Aggregator

12月26日，《三个白帽聊安全》直播对话，携好礼等你来！

12月26日，《三个白帽聊安全》直播对话，携好礼等你来！

A vulnerability classified as critical has been found in Mozilla Firefox up to 3.0.10. This affects an unknown part. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2009-1834. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to threats. In this article, you will find excerpts from 2024 open-source security reports that can help your organization strengthen its software security practices. 70% of open-source components are poorly or no longer maintained Regardless of geographic origin, the average mid-size application has several disturbing trends leading to critical vulnerabilities. Open-source contributes 2 to 9 times … More →

The post What open source means for cybersecurity appeared first on Help Net Security.

A vulnerability was found in systemd and classified as critical. Affected by this issue is some unknown functionality of the component DynamicUser Property Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2019-3844. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Sun JRE. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2010-0840. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Adobe Flash Player. It has been classified as critical. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-4176. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Soundtouch 1.9.2. It has been classified as problematic. Affected is the function TDStretchSSE::calcCrossCorr of the file source/SoundTouch/sse_optimized.cpp of the component WAV File Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-9260. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Matrix 首页推荐 Matrix 是少数派的写作社区，我们主张分享真实的产品体验，有实用价值的经验与思考。我们会不定期挑选 Matrix 最优质的文章，展示来自用户的最真实的体验和观点。文章代

A vulnerability classified as problematic has been found in Mozilla Firefox. Affected is an unknown function. The manipulation leads to configuration. This vulnerability is traded as CVE-2009-1312. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in Linux Kernel 2.6.23. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2009-0065. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

作者：Ryan Greenblatt, Carson Denison等 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/abs/2412.14093v1 摘要 我们在此呈现了一项关于大型语言模型在训练过程中进行“对齐伪装”行为的演示：该模型有选择地遵从其训练目标，以防止其行为在训练之外被改变。具体来说，我们首先向Claude 3 Opus模型提供了一个系统提示...

error code: 521

A vulnerability was found in Microsoft Word 2003. It has been declared as critical. This vulnerability affects unknown code of the component DOC Document Handler. The manipulation as part of Embedded Image leads to improper resource management. This vulnerability was named CVE-2013-6801. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Philippe Jounin Tftpd32. Affected is an unknown function. The manipulation leads to format string. This vulnerability is traded as CVE-2013-6809. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Quickheal AntiVirus Pro 7.0.0.1. This affects an unknown part in the library pepoly.dll. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2013-6767. The attack needs to be approached locally. Furthermore, there is an exploit available.

error code: 521

HackerNews 编译，转载请注明出处： 一种全新的Microsoft 365钓鱼即服务（PaaS）平台，名为“FlowerStorm”，正在网络空间中迅速崛起，并成功填补了此前Rockstar2FA网络犯罪服务平台因意外关闭而留下的市场空缺。 据Trustwave的记录显示，Rockstar2FA作为一种专门支持大规模中间人攻击（AiTM）的PaaS平台，其主要目标是窃取Microsoft 365用户的凭证信息。该平台以其先进的规避技术、直观易用的控制面板以及多样化的钓鱼选项，向网络犯罪分子提供了为期两周的访问权限，费用高达200美元。 然而，在2024年11月11日，Rockstar2FA遭遇了部分基础设施的重大故障，导致多个服务页面无法正常访问。Sophos的研究员Sean Gallagher和Mark Parsons指出，此次故障似乎并非由执法机构的行动引发，而更可能源于技术层面的失误。 就在Rockstar2FA陷入困境的几周后，FlowerStorm这一新平台悄然出现在网络上，并迅速吸引了大量关注。   Rockstar2FA的检测情况 Sophos的研究发现，新兴的FlowerStorm服务与之前的Rockstar2FA在多个方面存在显著共性，这引发了人们对其是否为同一运营者为了降低曝光风险而改名的猜测。具体而言，Sophos识别出以下相似之处： 两个平台都使用模拟合法登录页面（如Microsoft）的钓鱼门户来窃取凭证和多因素认证（MFA）令牌，依赖于托管在.ru和.com等域名上的后台服务器。Rockstar2FA使用随机PHP脚本，而FlowerStorm则统一使用next.php。 钓鱼页面的HTML结构非常相似，包含随机文本注释、Cloudflare“旋转门”安全功能和类似“初始化浏览器安全协议”的提示。Rockstar2FA使用汽车主题，而FlowerStorm则改为植物主题，但底层设计保持一致。 凭证收集方法高度一致，使用诸如电子邮件、密码和会话跟踪令牌等字段。两个平台都支持通过后台系统进行电子邮件验证和MFA认证。 域名注册和托管模式有显著重叠，广泛使用.ru和.com域名及Cloudflare服务。它们的活动模式在2024年底显示出同步的波动，可能暗示有协调行动。 两个平台都出现了操作失误，暴露了后台系统，并展示了高度可扩展性。Rockstar2FA管理超过2000个域名，而FlowerStorm在Rockstar2FA崩溃后迅速扩展，暗示共享框架。 Sophos总结道：“尽管我们不能完全确定Rockstar2FA与FlowerStorm之间存在直接的关联，但两者在工具包内容上的高度相似性表明它们至少有着共同的起源或技术背景。”同时，Sophos也指出，“域名注册的相似模式可能反映了FlowerStorm和Rockstar在某种程度上的协调合作，但也有可能是市场力量驱动的结果。” 无论FlowerStorm的崛起背后有何种故事，对于用户和组织而言，它都是一个不容忽视的新威胁。该平台支持破坏性的钓鱼攻击，可能导致全面的网络入侵和数据泄露。 Sophos的遥测数据显示，约63%的组织和84%的FlowerStorm攻击目标用户位于美国。其中，服务、制造业、零售和金融服务等行业成为最受攻击的目标。 为了有效防范钓鱼攻击，建议用户和组织采取以下措施： 使用支持AiTM抗性FIDO2令牌的多因素认证（MFA）技术； 部署电子邮件过滤解决方案以拦截恶意邮件； 使用DNS过滤技术来阻止对可疑域名的访问（如.ru、.moscow和.dev等）。   消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文