Aggregator

A vulnerability classified as critical has been found in Trend Micro Apex One. Affected is an unknown function. The manipulation leads to file inclusion. This vulnerability is traded as CVE-2023-47202. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Trend Micro Apex One and classified as critical. This vulnerability affects unknown code. The manipulation leads to origin validation error. This vulnerability was named CVE-2023-47196. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Trend Micro Apex One and classified as critical. This issue affects some unknown processing. The manipulation leads to origin validation error. The identification of this vulnerability is CVE-2023-47197. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Trend Micro Apex One Security Agent. This vulnerability affects unknown code. The manipulation leads to link following. This vulnerability was named CVE-2023-47192. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple tvOS and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Privacy Preferences. The manipulation leads to improper access controls. This vulnerability is known as CVE-2023-40528. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS and classified as problematic. Affected by this issue is some unknown functionality of the component Privacy Preferences. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2023-40528. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Meross MSH30Q up to 4.5.23 and classified as problematic. Affected by this issue is some unknown functionality of the component Device Setup. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is handled as CVE-2023-46889. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Meross MSH30Q 4.5.23. This vulnerability affects unknown code of the component Radio Frequency Communication Protocol. The manipulation leads to authentication bypass by capture-replay. This vulnerability was named CVE-2023-46892. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in MathTex up to 1.05 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2023-51890. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in SpliceCom Maximiser Soft PBX up to 1.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SSL Certificate. The manipulation leads to channel accessible by non-endpoint. This vulnerability is handled as CVE-2023-33760. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in kafka-ui up to 0.7.1. It has been declared as critical. This vulnerability affects unknown code of the file /api/clusters/local/topics/{topic}/messages. The manipulation of the argument q leads to code injection. This vulnerability was named CVE-2023-52251. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Plone Docker Official Image 5.2.13. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation of the argument Host leads to privilege escalation. This vulnerability is known as CVE-2024-23055. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in CHIGASAKI BAKERY mini-app on Line 13.6.1. It has been classified as problematic. Affected is an unknown function of the component Channel Access Token Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-48131. The attack can only be initiated within the local network. There is no exploit available.

HackerNews 编译，转载请注明出处： Predatory Sparrow黑客组织宣称对伊朗赛帕银行（Bank Sepah）发动网络攻击，称此举旨在报复该银行涉嫌资助伊朗军事及核计划。 此次攻击于6月17日凌晨发生，据伊朗伊斯兰革命卫队关联媒体报道，赛帕银行的客户服务系统遭破坏，造成账户访问障碍、取款及刷卡支付问题。 攻击还波及依赖该银行处理交易的伊朗加油站系统。事件发生时，部分德黑兰居民因担忧地区冲突升级而连夜逃离。当地报道称，袭击后赛帕银行多家分行关闭，政府雇员和安全人员的工资发放亦出现延迟。 该组织在社交媒体X上发布声明，宣称“在勇敢的伊朗人协助下摧毁了银行基础设施”，并警告：“这就是致力于维护独裁者恐怖主义野心的机构的下场。”此次网络攻击紧随以色列空袭伊朗核设施及关键基础设施之后，而伊朗此前亦对以色列目标实施了报复性打击。安全专家指出，冲突已蔓延至网络空间，引发国家支持的黑客组织及其附属黑客活动团队的连锁行动。 Predatory Sparrow（波斯语名Gonjeshke Darande）被广泛认为与以色列军事情报机构有关。该组织此前曾宣称对伊朗国有钢铁公司、加油站及燃料分配系统发动过重大网络攻击。截至发稿，伊朗官方及赛帕银行均未回应此次袭击。值得提及的是，赛帕银行因涉嫌协助伊朗开发可携带核弹头的导弹，于2007年遭美国制裁，但银行否认相关指控。 特拉维夫网络安全公司Radware近期报告指出，尽管以色列官方从不承认发动进攻性网络行动，但多起针对伊朗燃料基础设施、铁路和工业设施的高影响网络事件均被归因于以色列关联组织。以色列空袭后，Radware观察到亲伊朗威胁组织在公开及私人Telegram频道上的活跃度激增，这些组织讨论了包括攻击以色列公共紧急警报系统在内的行动计划，并向约旦、沙特阿拉伯等邻国发出警告，称支持以色列可能招致针对其国家基础设施的网络攻击。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

便携防晒帽、新款T恤、定制吨吨杯快来看！

HackerNews 编译，转载请注明出处： 俄罗斯网络安全研究人员发现首例本土化数据窃取攻击，攻击者使用经篡改的近场通信（NFC）合法软件进行作案，这似乎是更广泛攻击活动的测试阶段。 该报告涉及恶意软件SuperCard——此前已知的合法软件NFCGate的变种。NFCGate原设计用于在邻近设备间中继传输NFC数据，而网络犯罪分子长期滥用NFC技术盗取受害者银行资金。在先前针对欧洲银行的SuperCard攻击中，黑客通过被入侵的安卓手机，将受害者实体支付卡数据中继传输至攻击者控制的设备，随后利用窃取的数据实施ATM交易。若该方法失败，攻击者则直接将受害者账户资金转移至其他账户。 莫斯科网络安全公司F6在6月17日发布的报告中指出，SuperCard于2025年5月首次在俄罗斯境内针对安卓用户部署，而该恶意软件最初于同年4月在意大利被发现。意大利安全公司Cleafy曾披露，该工具以恶意软件即服务（MaaS）形式分发，由“中文使用者”操作。攻击者采用社会工程手段诱骗受害者下载伪装成合法应用的SuperCard。一旦安装，该恶意软件能识别受害者使用的支付系统（Visa、Mastercard、American Express、UnionPay或JCB），进而支持犯罪分子实施欺诈交易。 研究人员强调，SuperCard区别于以往基于NFCGate的恶意软件之处在于其商业化分发策略：首次通过Telegram中文频道公开推广，采用订阅制销售并提供客户支持。F6发现其广告宣称可针对美国、澳大利亚及欧洲主要银行的客户。F6早于2025年1月就在俄罗斯观察到基于NFCGate的攻击（早于SuperCard扩散）。此后攻击工具经多次篡改升级。据F6统计，2025年第一季度俄罗斯因NFCGate变种造成的总损失达4.32亿卢布（约合550万美元），超17.5万台安卓设备被感染。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

近期奇安信威胁情报中心发现一批Kimsuky的Endoor样本，该后门功能上变化不大，但试图伪装为来自github的开源代码，避开代码审查，此外C&C使用不常见的的53端口，一定程度上绕过恶意流量检测，体现了该组织攻击手法的灵活性。

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球