Aggregator

2月7日19点30白帽子章华鹏开年第一场直播预告

2月7日19点30白帽子章华鹏开年第一场直播预告

A vulnerability, which was classified as problematic, has been found in Bulk Me Now Plugin up to 2.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-12709. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in jetmonsters Stratum Plugin up to 1.4.7 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13642. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in kstover Ninja Forms Plugin up to 3.8.24 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13470. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the argument data_info[content] leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0871. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation of the argument browserLang leads to cross site scripting. This vulnerability is known as CVE-2025-0869. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in cyberchimps Responsive Blocks Plugin up to 1.9.9 on WordPress. This issue affects some unknown processing. The manipulation of the argument section_tag leads to cross site scripting. The identification of this vulnerability is CVE-2024-13732. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in codepeople CP Contact Form with PayPal Plugin up to 1.3.52 on WordPress. Affected is the function cp_contact_form_paypal_check_init_actions. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-13758. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Clinked Client Portal Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function clinked-login-button of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12524. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in vruizg VR-Frases Plugin up to 3.0.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-0860. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in filipmedia WP Image Uploader Plugin up to 1.0.1 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument file leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13706. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in sellerthemes Storely Plugin up to 16.6 on WordPress. This affects an unknown part of the component Display Name Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10847. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in atakanau Automatically Hierarchic Categories in Menu Plugin up to 2.0.7 on WordPress. It has been classified as problematic. Affected is the function autocategorymenu of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13466. It is possible to launch the attack remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 2024年，勒索软件攻击使网络犯罪团伙共获得8.135亿美元的非法收入，相较于2023年的12.5亿美元有所下降。 区块链情报公司Chainalysis指出，2024年上半年的敲诈总金额为4.598亿美元，并表示自2024年7月之后，支付活动减少了约3.94%。 “2024年下半年勒索软件事件数量有所增加，但链上支付却减少了，这表明虽然更多受害者被盯上，但实际支付赎金的人变少了。”该公司说道。 另一个挑战是勒索软件生态系统的日益碎片化。在LockBit和BlackCat倒台之后，许多新入局者涌现，他们放弃了针对大型企业的“狩猎”，转而将目标对准小型至中型企业，这也导致赎金数额要求较低。 根据Coveware公司收集的数据，2024年第四季度的平均勒索软件支付金额为553,959美元，相较于第三季度的479,237美元有所上升。然而，中位数赎金支付金额却从200,000美元降至110,890美元，环比下降了45%。 “支付赎金仍然是那些没有其他办法恢复关键数据的人的最后选择。”该公司表示。 “新旧勒索软件变种的故障解密工具以及对威胁行为者履行承诺能力的日益不信任，都促使受害者除非万不得已，否则不会选择支付赎金。” 赎金支付的减少也与执法部门在打击网络犯罪团伙和加密货币洗钱服务方面取得的越来越多的成功相呼应，这破坏了犯罪行为的经济动机，并提高了进入这一领域的门槛。 尽管如此，2024年也见证了自2021年以来年度勒索软件事件数量的最高值，达到了惊人的5,263次攻击，同比增加了15%。 “工业领域在全球经济中扮演着关键角色，2024年遭受了所有勒索软件攻击的27%（1,424次），比2023年增加了15%。”NCC集团表示。“2024年，超过一半的攻击（55%）发生在北美地区。” 2024年最常见的勒索软件变种包括Akira（11%）、Fog（11%）、RansomHub（8%）、Medusa（5%）、BlackSuit（5%）、BianLian（4%）和Black Basta（4%）。在此期间，独狼行动者占据了8%的市场份额。 最近几个月出现的一些新入局者包括Arcus Media、Cloak、HellCat、Nnice、NotLockBit、WantToCry和Windows Locker。特别是HellCat，被发现采用心理战术来羞辱受害者，迫使他们支付赎金。 “Akira和Fog使用了相同的洗钱方法，这与其他勒索软件变种不同，进一步支持了它们之间存在关联的观点。”Chainalysis说道。 “这两个组织主要专注于利用VPN漏洞，这使他们能够未经授权访问网络，进而部署勒索软件。”   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in YoungZSoft CMailServer 4.0.2003.23.27. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component ESMTP Service. The manipulation of the argument MAIL FROM/RCPT TO leads to memory corruption. This vulnerability is known as CVE-2003-0280. The attack can be launched remotely. Furthermore, there is an exploit available.

微软近日为受影响的用户提供了一个临时解决方案，以解决某些Windows 11 24H2系统无法部署安全更新的已知问题。

新闻速览 2024 网安（亏损）TOP 10 Backline利用人工智能解决企业安全积压问题 Zyxel 路 […]

随着网络犯罪分子不断升级他们的攻击手段，企业和个人面临着前所未有的风险。在这种危机中，网络安全专业人员的作用变 […]

A vulnerability was found in qriouslad System Dashboard Plugin up to 2.8.15 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Filename leads to cross site scripting. This vulnerability is handled as CVE-2024-12299. The attack may be launched remotely. There is no exploit available.