Aggregator

HackerNews 编译，转载请注明出处： 据称，一名51岁的俄罗斯和以色列双重国籍男子，是LockBit勒索软件集团的开发者，已被引渡至美国，距离他因与该网络犯罪计划相关的指控被正式起诉还不到三个月。 罗斯蒂斯拉夫·帕涅夫于2024年8月在以色列被捕。据称，他从2019年至2024年2月一直在为该勒索软件团伙工作，当时该团伙的在线基础设施在一次执法行动中被查封。 “罗斯蒂斯拉夫·帕涅夫被引渡到新泽西区表明：如果你是LockBit勒索软件阴谋的成员，美国会找到你并将你绳之以法，”美国检察官约翰·乔达诺说。 LockBit逐渐成为最活跃的勒索软件集团之一，攻击了全球至少120个国家的2500多个实体，其中近1800个位于美国。 受害者包括个人、小型企业到跨国公司，还有医院、学校、非营利组织、关键基础设施以及政府和执法机构。 该犯罪集团的网络犯罪活动已获得至少5亿美元的非法利润，给受害者造成了数十亿美元的损失，包括收入损失以及事件响应和恢复的成本。 作为LockBit的开发者，帕涅夫负责设计和维护锁定器的代码库，从2022年6月至2024年2月期间赚取了大约23万美元。 “帕涅夫承认他为LockBit集团完成的工作包括开发用于禁用防病毒软件的代码；向连接到受害者网络的多台计算机部署恶意软件；以及在连接到受害者网络的所有打印机上打印LockBit勒索信，”司法部表示。 “帕涅夫还承认编写和维护LockBit恶意软件代码，并向LockBit集团提供技术指导。” 除了帕涅夫外，还有六名LockBit成员在美国受到指控，包括米哈伊尔·瓦西里耶夫、鲁斯兰·阿斯塔米罗夫、阿图尔·松加托夫、伊万·根纳季耶维奇·孔德拉季耶夫、米哈伊尔·帕夫洛维奇·马特维耶夫和德米特里·尤里耶维奇·霍罗舍夫，其中霍罗舍夫也被确认为LockBit的管理员，使用网名LockBitSupp。 此外，霍罗舍夫、马特维耶夫、松加托夫和孔德拉季耶夫因参与网络攻击被美国财政部外国资产管制办公室（OFAC）制裁。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 网络安全研究人员发出警告，Python软件包索引（PyPI）仓库正遭遇恶意攻击，不法分子利用伪装成“时间”相关工具的虚假库，暗藏窃取云访问令牌等敏感数据的功能。 软件供应链安全公司ReversingLabs发现，共有20个恶意软件包，分为两组。这些软件包累计下载量已超过14100次，具体如下： – snapshot-photo（2448次下载） – time-check-server（316次下载） – time-check-server-get（178次下载） – time-server-analysis（144次下载） – time-server-analyzer（74次下载） – time-server-test（155次下载） – time-service-checker（151次下载） – aclient-sdk（120次下载） – acloud-client（5496次下载） – acloud-clients（198次下载） – acloud-client-uses（294次下载） – alicloud-client（622次下载） – alicloud-client-sdk（206次下载） – amzclients-sdk（100次下载） – awsc1oud-clients-core（206次下载） – credential-python-sdk（1155次下载） – enumer-iam（1254次下载） – tclients-sdk（173次下载） – tcloud-python-sdks（98次下载） – tcloud-python-test（793次下载） 第一组软件包用于将数据上传至攻击者的基础设施，第二组则为多个云服务（如阿里云、亚马逊网络服务和腾讯云）实现客户端功能，但它们也被用于窃取云机密。 目前，所有已识别的软件包在撰写本文时已从PyPI中移除。 进一步分析发现，其中三个软件包（acloud-client、enumer-iam和tcloud-python-test）被列为一个相对受欢迎的GitHub项目“accesskey_tools”的依赖项，该项目已被 fork 42次，获得519颗星。 tcloud-python-test的源代码提交可追溯至2023年11月8日，表明该软件包自那时起便可在PyPI上下载，据pepy.tech统计，该软件包至今已被下载793次。 与此同时，Fortinet FortiGuard Labs披露，在PyPI和npm上发现了数千个软件包，其中一些被发现嵌入可疑的安装脚本，这些脚本旨在安装时部署恶意代码或与外部服务器通信。 “可疑的URL是识别潜在恶意软件包的关键指标，因为它们常被用于下载额外的有效载荷或与命令与控制（C&C）服务器建立通信，从而让攻击者控制受感染的系统。”Jenna Wang表示。 “在974个软件包中，这些URL与数据窃取、进一步恶意软件下载和其他恶意行为的风险相关。对软件包依赖项中的外部URL进行严格审查和监控至关重要，以防止被利用。”   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in MICROSYS PROMOTIC. Affected is an unknown function of the component ActiveX. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2011-4520. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Project Alumni 1.0.9. It has been rated as critical. This issue affects some unknown processing of the file info.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2008-2118. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. This vulnerability was named CVE-2025-2351. The attack can be initiated remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The identification of this vulnerability is CVE-2025-2352. The attack may be initiated remotely. Furthermore, there is an exploit available. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registry_id/plane_icao leads to sql injection. This vulnerability is traded as CVE-2025-2353. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in VAM Virtual Airlines Manager 2.6.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vam/index.php. The manipulation of the argument registry_id/plane_icao/hub_id leads to cross site scripting. This vulnerability is known as CVE-2025-2354. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in WP Lab WP-Lister Lite for Amazon Plugin up to 2.6.16 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-37261. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Maciej Bis Permalink Manager Lite Plugin up to 2.4.3.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component During Web Page. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-37257. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Vsourz Digital All In One Redirection Plugin up to 2.2.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-37245. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ninja Team Ninja Beaver Add-ons for Beaver Builder Plugin up to 2.4.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-37244. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Jethin Gallery Slideshow Plugin up to 1.4.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-37246. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Ankitects Anki 24.04. This affects an unknown part of the component Flashcard Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2024-26020. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Ankitects Anki 24.04 and classified as problematic. This issue affects some unknown processing of the component Latex. The manipulation leads to inclusion of functionality from untrusted control sphere. The identification of this vulnerability is CVE-2024-29073. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Ankitects Anki 24.04. It has been classified as problematic. Affected is an unknown function of the component LaTeX. The manipulation leads to incomplete blacklist. This vulnerability is traded as CVE-2024-32152. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in JetBrains TeamCity and classified as problematic. This vulnerability affects unknown code of the component OAuth. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability was named CVE-2024-41829. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in JetBrains TeamCity and classified as problematic. This issue affects some unknown processing of the component Code Inspection Tab. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-41825. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.