Aggregator

Deep Instinct 的网络安全研究人员发现了一种新颖且强大的基于分布式组件对象模型(DCOM) 的横向移动攻击方法，使攻击者能够在目标 Windows 系统上秘密部署后门。 攻击利用 Windows Installer 服务远程编写自定义 DLL，将其加载到活动服务中，并使用任意参数执行它们。具体来说，DLL（动态链接库）是一个 Windows 文件，其中包含多个程序共享的代码、数据和资源。 Deep Instinct 的技术博客详细介绍了该攻击，该攻击利用了IMsiServer COM 接口。通过逆向其内部结构，攻击者可以操纵其功能以实现远程代码执行，绕过传统的安全控制并在受感染的系统上建立持久立足点。 DCOM 横向移动是一种利用 DCOM 中的漏洞在网络内横向移动的技术，它允许不同计算机上的程序之间进行通信。 另一方面，计算机对象 (COM) 是经过编译的代码，它基于由全局唯一类 ID (CLSID) 定义的类实现的接口为系统提供服务，并使用全局唯一标识符 (GUID) – AppID 进行远程访问。COM 组件之间的所有通信都通过接口进行。 该技术包括识别易受攻击的 Windows Installer 服务、利用其 COM 接口、制作包含恶意代码的恶意 DLL、远程编写 DLL、将 DLL 加载到正在运行的服务进程中并执行代码。攻击者控制该服务，操纵其功能以与其进行远程交互。 恶意 DLL 被加载到 Windows Installer 服务中，允许攻击者执行其代码，并授予他们对系统的远程访问权限。由于 Windows Installer 具有广泛的系统权限和网络可访问性，此方法对 Windows Installer 特别有效。 研究人员在技术博客文章中指出，DCOM 上传和执行攻击功能强大，但也有局限性。它要求攻击者和受害者机器都位于同一个域内，从而将其适用性限制在特定的组织边界内。 一致的 DCOM 强化补丁状态可以降低补丁级别不同的环境中攻击的有效性。 除此之外，上传的有效负载必须是强命名的 .NET 程序集，并且必须与目标计算机的架构（x86 或 x64）兼容，这增加了攻击过程的复杂性。 Deep Instinct 研究讨论了 IDispatch，这是一个基本的 COM 接口，它使脚本语言和高级语言能够与 COM 对象交互。但是，由于 IMsiServer 接口未实现 IDispatch，因此它并不直接参与 DCOM 上传和执行攻击。 这意味着像 PowerShell 这样的传统脚本语言无法使用标准技术直接与其交互。研究人员使用较低级别的技术来操纵 IMsiServer 接口，并通过直接调用接口的方法并传递必要的参数来实现远程代码执行。     转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/EaXRq4TFwC4wc2eAe0yKUQ 封面来源于网络，如有侵权请联系删除

2024 年 12 月 10 日，微软披露了Windows 远程桌面服务中的一个严重漏洞，能够让攻击者在受影响的系统上执行远程代码，从而对系统机密性、完整性和可用性构成严重威胁。 该漏洞被跟踪为 CVE-2024-49115，CVSS 评分为 8.1，由昆仑实验室的研究员 k0shl发现。漏洞影响Windows Server 的多个版本，包括Windows Server 2016、Windows Server 2019、Windows Server 2022和Windows Server 2025。 漏洞源于两个关键缺陷： CWE-591：在锁定不当的内存中存储敏感数据 CWE-416：释放后使用 攻击者可通过连接到具有远程桌面网关角色的系统并触发竞争条件来利用此漏洞。 这会产生 “free-after-free”  情况，从而执行任意代码。 值得注意的是，这种攻击不需要用户交互或权限，但其高度复杂性使得没有高级技术技能的攻击者不太可能成功利用该漏洞。 目前所有受影响的版本都已作为微软 2024 年 12 月 “星期二补丁”更新的一部分，打上了相应的安全补丁。虽然漏洞利用代码的成熟度目前尚未得到证实，也没有证据表明存在主动利用或公开披露的情况，但其潜在影响仍然很大。 成功利用后，攻击者可通过远程代码执行完全控制目标系统。 此漏洞反映了与远程桌面协议 （RDP） 等远程访问技术相关存在的持续性风险。 虽然目前还没有主动利用漏洞的报告，但这一漏洞的严重性凸显了立即采取行动保护系统免受潜在攻击的必要性，包括将 RDP 访问限制在受信任的网络、启用网络级身份验证（NLA）和监控可疑活动。     转自Freebuf，原文链接：https://www.freebuf.com/news/417532.html 封面来源于网络，如有侵权请联系删除

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it

GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6 address several high-severity vulnerabilities, and GitLab strongly recommends that all self-managed installations be upgraded immediately. It is worth noting that GitLab.com is already running the patched version, while GitLab-dedicated customers […]

The post GitLab Security Update, Patch for Critical Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apple представила будущее мобильных устройств – с ИИ у каждого в кармане.

Jetico launches Search, a PII and sensitive data discovery tool integrated with BCWipe to locate and securely erase files beyond forensic recovery. Addressing the growing demand for effective solutions in data protection, Search integrates discovery capabilities with Jetico’s renowned BCWipe software, delivering unified platform to locate and securely erase files beyond forensic recovery. Search empowers administrators to identify sensitive information across their entire network and safely manage it, simplifying data spill response and ensuring compliance … More →

The post Jetico Search locates and manages sensitive data appeared first on Help Net Security.

A vulnerability was found in Linux Kernel up to 5.16.4. It has been classified as problematic. Affected is the function packet_type of the file /proc/net/ptype of the component Net Namespace Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-48757. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.6 and classified as critical. This issue affects some unknown processing of the component ena. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-40999. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.225/5.10.157/5.15.81/6.0.11. This vulnerability affects the function do_sys_openat2 of the file /sys/kernel/tracing. The manipulation leads to excessive iteration. This vulnerability was named CVE-2022-49006. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.9. Affected by this issue is the function tnl_num of the component hns3. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-46833. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Lua 5.4.0 and classified as critical. This vulnerability affects unknown code of the file ldebug.c. The manipulation leads to integer underflow. This vulnerability was named CVE-2020-24370. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Python Software CPython up to 3.13.0b4. Affected by this issue is the function socket.socketpair of the component Socket Module. The manipulation leads to race condition. This vulnerability is handled as CVE-2024-3219. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in X.org X11 Server up to 21.1.8/23.2.1. Affected by this issue is some unknown functionality of the component Screen Cleanup. The manipulation leads to memory leak. This vulnerability is handled as CVE-2023-5574. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in oFono. It has been rated as critical. This issue affects some unknown processing of the component SMS Decoder. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2023-4232. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in radare2 up to 5.9.8 on 64-bit and classified as critical. This issue affects some unknown processing of the component Pebble Application File Handler. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-11858. The attack can only be done within the local network. There is no exploit available.

Multimodal Agentic AI Delivers Speed, Tools and Research Prototypes
Google's latest AI model can natively process and output text, images and audio in the search giant's push toward more autonomous reasoning, planning and action. The company said Gemini 2.0 is designed for applications ranging from development and gaming to research and everyday assistance.

报名方式：https://www.hackprove.com/events/conference