pm/v2/projects/1/task-lists of the component Project Task List. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-10548. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in QNAP QuFirewall up to 2.3.2. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to command injection. This vulnerability is handled as CVE-2023-23356. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in QNAP QTS, QuTS hero and QuTScloud. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to resource consumption. This vulnerability is known as CVE-2022-27600. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Sterling B2B Integrator up to 5.2.6.5/6.0.0.6/6.0.3.4/6.1.0.2. It has been classified as problematic. Affected is an unknown function of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2021-20553. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Robotic Process Automation 21.0.1/21.0.2/21.0.3 and classified as problematic. This issue affects some unknown processing. The manipulation leads to insufficiently protected credentials. The identification of this vulnerability is CVE-2022-33954. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Acrobat Reader up to 20.005.30418/22.003.20281/22.003.20282 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2023-21586. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

US considers banning TP-Link routers over cybersecurity concerns

The U.S. government may ban TP-Link routers in 2025 if investigations confirm their use could pose a national security risk. The U.S. government is investigating whether TP-Link routers, linked to cyberattacks, pose a national security risk, the Wall Street Journal reported. According to the WSJ, the U.S. government is considering banning TP-Link routers starting in […]

A vulnerability, which was classified as problematic, was found in IBM InfoSphere Information Server 11.7. This affects an unknown part. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is uniquely identified as CVE-2021-29827. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Kanban up to 1.2.42. Affected by this issue is some unknown functionality of the file app/Core/Session/SessionHandler.php. The manipulation leads to session expiration. This vulnerability is handled as CVE-2024-55603. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

一项新的社会工程活动显示，大量攻击者利用微软Teams作为部署已知恶意软件DarkGate的手段。

主站 分类 漏洞 工具 极客

A vulnerability classified as problematic was found in IBM DB2 and DB2 Connect Server 10.5/11.1 /11.5. Affected by this vulnerability is an unknown functionality of the component Query Handler. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2023-30443. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

error code: 521

卡巴斯基研究人员将多起针对性攻击与一个名为“The Mask”的网络间谍组织联系起来。该 APT 组织于 2019 年和 2022 年针对拉丁美洲的一个组织发起攻击。 威胁组织访问了 MDaemon 电子邮件服务器并使用其 WorldClient 网络邮件组件在受感染的组织内保持持久性。 WorldClient 组件的身份验证面板 卡巴斯基发布的分析报告称：“攻击者使用的持久性方法基于 WorldClient，允许加载处理从客户端到电子邮件服务器的自定义 HTTP 请求的扩展程序。” “这些扩展程序可以通过 C:\MDaemon\WorldClient\WorldClient.ini 文件进行配置” “The Mask”APT组织（又名“Careto” [西班牙语，意为“丑陋的脸”或“面具”]）是一个备受瞩目的受国家支持的黑客组织，其目标一直是政府机构、外交机构、大使馆、外交办公室和能源公司。 卡巴斯基于 2014 年首次发现该 APT 组织，但专家认为该网络间谍活动已持续了五年多。当时，卡巴斯基称这是他们迄今为止见过的最复杂的 APT 行动。 Mask APT 自 2007 年起就已活跃，它展示了使用复杂植入物的能力，通常通过0day漏洞进行传播。 专家们尚未确定该 APT 组织的来源，但他们还注意到该组织讲西班牙语，并且针对全球 30 多个国家。 在最近的攻击中，The Mask 使用恶意扩展进行侦察、文件系统交互和有效载荷执行。 2024 年初，攻击者利用 hmpalert.sys 驱动程序和 Google Updater 部署了一个名为 FakeHMP 的新植入程序，可实现文件检索、键盘记录、屏幕截图和其他有效载荷。他们还部署了麦克风录音机和文件窃取程序。 在调查 2022 年的攻击时，研究人员注意到受害组织在 2019 年也遭受过使用“Careto2”和“Goreto”框架的攻击。攻击者使用加载器、安装程序和辅助注册表文件部署了 Careto2，然后通过 COM 劫持保持持久性。该框架从虚拟文件系统加载插件，插件名称被哈希化为 DJB2 值。 “距离我们上次看到 Careto 网络攻击已经过去了 10 年，但该攻击者仍然像以前一样强大。这是因为 Careto 能够发明非凡的感染技术，例如通过 MDaemon 电子邮件服务器持久化或通过 HitmanPro Alert 驱动程序植入加载，以及开发复杂的多组件恶意软件。” 报告总结道。“虽然我们无法估计社区需要多长时间才能发现该攻击者的下一次攻击，但我们相信他们的下一次活动将与之前的一样复杂。”   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/7C4Xm3xCiGziXGXwr4SUGg 封面来源于网络，如有侵权请联系删除

企业资讯