Aggregator

​【论文】情报和恐怖分子的“心脏”:发现和应对恐怖战术的管理系统

丁爸情报分析师的工具箱
10 months ago
如何“深入恐怖分子的内心”,即管理综合技术系统的转型和现代化,包括一支适应性情报队伍。在这方面,冷战后的南非被用作系统集成和情报集中处理的一个例子。在讨论“在森林或城市中寻找恐怖分子”时,强调的是综合解释方法的力量,以减轻情报的欺骗和操纵。

XE 黑客组织利用 VeraCore 零日漏洞部署持久性 Web 后门

HackerNews
10 months ago
HackerNews 编译,转载请注明出处: 2025年2月10日,据网络安全公司Intezer和Solis Security的研究报告,一个名为XE Group的黑客组织被发现利用VeraCore软件中的多个零日漏洞,部署Web后门并维持对受感染系统的持久性远程访问。 XE Group是一个自2010年活跃至今的网络犯罪团伙,可能起源于越南。该团伙最初以信用卡信息窃取和供应链攻击为主,但近年来已转向针对制造业和分销行业的供应链攻击,利用新的漏洞和高级技术实施信息窃取。 此次攻击涉及的漏洞包括: CVE-2024-57968(CVSS评分:9.9):文件上传验证漏洞,允许远程认证用户将文件上传到未指定的文件夹(已在VeraCore 2024.4.2.1版本中修复)。 CVE-2025-25181(CVSS评分:5.8):SQL注入漏洞,允许远程攻击者执行任意SQL命令(目前尚无补丁)。 研究人员发现,XE Group通过这些漏洞部署了ASPXSpy Web后门,用于未经授权地访问受感染系统,并在某些情况下自2020年起就开始利用CVE-2025-25181漏洞。这些Web后门具备文件系统枚举、文件窃取和压缩(使用7z工具)等功能,并且可以用来投放Meterpreter负载,尝试通过Windows套接字连接到攻击者控制的服务器(如“222.253.102[.]94:7979”)。 此外,该团伙还利用这些漏洞维持对受感染系统的长期访问。例如,XE Group在2020年入侵了一个组织的系统,并在2024年重新激活了多年前部署的Web后门,继续窃取敏感配置文件并尝试执行远程访问木马(RAT)。 XE Group的攻击手段不断演变,从早期的信用卡信息窃取转向利用零日漏洞实施更广泛的数据窃取,这标志着其攻击能力的提升。该团伙还利用定制化的ASPXSpy Web后门,通过伪装成图像文件的可执行文件来隐藏恶意行为。 研究人员指出,XE Group通过长期维持对系统的访问,展示了其对长期目标的承诺。通过攻击制造业和分销行业的供应链,XE Group不仅最大化了其行动的影响,还展示了其对系统性漏洞的深刻理解。 相关背景 CVE-2019-18935:该漏洞曾被英国和美国政府机构列为2021年最常被利用的漏洞之一,最近也被用于加载反向Shell并执行后续侦察命令。 CISA更新已知漏洞目录:美国网络安全和基础设施安全局(CISA)近期将5个漏洞加入其已知被利用漏洞(KEV)目录,其中包括7-Zip的Mark of the Web绕过漏洞(CVE-2025-0411)和Sophos XG防火墙缓冲区溢出漏洞(CVE-2020-15069)。 安全建议 使用VeraCore的组织应尽快更新至最新版本,并实施全面的安全控制措施,包括定期进行漏洞评估和监控异常行为。 针对零日漏洞的利用,企业需加强主动防御策略,以应对日益复杂的网络犯罪威胁。   消息来源:The Hacker News, 编译:zhongx;  本文由 HackerNews.cc 翻译整理,封面来源于网络;   转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
10 months ago

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has been actively exploited in targeted attacks against iPhone and iPad users. The vulnerability allows attackers to disable USB Restricted Mode on a locked device, potentially granting unauthorized access to sensitive data. Apple is aware of reports that this issue may have […]

The post Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Gurubaran

CVE-2024-23850 | Linux Kernel up to 6.7.1 fs/btrfs/disk-io.c btrfs_get_root_ref assertion (Nessus ID 215381)

Vuldb Updates
10 months ago
A vulnerability was found in Linux Kernel up to 6.7.1. It has been classified as critical. This affects the function btrfs_get_root_ref of the file fs/btrfs/disk-io.c. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2024-23850. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-32618 | HDF5 up to 1.14.3 H5Tnative.c H5T__get_native_type heap-based overflow (Nessus ID 215388)

Vuldb Updates
10 months ago
A vulnerability classified as critical was found in HDF5 up to 1.14.3. This vulnerability affects the function H5T__get_native_type of the file H5Tnative.c. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-32618. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

CVE-2024-32615 | HDF5 up to 1.14.3 H5Znbit.c H5Z__nbit_decompress_one_byte heap-based overflow (Nessus ID 215395)

Vuldb Updates
10 months ago
A vulnerability, which was classified as critical, was found in HDF5 up to 1.14.3. Affected is the function H5Z__nbit_decompress_one_byte of the file H5Znbit.c. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-32615. Access to the local network is required for this attack. There is no exploit available.
vuldb.com

CVE-2022-2962 | QEMU Tulip Device Emulation denial of service (Issue 1171 / Nessus ID 215403)

Vuldb Updates
10 months ago
A vulnerability was found in QEMU. It has been classified as problematic. Affected is an unknown function of the component Tulip Device Emulation. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-2962. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-35972 | Linux Kernel up to 6.6.27/6.8.6 bnxt_en bnxt_rdma_aux_device_init memory leak (c60ed825530b/10a9d6a7513f/7ac10c7d728d / Nessus ID 215414)

Vuldb Updates
10 months ago
A vulnerability was found in Linux Kernel up to 6.6.27/6.8.6. It has been declared as critical. Affected by this vulnerability is the function bnxt_rdma_aux_device_init of the component bnxt_en. The manipulation leads to memory leak. This vulnerability is known as CVE-2024-35972. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-49569 | go-git prior 5.11.0 Git Server Reply path traversal (GHSA-449p-3h89-pw88 / Nessus ID 215430)

Vuldb Updates
10 months ago
A vulnerability classified as critical was found in go-git. Affected by this vulnerability is an unknown functionality of the component Git Server Reply Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2023-49569. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-45480 | Linux Kernel up to 5.15.10 Connection net/rds/connection.c __rds_conn_create memory leak (Nessus ID 215435)

Vuldb Updates
10 months ago
A vulnerability was found in Linux Kernel up to 5.15.10. It has been declared as problematic. This vulnerability affects the function __rds_conn_create of the file net/rds/connection.c of the component Connection Handler. The manipulation leads to memory leak. This vulnerability was named CVE-2021-45480. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

嘶吼安全产业研究院 | 2025网络安全产业图谱调研启动

嘶吼
10 months ago

在当今数字化深度渗透的时代,网络已然成为经济、社会、生活运转的关键支撑。从金融交易、政务办公到日常的社交娱乐,人们的一切活动都与网络紧密相连。然而,繁荣的网络生态背后,网络安全形势却日益严峻。网络攻击手段日益复杂多变,勒索软件、高级持续性威胁(APT)等层出不穷,与此同时,云计算、大数据、物联网等新技术广泛应用,网络安全面临着前所未有的挑战与全新需求。

为紧跟网络安全领域的快速发展步伐,嘶吼安全产业研究院决定对《网络安全产业图谱》进行更新。在各领域新兴技术不断涌现,尤其是 AI 与网络安全深度融合的背景下,我们将重新调整分类网络安全产业链。比如,专门划分出 AI 赋能网络安全的相关细分领域。进一步优化网安产业布局,为政企及其他组织机构提供更具前瞻性和实用价值的客观参考。

图谱调整说明:

1、各细分领域精简收录企业数量:

本次图谱调研将延续2024年图谱收录方式,参考细分产品营收、营收增长率、客户数量、投入占比、品牌影响力等多个维度,对企业进行全面能力评估,重点收录综合能力较高的企业,为行业用户提供更精准的行业参考指南。

2、热门领域Top10厂商推荐:

在精选出的多个热门领域中,我们将根据调研结果评选出Top10优秀安全厂商,进行单独呈现

3、重点领域厂商产品名录展示:

在精选出的多个重点领域中,我们将根据调研结果展示重点领域安全产品名录

《2025网络安全产业图谱》调研通知:

图谱调研表获取方式:关注嘶吼专业版公众号,回复“2025图谱调研”获取

1)征集阶段:2025年2月10日——2025年3月7日,下载填报《2025网络安全产业图谱调研表》,并发送至收集邮箱中。

2)分析阶段:根据回收的问卷,嘶吼分析师团队会针对厂商提交材料进行复核,部分厂商可能需要接受验证或者访谈,以便对存疑问题进行沟通。

3)图谱报告发布:《2025网络安全产业图谱》由嘶吼安全产业研究院官方发布。内容将呈现部分细分领域数据统计,根据实际调研结果,撰写包括网络安全产业情况、调研发现等相关内容。

填写说明:

1 请按说明要求填写,方便后续整理数据,请注意,不要自行添加或删减行列!

2 提交时请务必在附件中添加(ai格式)公司logo。

3 请于3月7日前提交问卷,发送至邮箱[email protected]

4 务必客观、真实填写该问卷

声明:

· 此次收集的调研数据,将由嘶吼安全产业研究院全程严格管理。每一个样本数据仅作为综合统计分析的素材,本次调研有可对外展示资料填写,调研表中已明确标注,填写时请提交脱敏资料。其他未标注对外展示填写项目,均不会泄露和公布,请参与调研的每位负责人安心填写。

· 《2025网络安全产业图谱调研表》仅为调研资料收集,图谱最终呈现分类与形式,将以正式发布内容为准。

在此,我们要郑重的感谢所有参与到嘶吼图谱绘制的各家厂商,不论是网络框架梳理到内容划分调整,亦或是申请入驻、参与对细分领域的调研等环节,行业同仁都对我们提供了莫大的帮助。再次表示诚挚的感谢!


山卡拉

airgorah: A WiFi auditing software that can perform deauth attacks and passwords cracking

Penetration Testing Tools - Metepreter.org
10 months ago

airgorah Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack...

The post airgorah: A WiFi auditing software that can perform deauth attacks and passwords cracking appeared first on Penetration Testing Tools.

ddos

Open Firmware Reverse Analysis Konsole: binary analysis and modification platform

Penetration Testing Tools - Metepreter.org
10 months ago

OFRAK OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform. OFRAK combines the ability to: Identify and Unpack many binary formats Analyze unpacked binaries with field-tested reverse engineering tools Modify and Repack binaries with powerful patching strategies...

The post Open Firmware Reverse Analysis Konsole: binary analysis and modification platform appeared first on Penetration Testing Tools.

ddos

The Fallout on AI Chipmakers, Infrastructure From DeepSeek

Ransomware DataBreachToday.com
10 months ago
Manufacturers May Have to Reassess Product Strategy to Maintain Competitive Edge
DeepSeek's entry into the AI market triggered a ripple effect, with a potential major impact on chipmakers. Shares of Nvidia, AMD and Intel took a hit immediately after the Chinese model's release and is forcing these silicon stalwarts to reassessment of their product strategies.

Security Researchers Warn of New Risks in DeepSeek AI App

Ransomware DataBreachToday.com
10 months ago
Weak Encryption, Data Transfers to China, Hidden ByteDance Links Found
Security researchers found DeepSeek AI has weak encryption, SQL injection flaws and sends user data to Chinese state-linked entities. Its AI model failed jailbreak tests, making it prone to manipulation. Regulators in Europe, South Korea, and Australia are investigating, with bans and warnings issued over security risks.

Managed ad