Aggregator

Ошибки хакеров в настройках C2-серверов позволяют находить их через анализ отпечатков JA4H, что значительно упрощает обнаружение других связанных угроз.

A vulnerability was found in SCO OpenServer and Unix. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-1999-1041. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The Apache Software Foundation (ASF) has released a security update to address an important vulnera

The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that

A vulnerability was found in Apple Mac OS X 10.1. It has been classified as critical. Affected is an unknown function of the component DirectoryServices. The manipulation of the argument PATH as part of Environment Variable leads to improper privilege management. This vulnerability is traded as CVE-2003-0171. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in rcfilters Plugin 2.1.6 on RoundCube. Affected is an unknown function. The manipulation of the argument _whatfilter/_messages as part of Parameter leads to cross site scripting. This vulnerability is traded as CVE-2018-16736. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

In the Internet of Things (IoT) sector, 2025 is shaping up to be a politically charged year. Major global jurisdictions are set to implement device security regulations, coinciding with potential tariffs, shifting production dynamics, and rising geopolitical tensions. My advice for companies involved in manufacturing or using IoT devices? Prepare for the worst, but hope for the best. Geopolitical tensions are impacting IoT There’s no denying that the macro landscape is splintered. Internet infrastructure is … More →

The post 2025 is going to be a bumpy year for IoT appeared first on Help Net Security.

在本次传播过程中，攻击者继续通过构造财务、税务违规稽查通知等主题的钓鱼信息和收藏链接，通过微信群直接传播包含该木马病毒的加密压缩包文件。

为了减轻这种威胁，建议 Android 用户仅从 Google Play 下载应用程序，在安装时仔细检查权限请求，并确保 Play Protect 在其设备上处于活动状态。

近日，国家计算机病毒应急处理中心和计算机病毒防治技术国家工程实验室依托国家计算机病毒协同分析平台（https://virus.cverc.org.cn）在我国境内再次捕获发现针对我国用户的“银狐”木马

一种名为“DroidBot”的新 Android 银行恶意软件试图窃取英国、意大利、法国、西班牙和葡萄牙超过 77 个加密货币交易所和银行应用程序的凭据。据发现新 Android 恶意软件的 Clea

Auch in diesem Jahr bieten wieder Hackspaces und andere Orte die Möglichkeit, gemeinsam Vor

A vulnerability classified as critical was found in Fraunhofer Fit BSCW 3.4/4.0/4.0.6. This vulnerability affects unknown code of the component Self Registration Handler. The manipulation leads to improper privilege management. This vulnerability was named CVE-2002-0095. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS up to 10.2.0 and classified as critical. This issue affects the function JSObject::ensureLength of the component WebKit. The manipulation of the argument ensureLengthSlow leads to memory corruption. The identification of this vulnerability is CVE-2017-2521. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

小白的众测高危：

记先前某次众测，经过资产梳理，发现所有站点全部都挂了WAF，作为一名不钓鱼的挖洞小白，我估计这次又要空军。

小白生于天地之间，岂能郁郁难挖高危？

想要在挂了WAF的站点挖出高危，很难，因为这些站点，你但凡鼠标点快点，检测出了不正确动作都要给你禁IP，至于WAF绕过对于小白更是难搞。其实在众测，大部分漏洞都并非那些什么SQL注入RCE等等，而小白想要出高危，可能也只有寄托希望于未授权。

未授权接口怎么找：

有一种站点，在URL内含有#符号，这种站点的路径接口信息泄露较多，更容易出未授权。

但要注意一点，#后面的东西是不会走服务器的，所以这里如果在findsomething找到了很多东西，拼接的时候带不带#号呢？

这就要区分路由和接口了，如果看着像是路由，在这种原本就有#符号站点，就带上#符号。如果是接口，接口一般是用来进行数据交互的，所以需要走服务器，那就不能拼接#符号。

区分上述后就可以将拿到的东西以POST请求，GET请求都跑一遍，再看是否存在能用的接口，再根据接口返回情况看是否需要添加参数。

这里又是涉及一个很麻烦的点，那就是遇到接口能用，找到参数了，但参数的格式不知道，我这次讲的这个高危就遇到了这种情况，差点错过！

在将现有js里面的接口跑完后还需要注意找js里面的js里面的接口。

这里有两种常见情况：

一、js.map泄露

大多webpack打包的站点会有js.map文件，那js.map文件怎么利用呢？

首先需要下载下来：

如上图，右键检查后，在网络处找.js文件，再点击它，在右方找到js文件的路径，并在结尾加上.map访问即可下载。

之后再由reverse-sourcemap工具还原js.map文件，再由vscode等工具打开，进行接口关键字搜查。

二、大量chunk类型js泄露：

如图：

我们如果在数据包或者js文件看到这种格式内容，就可以考虑进一步利用。

首先将所有内容复制出来，再用notepad++打开：

如图进行替换成符合burp里面chunk文件的格式，再放到burp里面跑一遍，配合HAE插件可以提取更加全面的接口信息。

小白找的高危未授权接口：

我也是通过上述方法找到接口后放到burp里面跑，（跑的时候记得加参数），例如接口中有类似id=，url=，wid=等等最好自己加个参数上去。

但就是因为不知道参数类型，我险些错过这个高危漏洞。

如上图第一个接口，因为参数不正确跑出来跟其它接口一个样，不过还好我留意了一下，并且运气好，随手拼的参数居然正确了，直接下载了敏感文件，造成用户全家姓名，电话，住址，工作公司，***等等信息全部泄露。（所以这里注意：对有参数的接口即使一次没跑出信息，也要考虑是否需要对参数进行FUZZ）

并且id参数可遍历，形成大范围用户泄露，高危漏洞到手。

  

小白的众测高危：记先前某次众测，经过资产梳理，发现所有站点全部都挂了WAF，作为一名不钓鱼的挖洞小白，我估计这次又要空军。小白生于天地之间，岂能郁郁难挖高危？想要在挂了WAF的站点

A vulnerability was found in LBL tcpdump 3.9.1 and classified as problematic. Affected by this issue is the function isis_print. The manipulation leads to infinite loop. This vulnerability is handled as CVE-2005-1278. The attack may be launched remotely. Furthermore, there is an exploit available.

新闻速览 •警惕！“银狐”木马新变种直接通过微信群传播含病毒压缩包文件 •未及时报告数据泄露，OpenAI面临 […]

警惕！“银狐”木马新变种直接通过微信群传播含病毒压缩包文件；未及时报告数据泄露，OpenAI面临意大利1500万欧元罚款 |牛览 日期：2024年