Aggregator

比赛时间：2024.9.13 - 2024.9.30

A vulnerability was found in Apple macOS and classified as problematic. Affected by this issue is some unknown functionality of the component Secure Network Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-40856. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS. It has been classified as problematic. This affects an unknown part of the component Secure Network Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-40856. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been declared as problematic. This vulnerability affects unknown code of the component Secure Network Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2024-40856. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been classified as problematic. Affected is an unknown function of the component Siri. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-40840. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS and classified as problematic. This issue affects some unknown processing of the component Privacy Indicators for Microphone. The manipulation leads to state issue. The identification of this vulnerability is CVE-2024-27875. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS and classified as problematic. This issue affects some unknown processing of the component Notifications Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-40838. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TuomoKu SPx-GC up to 1.3.0. It has been classified as critical. This affects an unknown part of the file child_process.js. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-44623. It is possible to initiate the attack remotely. There is no exploit available.

The IncidentOn August 26, 2024, the founder of Telegram, Pavel Durov, was detained at Paris-Le

September 25, 2024 3 Minute Read

A vulnerability was found in Apple iOS up to 4.x. It has been declared as critical. This vulnerability affects unknown code of the component CFF Font Parser. The manipulation leads to memory corruption. This vulnerability was named CVE-2010-1797. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

1.注册表启动注意：优先用这种方式来进行权限维持task.exe是CS生成的后门文件，这里后门文件可以对其做免杀隐藏文件shell attrib C:\Windows\task.exe +s +h注册表启动后门文件shell reg add HKLM\SOFTWARE\Microsoft\Windo

一. Mimikatz加修改注册表绕过LSA保护(暂不考虑EDR和WD)Mimikatz原理：Mimikatz通过逆向获取存储在lsass.exe进程中的明文登录密码。(lsass.exe用于本地安全和登陆策略)。首先使用Mimikatz抓取时必须是管理员权限，在win10，win11，win201

以日本为背景的《刺客信条》系列最新作品《刺客信条：影》推迟到 2025 年 2 月 14 日发售，它原计划的发售时间是 2024 年 11 月 15 日。育碧给出的理由是《Star Wars Outlaws》发售过程中的教训促使它决定投入更多时间打磨游戏。《Star Wars Outlaws》发售时被指存在很多 bug。《刺客信条：影》是《刺客信条》系列首次以日本为背景的开放世界游戏，玩家将扮演历史上的黑人武士弥助以及女忍者奈绪江，体验战国时代的日本。育碧表示，新游戏不再采用季票模式，预购玩家将会免费获得第一个 DLC，将同步发布 Steam 版本。

A vulnerability classified as very critical has been found in F5 BIG-IP up to 11.5.1 HF10. Affected is an unknown function of the component Proxy/SOCKS. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2016-5700. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The personal information of over 3,000 congressional staffers was leaked on the dark web following a major cyberattack on the U.S. Capitol. The personal information of approximately 3,191 congressional staffers has been leaked on the dark web, according to new research from internet security firm Proton and Constella Intelligence. The leaked data includes passwords, IP […]

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2024-09-26, 67 days ago. The vendor is given until 2025-01-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro' was reported to the affected vendor on: 2024-09-26, 67 days ago. The vendor is given until 2025-01-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2024-09-26, 67 days ago. The vendor is given until 2025-01-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.