Aggregator

A vulnerability was found in OroPlatform CMS 5.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Search leads to cross site scripting. This vulnerability is known as CVE-2024-50677. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in radare2 up to 5.9.4. It has been classified as problematic. Affected is the function __bf_div. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-48241. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一场新型账户接管（ATO）攻击活动，攻击者利用名为TeamFiltration的开源渗透测试框架入侵微软Entra ID（原Azure Active Directory）用户账户。该活动被Proofpoint命名为UNK_SneakyStrike，自2024年12月登录尝试激增以来，已针对数百家组织的云租户、超8万个用户账户发起攻击，并成功接管了部分账户。 企业安全公司Proofpoint披露：“攻击者利用Microsoft Teams API和分布于全球多地的亚马逊云服务（AWS）服务器发起用户枚举（user-enumeration）和密码喷射（password-spraying）攻击。入侵成功后，攻击者进一步利用对Microsoft Teams、OneDrive、Outlook等原生应用的访问权限窃取数据。” TeamFiltration由研究员Melvin “Flangvik” Langvik于2022年8月DEF CON安全会议上公开发布。该框架被描述为一种跨平台工具，专门用于枚举、喷射、窃取凭证及植入后门以控制Entra ID账户。其核心功能包括通过密码喷射攻击实现账户接管、窃取目标账户数据，以及将恶意文件上传至受害者的OneDrive账户以维持持久访问权限。 虽然使用TeamFiltration需搭配AWS账户和一次性Microsoft 365账户，但Proofpoint观察到：攻击者使每次密码喷射均来自不同地理位置的新服务器，以此规避检测。攻击呈现“高度集中爆发→静默期”的循环模式：针对单一云环境内多名用户发起密集攻击，随后进入4至5天的静默期。2025年1月初单日攻击峰值达16,500个账户。 按恶意IP数量统计的攻击源地理分布为：美国（42%）、爱尔兰（11%）、英国（8%）。Proofpoint分析指出：“UNK_SneakyStrike对小型云租户尝试入侵所有用户账户，而对大型租户仅锁定部分目标账户。此策略与该工具的高级目标筛选功能高度吻合，旨在过滤低价值账户。” 此次事件再次证明：网络安全工具可能被威胁行为者武器化，通过滥用这类工具可突破用户账户防线、窃取敏感数据并建立持久控制据点。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 网络安全公司Infoblox在一份提供给The Hacker News的深度报告中披露，VexTrio Viper流量分发系统（Traffic Distribution Service, TDS）背后的威胁行为者已被证实与其他TDS服务（如Help TDS和Disposable TDS）有关联。这表明该复杂的网络犯罪行动本身就是一个庞大的企业，旨在分发恶意内容。 “VexTrio是一个由恶意广告技术公司组成的团体，它们通过不同的广告形式（包括智能链接和推送通知）分发诈骗和有害软件。”Infoblox在报告中指出。 VexTrio Viper旗下的部分恶意广告技术公司包括Los Pollos、Taco Loco和Adtrafico。这些公司运营着所谓的商业联盟网络（commercial affiliate network），该网络将恶意软件行为者（其网站会吸引毫无戒心的用户访问）与所谓的“广告联盟会员”（advertising affiliates）连接起来。后者提供各种形式的非法活动，如礼品卡欺诈、恶意应用程序、网络钓鱼网站和诈骗活动。 运作模式解析 简而言之，这些恶意流量分发系统旨在通过智能链接（SmartLink）或直接报价（direct offer）将受害者重定向至其目的地。根据该DNS威胁情报公司的说法，Los Pollos招募恶意软件分发者（即发布联盟会员/publishing affiliates），承诺提供高回报报价；而Taco Loco则专注于推送变现（push monetization），并招募广告联盟会员。 WordPress网站成为跳板 这类攻击的另一个显著特点是WordPress网站被攻陷，并被注入恶意代码以启动重定向链，最终将访问者引导至VexTrio的诈骗基础设施。此类注入的示例包括Balada、DollyWay、Sign1以及DNS TXT记录活动。 域名注册商GoDaddy在2025年3月发布的一份报告中指出：“这些脚本通过关联VexTrio的流量代理网络将网站访问者重定向到各种诈骗页面。VexTrio是已知最大的网络犯罪联盟网络之一，它利用复杂的DNS技术、流量分发系统和域名生成算法在全球网络中传播恶意软件和诈骗。” 打击行动与后续变化 VexTrio的运营在2024年11月中旬左右遭受打击。此前，网络安全组织Qurium揭露瑞士-捷克广告技术公司Los Pollos是VexTrio的一部分，导致Los Pollos停止了其推送链接变现服务。这进而引发了“出逃潮”，严重依赖Los Pollos网络的威胁行为者被迫转向其他重定向目的地，例如Help TDS和Disposable TDS。 两个独立C2集群的行为演变 Infoblox对来自受感染网站的450万条DNS TXT记录响应进行了为期六个月的分析。分析显示，参与DNS TXT记录活动的域名可分为两个集合，每个集合拥有各自独立的命令与控制（C2）服务器。 “两台服务器都托管在与俄罗斯有关联的基础设施上，但它们的托管服务及其TXT响应内容并无重叠，”该公司表示。“即使两者最初都指向VexTrio，随后又指向Help TDS，但每个集合都维持着不同的重定向URL结构。” 进一步的证据表明，Help TDS和Disposable TDS实际上是同一个服务。并且，在2024年11月之前，该服务与VexTrio保持着“独家关系”。历史上将流量重定向至VexTrio域名的Help TDS，现已转向Monetizer——一个利用TDS技术将发布联盟会员的网络流量与广告商连接起来的变现平台。 Help TDS的俄罗斯背景 “Help TDS与俄罗斯有紧密联系，其托管和域名注册经常通过俄罗斯实体完成，”Infoblox描述道，并称其运营商可能是独立的。“它不具备VexTrio TDS的完整功能，并且除了与VexTrio诡异的联系外，没有明显的商业往来。” 恶意广告技术公司生态 VexTrio只是众多被揭露为商业广告技术公司的TDS之一，其他还包括Partners House、BroPush、RichAds、Admeking和RexPush。其中许多公司专注于推送通知服务，利用Google Firebase Cloud Messaging (FCM) 或基于Push API定制开发的脚本，通过推送通知分发指向恶意内容的链接。 规模与追责困境 Infoblox强调：“全球每年有数十万个被入侵的网站将受害者重定向到VexTrio及其联盟TDS的复杂网络中。VexTrio和其他联盟广告公司知道恶意软件行为者是谁，或者他们至少掌握足够的信息来追踪这些人。许多公司都在要求某种程度‘了解你的客户’（Know Your Customer, KYC）的国家注册，但即使没有这些要求，发布联盟会员也会受到其客户经理的审查。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

6 月 12 日一架客机在印度古吉拉特邦艾哈迈达巴德机场坠毁，据九派新闻报道，哪吒汽车总部内部宣布，员工自 6 月 12 日起居家办公；OpenAI 与芭比娃娃制造商美泰合作 将生成式 AI 引入玩具和其他产品

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Admin Panel Finder A Burp Suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification: Web Application Security Testing > 02-Configuration and Deployment Management Testing OTG v4: OWASP OTG-CONFIG-005 WSTG: WSTG-CONF-05 Why should...

The post Admin Panel Finder: enumerates infrastructure and application Admin Interfaces appeared first on Penetration Testing Tools.

A vulnerability classified as critical was found in Mitsubishi FA Engineering Software. This vulnerability affects unknown code. The manipulation leads to buffer overflow. This vulnerability was named CVE-2021-20587. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Mitsubishi FA Engineering Software. This issue affects some unknown processing. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2021-20588. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in PX4 Autopilot 1.14.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file mission_block.cpp of the component Flight Path. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-29460. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Tmall Demo. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2024-40560. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tmall Demo 2024.07.03. It has been rated as critical. This issue affects the function uploadUserHeadImage. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-40553. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Tmall Demo 2024.07.03. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-40554. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2996. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting. This vulnerability is known as CVE-2024-2997. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site scripting. This vulnerability is handled as CVE-2024-2998. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in WP-FeedStats shortcodes-ultimate-pro Plugin up to 7.2.0 on WordPress. This affects an unknown part of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6766. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PX4 Autopilot up to 1.14 and classified as critical. Affected by this issue is some unknown functionality of the component Breach Return Point. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-30799. The attack may be launched remotely. There is no exploit available.

针对某银行钓鱼免杀样本分析

Welcome to the RedInfraCraft (V2) Tool – your gateway to automating the deployment of robust red team infrastructures! RedInfraCraft is your trusted companion in effortlessly setting up and managing red team infrastructures, streamlining the process so...

The post RedInfraCraft V2: Automate Your Red Team Infrastructure with Ease appeared first on Penetration Testing Tools.