Aggregator

A vulnerability classified as problematic was found in Rukovoditel 3.2.1. Affected by this vulnerability is an unknown functionality of the file /index.php?module=help_pages/pages&entities_id=24 of the component Add Page Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability is known as CVE-2022-44946. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Rukovoditel 3.2.1. Affected by this issue is some unknown functionality of the file /index.php?module=entities/listing_types&entities_id=24 of the component Highlight Row Handler. The manipulation of the argument Note leads to cross site scripting. This vulnerability is handled as CVE-2022-44947. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Rukovoditel 3.2.1. This affects an unknown part of the file at/index.php?module=entities/entities_groups of the component Entities Group Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-44948. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Rukovoditel 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /index.php?module=entities/fields&entities_id=24 of the component Add New Field Handler. The manipulation of the argument Short Name leads to cross site scripting. This vulnerability was named CVE-2022-44949. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1 and classified as problematic. This issue affects some unknown processing of the file /index.php?module=entities/fields&entities_id=24. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2022-44950. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?module=entities/forms&entities_id=24 of the component Add New Form Tab Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is traded as CVE-2022-44951. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Rukovoditel 3.2.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?module=configuration/application. The manipulation of the argument Copyright Text leads to cross site scripting. This vulnerability is known as CVE-2022-44952. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in webTareas 2.4p5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /linkedcontent/listfiles.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability is handled as CVE-2022-44953. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in webTareas 2.4p5. This affects an unknown part of the file /contacts/listcontacts.php. The manipulation of the argument Last Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-44954. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in webTareas 2.4p5. This vulnerability affects unknown code of the file /projects/listprojects.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2022-44956. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in webTareas 2.4p5. This issue affects some unknown processing of the file /clients/listclients.php. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2022-44957. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in webTareas 2.4p5. Affected is an unknown function of the file /meetings/listmeetings.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability is traded as CVE-2022-44959. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in webTareas 2.4p5. This affects the function Chat. The manipulation of the argument Messages leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-44955. It is possible to initiate the attack remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 韩国至少有六家机构已成为黑客组织“Lazarus Group”的攻击目标，此次行动代号为“SyncHole行动”。 根据卡巴斯基今日发布的报告，该活动针对韩国的软件、IT、金融、半导体制造和电信行业。最早的入侵证据于2024年11月首次被发现。 安全研究人员Ryu Sojun和Vasily Berdnikov表示：“此次行动采用了水坑攻击策略与韩国本土软件漏洞利用的复杂组合。攻击者还利用Innorix Agent的一个一日漏洞进行横向移动。” 观察到的攻击为多个已知Lazarus工具变种铺平了道路，包括ThreatNeedle、AGAMEMNON、wAgent、SIGNBT和COPPERHEDGE。这些入侵之所以特别有效，很可能是因为攻击者利用了韩国广泛使用的合法软件Cross EX的安全漏洞。该软件用于在线银行和政府网站支持防键盘记录和基于证书的数字签名。 俄罗斯网络安全厂商表示：“Lazarus Group展现出对这些技术细节的深刻理解，并采用针对韩国的组合策略——将该类软件漏洞与水坑攻击相结合。” 值得注意的是，攻击者利用Innorix Agent的安全漏洞进行横向移动，因为Lazarus Group的Andariel子集群过去曾采用类似手法传播Volgmer和Andardoor等恶意软件。 最新攻击浪潮的起点是水坑攻击，当目标访问多个韩国在线媒体网站后即激活ThreatNeedle的部署。在将访问者重定向到攻击者控制的域名之前，会使用服务器端脚本对访问者进行筛选。 研究人员表示：“我们以中等可信度评估，被重定向的网站可能执行了恶意脚本，针对目标PC上安装的Cross EX的潜在漏洞发起攻击并启动恶意软件。该脚本最终执行了合法的SyncHost.exe，并向该进程注入加载ThreatNeedle变种的shellcode。” 观察到的感染链分为两个阶段：早期使用ThreatNeedle和wAgent，随后通过SIGNBT和COPPERHEDGE建立持久性、进行侦察活动，并在受感染主机上部署凭证转储工具。 攻击中还部署了用于受害者画像和有效载荷投递的LPEClient恶意软件家族，以及名为Agamemnon的下载器——该工具可从命令与控制（C2）服务器下载并执行额外有效载荷，同时采用“地狱之门（Hell’s Gate）”技术在执行期间绕过安全解决方案。 Agamemnon下载的有效载荷之一是通过利用Innorix Agent文件传输工具安全漏洞实现横向移动的专用工具。卡巴斯基称其调查发现了Innorix Agent中另一个未公开的任意文件下载零日漏洞，目前该漏洞已被开发者修复。 卡巴斯基警告称：”预计拉Lazarus Group针对韩国供应链的专业化攻击未来将持续存在。攻击者正通过开发新恶意软件或增强现有恶意软件来尽量减少被检测风险，特别是在改进与C2的通信方式、命令结构及数据收发模式方面投入大量精力。”     消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

美国国防部希望情报界在国内开展监控、跟踪、拦截、渗透、窃听。

A vulnerability was found in webTareas 2.4p5. It has been declared as critical. This vulnerability affects unknown code of the file deleteapprovalstages.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2022-44290. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in webTareas 2.4p5. It has been rated as critical. This issue affects some unknown processing of the file phasesets.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2022-44291. The attack needs to be done within the local network. There is no exploit available.

国内第一份真正意义上的反偷拍调研报告~希望大家喜欢：）

国内第一份真正意义上的反偷拍调研报告~希望大家喜欢：）