Aggregator

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument ID leads to authorization bypass. The identification of this vulnerability is CVE-2025-1607. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Compmaster.prv.pl F3Site 2009. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument GLOBALS[nlang] leads to path traversal. The identification of this vulnerability is CVE-2009-4435. The attack may be initiated remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： Android企业版推出全新设备信任（Device Trust）解决方案，通过实时验证设备安全状态强化移动端防护，应对混合办公模式下的数据泄露风险。该功能基于零信任原则，持续监测操作系统版本、安全补丁级别及屏幕锁强度等指标，无论设备是否受企业统一管理，均能在访问敏感数据前完成安全评估。 国际数据公司（IDC）终端安全研究总监Mike Jude指出：“企业需要确保接入业务系统的个人设备达到基本安全标准，Android企业版设备信任方案为此提供了重要支撑。”该平台与CrowdStrike、Okta、Omnissa、Urmobo、Zimperium等安全厂商深度集成，覆盖终端管理（EMM/UEM）、身份认证（IdPs）、端点防护（EDR/MTD）及安全信息事件管理（SIEM）四大领域，输出20余项Android专属安全指标，实现分层策略与实时决策。 设备信任方案兼容企业设备与员工自有Android终端，无需完整注册管理（EMM）即可通过安装合作安全应用完成验证，尤其适用于临时工、承包商等需快速接入业务系统的场景——任务完成后可立即撤销权限。通过实时威胁可视化管理，IT团队能及时应对系统版本过时、设备丢失等风险，提升事件响应效率。 该服务支持Android 10及以上系统。Android企业版将于7月10日举办“设备信任实践研讨会”，分享技术洞察与应用案例。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 网络安全公司ReliaQuest今日发布最新报告称，至少有两个网络犯罪团伙BianLian和RansomExx正在利用SAP NetWeaver近期披露的安全漏洞，表明多组威胁分子正在争相利用该漏洞。 ReliaQuest表示发现了BianLian数据勒索团伙和RansomExx勒索软件家族（微软追踪代号Storm-2460）的活动痕迹。通过基础设施关联，研究人员确认BianLian至少参与了一起攻击事件，其服务器184[.]174[.]96[.]74运行的rs64.exe程序负责反向代理服务，该IP与同一托管商运营的184[.]174[.]96[.]70存在关联，后者曾被标记为BianLian的命令控制（C2）服务器，两者共享相同的证书与端口配置。 研究人员还观察到名为PipeMagic的插件式木马被部署，该恶意软件近期通过Windows通用日志文件系统（CLFS）权限提升漏洞（CVE-2025-29824）的零日攻击，针对美国、委内瑞拉、西班牙和沙特阿拉伯实体发起定向攻击。攻击者通过利用SAP NetWeaver漏洞植入WebShell后投放PipeMagic木马。 “尽管首次攻击尝试失败，但后续攻击通过内联MSBuild任务执行部署了Brute Ratel C2框架，”ReliaQuest指出，“在此过程中生成的dllhost.exe进程表明攻击者试图再次利用CLFS漏洞（CVE-2025-29824），此次通过内联汇编技术发起新攻击。” SAP安全公司Onapsis补充称，自2025年3月以来，威胁分子同时利用CVE-2025-31324漏洞及同组件的反序列化漏洞（CVE-2025-42999）实施攻击，新补丁已修复CVE-2025-31324的根本原因。 ReliaQuest在声明中强调：“只要CVE-2025-31324仍可被利用，其与CVE-2025-42999的实际危害差异微乎其微。尽管CVE-2025-42999需要更高权限，但CVE-2025-31324本身已能获取完整系统权限。攻击者无论通过认证或非认证用户均能同样利用这两个漏洞，因此两者的修复建议完全一致。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Fortify SCA 2024.4 命令行使用说明

It's Me, Not You: CISA Withdraws Leidos Cyber Offer Last Second
A multi-billion dollar vision by the Cybersecurity and Infrastructure Security Agency for its government-wide network intrusion detection and prevention system went kaput on Friday, court documents show. It withdrew an offer to contractor Leidos to support the National Cybersecurity Protection System.

腾讯云安全中心推出25年4月安全漏洞必修清单，漏洞介绍及修复建议详见全文。

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一场名为“Meta Mirage”的新型全球钓鱼攻击活动，该活动针对使用Meta商务套件的企业，专门劫持包含广告管理和品牌官方页面在内的高价值账户。 安全公司CTM360指出，攻击者通过伪造Meta官方通知诱导用户提交密码和安全验证码等敏感信息。研究人员已发现超过14,000个恶意链接，其中约78%在报告发布时仍未被浏览器拦截，这一规模令人担忧。 攻击者利用GitHub、Firebase和Vercel等可信云平台托管虚假页面以增强隐蔽性。该手法与微软近期披露的云服务滥用案例相似——攻击者通过托管服务平台渗透Kubernetes应用，这表明利用可信平台规避检测已成为常用手段。攻击者通过邮件和私信发送账户违规警告、暂停通知或紧急验证提示，利用伪造的Meta官方通信使信息显得紧急而权威。这种策略与近期利用Google Sites钓鱼活动中使用谷歌托管页面欺骗用户的手法高度相似。 主要攻击手段分为两种模式： 凭证窃取：引导用户在高仿真页面输入密码及OTP，通过伪造错误提示迫使重复提交以确保证据有效性。 Cookie劫持：窃取浏览器Cookie实现无密码持续访问，类似PlayPraetor恶意软件劫持社交媒体账户投放欺诈广告的模式。 CTM360报告揭示了攻击者为提高成功率采用的渐进式策略：初期通过非紧急的普通违规通知接触受害者，后续逐步升级为账户即时暂停或永久删除等严重威胁。这种焦虑诱导手法促使用户未经核实即快速响应。 安全防护建议包括： 仅使用专用设备管理企业社媒账户； 设置独立的工作邮箱；启用双因素认证（2FA）； 定期审查账户安全设置和活跃会话； 培训员工识别及报告可疑信息。 本次大规模钓鱼活动凸显了保持警惕并采取主动防护措施对保护线上资产的重要性。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in VMware Aria Operations for Logs up to 8.18.2. Affected is an unknown function of the component API. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-22220. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in VMware Aria Operations up to 8.18.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-22222. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-1166. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Sensly Sensly Online Presence Plugin up to 0.6 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13493. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Forminator Forms Plugin up to 1.38.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-7052. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VMware Aria Operations for Logs up to 8.18.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-22218. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in VMware Aria Operations for Logs up to 8.18.2. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22219. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in VMware Aria Operations for Logs up to 8.18.2. This issue affects some unknown processing of the component Agent Configuration Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-22221. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一场新的钓鱼攻击活动，旨在通过名为Horabot的恶意软件针对墨西哥、危地马拉、哥伦比亚、秘鲁、智利和阿根廷等拉丁美洲国家的Windows用户。 Fortinet FortiGuard Labs研究员Cara Lin表示，该活动“通过伪造发票或财务文档的精心设计邮件诱骗受害者打开恶意附件，能够窃取邮箱凭证、收集联系人列表并安装银行木马”。 该网络安全公司于2025年4月观测到这一活动，主要针对西班牙语用户。攻击还被发现利用Outlook COM自动化功能从受害者邮箱发送钓鱼信息，从而在企业或个人网络内部横向传播恶意软件。 攻击者通过执行多种VBScript、AutoIt和PowerShell脚本进行系统侦察、凭证窃取及投放额外恶意载荷。Horabot最早由思科Talos于2023年6月记录为针对拉丁美洲西班牙语用户的威胁，其攻击活动可追溯至至少2020年11月，评估认为攻击者来自巴西。 去年Trustwave SpiderLabs披露了另一起针对同一地区的钓鱼活动，其恶意载荷与Horabot存在相似性。 最新攻击始于以发票为诱饵的钓鱼邮件，诱使用户打开包含PDF文档的ZIP压缩包。实际上该ZIP文件内含恶意HTML文件，其中包含Base64编码的HTML数据，用于连接远程服务器下载第二阶段的恶意载荷。 第二阶段载荷是另一个包含HTML应用程序（HTA）文件的ZIP压缩包，该文件负责加载远程服务器托管的脚本。脚本随后注入外部VBScript代码，执行系列检测——若系统安装Avast杀毒软件或处于虚拟环境则终止攻击。 VBScript继续收集基础系统信息并外传至远程服务器，同时获取额外载荷，包括通过恶意DLL释放银行木马的AutoIt脚本，以及扫描Outlook联系人数据构建目标邮箱列表后传播钓鱼邮件的PowerShell脚本。 Cara Lin表示：“恶意软件随后从Brave、Yandex、Epic Privacy Browser、Comodo Dragon、Cent Browser、Opera、Microsoft Edge和Google Chrome等浏览器窃取相关数据。除数据窃取外，Horabot还监控受害者行为，注入伪造弹窗以窃取敏感登录凭证。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability has been found in Cost Calculator Builder Plugin up to 3.2.42 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-10892. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Vehicle Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /newvehicle.php. The manipulation of the argument Booking ID/Action Name/Payment Confirmation ID leads to sql injection. This vulnerability was named CVE-2024-48245. The attack can be initiated remotely. There is no exploit available.