Aggregator

Submit #419222 / VDB-280051

最近，卡巴斯基实验室的网络安全分析师发现，黑客一直在频繁利用 YouTube平台来传播复杂的恶意软件。通过劫持热门频道，黑客伪装成原始创作者发布恶意链接，对用户实施诈骗。 图片来源：FreeBuf 研究发现，攻击者曾在 2022 年实施了一项复杂的加密货币挖掘活动，目标主要针对俄罗斯用户。攻击者使用多种攻击媒介（包括被劫持的 YouTube 账户 ）来分发伪装成如uTorrent、Microsoft Office和Minecraft等流行应用的恶意文件。 感染链始于 “受密码保护的 MSI 文件”，其中包含触发多阶段攻击序列的 VBScript，包括利用隐藏在合法数字签名 DLL 中的 AutoIt 脚本，将权限升级到 SYSTEM 级。 这是一种在隐藏 “恶意代码 “的同时保持签名有效性的技术。 该恶意软件通过 WMI 事件过滤器、注册表修改（特别针对 图像文件执行选项、调试器和MonitorProcess 键）以及滥用开源Wazuh SIEM 代理进行远程访问等多种机制建立了持久性。 此外，攻击者采用了复杂的防御规避技术（通 explorer.exe进程镂空、反调试检查和使用基于特殊 GUID 的目录名操纵文件系统）来隐藏恶意组件。 卡巴斯基表示，最终有效载荷部署为SilentCryptoMiner，用于挖掘Monero和Zephyr等注重隐私的加密货币，同时实施基于进程的隐身机制以逃避检测。 该恶意软件还收集系统遥测数据（包括CPU 规格、GPU 详细信息、操作系统版本和防病毒信息）并通过 Telegram 机器人 API 进行传输，其中一些变体包括剪贴板劫持功能，特别针对加密货币钱包地址。 除了针对俄罗斯用户，这一恶意活动还针对来自白俄罗斯、印度、乌兹别克斯坦、哈萨克斯坦、德国、阿尔及利亚、捷克、莫桑比克和土耳其的用户。由于这些用户经常自愿禁用 AV 工具的保护和安全措施来安装非官方软件，因此特别容易受到攻击。 这种攻击的复杂性体现在其模块化结构上，即可以根攻击者的目标动态加载不同的有效载荷组件，表明大规模活动可通过先进的混淆方法和反分析功能，在保持隐蔽性的同时融入复杂的企业级攻击技术。 参考来源：Hackers Using YouTube Videos To Deliver Sophisticated Malware     转自FreeBuf，原文链接：https://www.freebuf.com/news/412529.html 封面来源于网络，如有侵权请联系删除

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. "An issue was discovered in GitLab EE

A vulnerability was found in ShopLentor Plugin up to 2.9.8 on WordPress. It has been classified as problematic. Affected is an unknown function of the component FAQ Widget Elementor Template. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-9538. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Comments Import & Export Plugin up to 2.3.7 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-7514. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Open Cluster Management and classified as problematic. This vulnerability affects unknown code of the component cluster-manager. The manipulation leads to permission issues. This vulnerability was named CVE-2024-9779. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as problematic, was found in GitHub Enterprise Server up to 3.11.15/3.12.9/3.13.4/3.14.1. This affects an unknown part of the component SAML SSO. The manipulation leads to improper verification of cryptographic signature. This vulnerability is uniquely identified as CVE-2024-9487. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Snipe-IT up to 7.0.9. Affected by this issue is some unknown functionality. The manipulation of the argument APP_KEY leads to Privilege Escalation. This vulnerability is handled as CVE-2024-48987. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Gradio up to 4.x. Affected by this vulnerability is the function async_save_url_to_cache of the file /queue/join of the component Video Component. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-47167. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Gradio up to 4.x. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-47872. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HashiCorp Vault and Vault Enterprise. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to incorrect privilege assignment. The identification of this vulnerability is CVE-2024-9180. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in jsonpath-plus up to 9.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2024-21534. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Gradio up to 4.43. It has been classified as critical. This affects an unknown part. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-47084. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Gradio up to 4.x and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument localhost_aliases leads to improper authorization. This vulnerability is handled as CVE-2024-47165. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Gradio up to 4.43 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /monitoring. The manipulation leads to incorrect control flow. This vulnerability is known as CVE-2024-47168. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Gradio up to 4.x. Affected is an unknown function. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is traded as CVE-2024-47871. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Gradio up to 4.43. This issue affects some unknown processing of the file /custom_component. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-47166. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

在AI重构系统体验，打造便捷贴心的个人化专属体验的同时，用户隐私安全始终是vivo的首要原则。

A vulnerability classified as critical was found in Gradio up to 4.x. This vulnerability affects the function is_in_or_equal. The manipulation leads to path traversal. This vulnerability was named CVE-2024-47164. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Gradio up to 4.x. This affects the function update_root_in_config. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2024-47870. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.