Aggregator

CVE-2024-2277 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery

Vuldb Updates
17 hours 15 minutes ago
A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-2277. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-2284 | boyiddha Automated-Mess-Management-System 1.0 Chat Book /member/chat.php msg cross site scripting

Vuldb Updates
17 hours 15 minutes ago
A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. This vulnerability is known as CVE-2024-2284. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-2285 | boyiddha Automated-Mess-Management-System 1.0 /member/member_edit.php Name cross site scripting

Vuldb Updates
17 hours 15 minutes ago
A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability is handled as CVE-2024-2285. The attack may be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Review: Hands-On Industrial Internet of Things

Help Net Security
17 hours 44 minutes ago

Hands-On Industrial Internet of Things is a practical guide designed specifically for professionals building and securing industrial IoT (IIoT) systems. About the authors Giacomo Veneri brings deep expertise in telecommunications and AI, shaped by over 25 years in IoT and AI applications within industrial environments. As Director of AI Specialists at Baker Hughes, he spearheads machine learning innovations that bridge cutting-edge research with practical, real-world solutions. Antonio Capasso offers extensive experience managing large-scale IT projects … More →

The post Review: Hands-On Industrial Internet of Things appeared first on Help Net Security.

Mirko Zorz

Discovering Your Baud

TrustedSec
17 hours 44 minutes ago
<p>I'm still pretty new to hardware hacking and find myself going through a lot of media (both text and moving pictures) about various techniques to interact with IoT devices and hardware in general. One of the tasks for a…</p>
Brian Berg

关于人工智能钓鱼攻击的分析

嘶吼
17 hours 44 minutes ago

网络钓鱼或“语音网络钓鱼”是一种"社会工程攻击"形式,骗子利用电话欺骗受害者透露敏感信息或进行欺诈性付款。

虽然传统的钓鱼依赖于人类的模仿,但人工智能的发展使攻击者能够生成令人高度信服的合成声音,甚至克隆真实个体的声音以达到以假乱真的效果。

你的声音怎么能被克隆?

人工智能可以通过文本到语音(TTS)合成和深度学习技术创造逼真的人声。例如谷歌DeepMind的WaveNet和人工智能语音编码器等先进模型能够以惊人的精度复制人类语音模式。

微软声称,语音可以在三秒钟内克隆出来,这意味着骗子可以给某人打一个非常简短的电话,然后只用那段录音就能创造出逼真的人工智能语音。

他们通常会冒充银行、政府机构或企业高管,利用受害者的信任使用带有紧迫性、权威性的方式以及情感操纵来迫使目标尽快服从。

人工智能增强的欺骗更可信,也更难被发现,因为克隆的声音听起来非常逼真。

当与网络钓鱼(电子邮件)和短信诈骗(SMS)等其他社会工程技术结合使用时,即使是精通网络的专业人士也很难发现这些攻击。

关于人工智能钓鱼攻击的分析

典型的AI钓鱼攻击倾向于遵循以下过程

1.侦察:攻击者收集目标的个人信息。

2.欺骗呼叫:攻击者冒充受信任的实体,使用人工智能生成的声音和虚假的来电显示。

3.紧迫性和操纵性:骗子制造一种紧急感,声称安全漏洞,逾期付款或其他危机。

4.信息提取:受害者被迫透露凭据、转账或安装恶意软件。

5.后续攻击:攻击者可能会通过网络钓鱼邮件或短信来加强他们的欺骗手段。

一些网络犯罪分子还提供“钓鱼即服务”(VaaS),他们将自己的技能出售给技能较差的诈骗者。这些服务包括人工智能语音克隆和自动电话,使更大范围的攻击者可以使用复杂的骗局。

随着进入门槛的降低,我们很可能会在未来几年看到越来越多的钓鱼攻击事件。

人工智能钓鱼是一种严重的、不断发展的网络威胁。随着人工智能使模仿可信声音变得更容易,企业和个人需要保持警惕。

通过实现身份验证措施、培训员工意识和采用安全最佳实践,企业可以减少遭受钓鱼攻击的风险。

防御的关键是要意识到——不要相信一个声音的表面价值,尤其是在涉及金钱或敏感信息的时候。

钓鱼攻击的迹象

·可疑的电话号码。

·紧急要求付款或敏感数据。

·音质差或声音模式不自然。

·不熟悉的电话号码或在奇怪的时间打来的电话。

·绕过标准安全程序的请求。

个人防范措施

·永远不要在电话里分享敏感信息,除非你能核实打电话的人。

·把未知号码转到语音信箱,在回复之前先查看一下。

·使用辅助通信通道验证异常请求,或使用多因素身份验证(MFA)验证发出敏感请求的调用者。

·注册电话号码与“不要打电话”注册和启用呼叫过滤功能。

企业安全措施

·在服务台实现强身份验证协议以验证呼叫者。

·要求对敏感事务进行多步骤验证。

·培训员工识别钓鱼危险信号。

·使用基于人工智能的呼叫监控来检测欺诈活动。

·限制公开可用的员工信息,以减少目标风险。

保护服务台不被钓鱼

服务台代理是钓鱼攻击的主要目标,因为它们经常处理敏感信息和用户身份验证请求。如果没有适当的验证协议,攻击者可以冒充员工、管理人员或供应商,以获得对系统和数据的未经授权的访问。

为了防御钓鱼威胁,企业可以在服务台实现强大的身份验证过程。多因素身份验证(MFA)和调用者验证技术可以帮助防止未经授权的访问并降低社会工程攻击的风险。

面对人工智能驱动的钓鱼威胁,企业应有相应应对方案,能够在处理此类事件发生之前识别钓鱼企图并验证呼叫者身份,这一点至关重要。

典型案例-米高梅度假村黑客攻击事件

米高梅酒店(MGM Resorts)的黑客攻击就是一个典型的例子,钓鱼可以用来绕过安全措施,获得对关键系统的未经授权的访问。

据悉,攻击者是ALPHV/黑猫勒索软件组织的一部分。他们冒充一名员工,打电话给米高梅服务台,要求访问其账户。

由于攻击者令人信服并利用了米高梅身份验证过程中的漏洞,使他们能够绕过安全检查并进入系统。

这种最初的访问导致了大规模的数据泄露,使米高梅度假村损失了数百万美元的收入,并造成了广泛的系统中断,包括预订、电子支付等问题。

胡金鱼

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

The Hackers News
18 hours 11 minutes ago
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
The Hacker News

超1.6万台 Fortinet 设备遭新型符号链接后门入侵

HackerNews
18 hours 17 minutes ago
HackerNews 编译,转载请注明出处: 威胁监测平台Shadowserver基金会报告称,超过16,000台置身于互联网的Fortinet设备被检测到感染了一种新型符号链接(symlink)后门,攻击者可借此获取对先前已遭入侵设备的敏感文件的只读访问权限。 此前,该平台曾报告14,000台设备受影响。目前,Shadowserver的Piotr Kijewski向BleepingComputer证实,该网络安全组织已检测到16,620台设备受此最新曝光的持久化机制影响。 上周,Fortinet警告客户称发现攻击者利用一种新型机制,在已修复漏洞但先前遭入侵的FortiGate设备上保留对根文件系统的远程只读访问权限。 Fortinet表示,此攻击并非利用新漏洞,而是与2023年至2024年的攻击行为相关。攻击者当时通过零日漏洞入侵FortiOS设备,并在启用SSL-VPN的设备上创建指向根文件系统的语言文件夹符号链接。由于启用SSL-VPN的FortiGate设备的语言文件可公开访问,攻击者可通过该文件夹持续获取根文件系统的只读权限(即使原始漏洞已被修复)。 Fortinet在声明中解释:攻击者利用已知漏洞对存在缺陷的FortiGate设备实施只读访问。其通过在SSL-VPN语言文件服务目录中创建连接用户文件系统与根文件系统的符号链接实现。该修改发生于用户文件系统内,因此未被检测到。 即使客户设备已升级修复原始漏洞的FortiOS版本,此符号链接可能仍残留,使攻击者能持续读取设备文件系统内的配置等文件。 本月,Fortinet开始通过邮件私下通知被FortiGuard检测到感染符号链接后门的FortiGate设备用户。 Fortinet已发布更新的AV/IPS特征库以检测并移除受感染设备中的恶意符号链接。最新固件版本也已更新检测与清除功能,并阻止内置Web服务器提供未知文件/目录访问。 若设备被检测为已入侵,攻击者可能已获取包含凭证的最新配置文件。因此,Fortinet建议管理员重置所有凭证,并遵循官方指南中的其他操作步骤。     消息来源:bleepingcomputer; 本文由 HackerNews.cc 翻译整理,封面来源于网络;  转载请注明“转自 HackerNews.cc”并附上原文
hackernews

CVE-2025-43715 | Nullsoft Scriptable Install System up to 3.10 on Windows %WINDIR%\temp unusual condition

VulDB Recent Entries
18 hours 37 minutes ago
A vulnerability, which was classified as critical, was found in Nullsoft Scriptable Install System up to 3.10 on Windows. Affected is an unknown function of the file %WINDIR%\temp. The manipulation leads to improper check for unusual conditions. This vulnerability is traded as CVE-2025-43715. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-43708 | VisiCut up to 2.1 XML Document java.util.HashMap recursion

VulDB Recent Entries
18 hours 38 minutes ago
A vulnerability, which was classified as problematic, has been found in VisiCut up to 2.1. This issue affects the function java.util.HashMap of the component XML Document Handler. The manipulation leads to uncontrolled recursion. The identification of this vulnerability is CVE-2025-43708. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-1290 | Google ChromeOS up to 6.1 virtio_transport_space_update use after free (Issue 301886)

VulDB Recent Entries
18 hours 38 minutes ago
A vulnerability was found in Google ChromeOS up to 6.1. It has been rated as critical. Affected by this issue is the function virtio_transport_space_update. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-1290. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-43717 | PEAR HTTP_Request2 up to 2.6.x POST Parameter getparameters.php cross site scripting

VulDB Recent Entries
18 hours 39 minutes ago
A vulnerability was found in PEAR HTTP_Request2 up to 2.6.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file tests/_network/getparameters.php of the component POST Parameter Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-43717. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-31340 | SUNNET Wisdom Master Pro up to 5.2 filename control

VulDB Recent Entries
18 hours 39 minutes ago
A vulnerability was found in SUNNET Wisdom Master Pro up to 5.2. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2025-31340. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

Managed ad