当前节点:rss
时间节点
2022年5月29日 07:33Posts on malicious.link
Lessons Learned
Slides
Lesson 1
Lesson 2
Lesson 3
Lesson 4
Lesson 5
Lesson 6
Lesson 7
Lesson 8
Lesson 9
Lesson 10
Lesson 11
Lesson 3 - Detection Reality
People and Honey tokens are THE BEST detective tool you have.
Go buy a Thinkst Canary, they detect me more than any multi-million dollar EDR. Period.
Let me clarify something quickly before I get roasted. I am not saying that EDR (Endpoint Detection and Response) agents don’t have a place, it’s just that they have taken over for Anti-Virus for being mostly preventative and response oriented. Do EDRs detect things? Sure, but in my pentesting and red teaming experience they rarely catch any of the actions I do outside of touching LSASS. Which to be fair, is what a lot of malware and APT actors do. But it won’t stay that way, and Sysmon is free :P
One more clarifying statement. I have no affiliation to Thinkst other than knowing Haroon Meer through Twitter and meeting him once or twice in person, super amazing dude, I think of the world of him. I truly think the
2022年5月29日 05:35Hacking Articles
Introduction Post-Windows 2000, Microsoft introduced an option where users could authenticate to one system via Kerberos and work with another system. This was made possible
The post Domain Escalation: Unconstrained Delegation appeared first on Hacking Articles.
简介 Windows 2000之后,微软引入了一个选项,用户可以通过 Kerberos 对一个系统进行身份验证,并使用另一个系统。这是可能的
后域升级: 无约束委托首先出现在黑客文章中。
2022年5月29日 05:09malware.news
New pilot framework and toolkit will enable businesses to demonstrate their “objective and verifiable” use of artificial intelligence, says the Singapore government, which hopes to drive transparency in AI deployments through technical and process checks.
Article Link: Singapore touts need for AI transparency in launch of test toolkit | ZDNet
1 post - 1 participant
Read full topic
新加坡政府表示,新的试点框架和工具包将使企业能够展示它们对人工智能的“客观和可验证的”使用。新加坡政府希望通过技术和流程检查,提高人工智能部署的透明度。
文章链接: 新加坡在推出测试工具包时吹嘘人工智能透明度的必要性 | ZDNet
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
This post is a follow up on the last one on BAZARLOADER. If you’re interested in how to unpack the initial stages of this malware, you can check it out here.
In this post, we’ll cover the final stage of this loader, which has the capability to download and executes remote payloads such as Cobalt Strike and Conti ransomware. To follow along, you can grab the sample as well as the PCAP files for it on Malware-Traffic-Analysis.net.
Step 1: Checking System Languages
Similar to a lot of malware, BAZARLOADER manually checks the system’s languages to avoid executing on machines in Russia and nearby countries.
It calls GetSystemDefaultLangID to retrieve the system’s default language and GetKeyboardLayoutList to iterate through the system’s keyboard layouts.
For each of these languages, the malware checks if it’s valid using a bitmask.
If the language identifier is greater than 0x43 or less than 0x18, it’s treated as valid and BAZARLOADER proceeds with its execution.
If it’s in the range between 0x18 and 0x43, the dif
2022年5月29日 05:09malware.news
IT threat evolution in Q1 2022
IT threat evolution in Q1 2022. Non-mobile statistics
IT threat evolution in Q1 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data.
Quarterly figures
According to Kaspersky Security Network, in Q1 2022:
6,463,414 mobile malware, adware and riskware attacks were blocked.
The largest share of all detected mobile threats accrued to RiskTool programs — 48.75%.
516,617 malicious installation packages were detected, of which:
53,947 packages were related to mobile banking trojans,
and 1,942 packages were mobile ransomware trojans.
Quarterly highlights
In Q1 2022, the level of activity among cybercriminals remained roughly the same as it was at the end of 2021 when comparing the number of attacks on mobile devices. But in general, the number of attacks is still on a downward trend.
Number of attacks targeting users of Kaspersky mobile solutions, Q1 2020 — Q1 2022 (download)
What 
2022年5月29日 05:09malware.news
IT threat evolution in Q1 2022
IT threat evolution in Q1 2022. Non-mobile statistics
IT threat evolution in Q1 2022. Mobile statistics
Targeted attacks
MoonBounce: the dark side of UEFI firmware
Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). Further analysis revealed that the attackers had modified a single component in the firmware in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.
Our analysis of the rogue firmware, and other malicious artefacts from the target’s network, revealed that the threat actor behind it had tampered with the firmware to embed malware that we call MoonBounce. Since the implant is located in SPI flash on the motherboard, rather than on the hard disk, it can persist even if someone formats or replaces the hard disk.
Moreover, the infection chain does not leave any traces on 
2022年5月29日 05:09malware.news
IT threat evolution in Q1 2022
IT threat evolution in Q1 2022. Non-mobile statistics
IT threat evolution in Q1 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
Quarterly figures
According to Kaspersky Security Network, in Q1 2022:
Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe.
Web Anti-Virus recognized 313,164,030 unique URLs as malicious.
Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 107,848 unique users.
Ransomware attacks were defeated on the computers of 74,694 unique users.
Our File Anti-Virus detected 58,989,058 unique malicious and potentially unwanted objects.
Financial threats
Financial threat statistics
In Q1 2022 Kaspersky solutions blocked the launch of at least one piece of malware designed to steal money from bank accounts on the computers of 107,848 unique users.
Number of un
2022年5月29日 05:09malware.news
The International Conference on 3D Printed Firearms, organised by Europol and the Dutch National Police (Politie) in the framework of EMPACT Firearms and hosted at the University of Leiden, saw some 120 participants from 20 countries address the latest challenges facing law enforcement in their efforts to tackle this threat.  Over the course of two days (24-25 May 2022), the…
Article Link: Printing insecurity: Tackling the threat of 3D printed guns in Europe | Europol
1 post - 1 participant
Read full topic
由欧洲刑警组织和荷兰国家警察(Politie)主办的国际3D 打印枪支会议在欧洲警察总署枪支管制莱顿大学的框架下举行,来自20个国家的约120名与会者参加了会议,讨论执法部门在应对这一威胁方面面临的最新挑战。在两天内(2022年5月24日至25日) ..。
文章链接: 印刷不安全: 应对3D 打印枪支在欧洲的威胁 | 欧洲刑警组织
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
Mozilla has published updates for two critical security issues in Firefox and Thunderbird, demonstrated during Pwn2Own Vancouver. The vulnerabilities, discovered in the Firefox JavaScript engine (shared by the Firefox-based Tor browser) relate to Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. For users of Thunderbird, the vulnerability there is in relation to Thunderbird 91.9.91.
Additionally, there is some fallout beyond the standard versions of Firefox and Thunderbird. Users of the anti-surveillance Tails Operating System have been warned to stop using the bundled Tor browser until a fix goes live. This is because it could be potentially vulnerable to CVE-2022-1802:
This vulnerability allows a malicious website to bypass some of the security built in Tor Browser and access information from other websites.
For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterw
2022年5月29日 05:09malware.news
Google’s Chrome is looking to bring memory safety to Chrome’s C++ codebase.
Article Link: Programming languages: How Google is improving C++ memory safety | ZDNet
1 post - 1 participant
Read full topic
谷歌的 Chrome 正在寻求为 Chrome 的 C + + 代码库带来内存安全。
文章链接: 编程语言: Google 如何提高 C + + 内存安全性 | ZDNet
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
The Federal Trade Commission (FTC) and the Department of Justice (DOJ) have ordered Twitter to pay a $150M penalty for using users’ account security data deceptively.
The deception violates an FTC order from 2011, that bars Twitter from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.”
This penalty stemmed from a complaint the DOJ filed on behalf of the FTC against Twitter. From May 2013 to September 2019, Twitter asked users to provide an email address and contact number for security reasons, such as setting up two-factor authentication (2FA); password recovery; and for re-enabling full access to accounts thought to have acting suspiciously.
However, Twitter used it for another purpose: Targeted advertising.
“As the complaint notes, Twitter obtained data from users on the pretext of har
2022年5月29日 05:09malware.news
Popular open source content management system (CMS) Strapi released patches addressing two vulnerabilities that would allow hackers to view private and sensitive data, such as email and password reset tokens.
Strapi is known for its “headless” CMS, which means the front end and back end of the system are completely separate. Thousands of companies use the software, according to David Johansson, principal security consultant at Synopsys Software Integrity Group, which discovered the issues.
While Strapi is less well-known than its competitors WordPress and Joomla, it is used by IBM, Walmart, NASA, Societe Generale and Delivery Hero among others.
The vulnerabilities were discovered in November and Strapi initially patched CVE-2022-30617 that same month. But other issues were found, and another patch was issued for CVE-2022-30617 and CVE-2022-30618 on May 11.
CVE-2022-30617 has a CVSS base score of 8.8 and CVE-2022-30618 has a score of 7.5.
Johansson said Strapi has nearly 40,000 weekly downloads on NPM for its 
2022年5月29日 05:09malware.news
Microsoft’s ‘security defaults’ are getting a much bigger rollout.
Article Link: Microsoft is rolling out these security settings to protect millions of accounts. Here's what's changing | ZDNet
1 post - 1 participant
Read full topic
微软的“安全违约”正在得到更大规模的推广。
文章链接: 微软正在推出这些安全设置,以保护数以百万计的帐户
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
Article Link: [Control Systems] ABB security advisory (AV22-292) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic
文章链接: [控制系统] ABB 安全咨询(AV22-292)-加拿大网络安全中心
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
Netflix’s original series ‘Stranger Things‘ season-4 is on its way to a worldwide release today. As the plot deepens every season, viewers are rooting hard for their favourite characters. From [more]
The post 5 Cybersecurity lessons to learn from Stranger Things  appeared first on Checkmate.
Article Link: https://niiconsulting.com/checkmate/2022/05/5-cybersecurity-lessons-to-learn-from-stranger-things/
1 post - 1 participant
Read full topic
Netflix 的原创剧集《怪奇物语》(Stranger Things)第四季今天即将在全球发行。随着每一季剧情的深入,观众们都在为自己喜欢的角色努力加油。来自[更多]
后5个网络安全课程学习陌生的东西首先出现在将军会。
文章连结:  https://niiconsulting.com/checkmate/2022/05/5-cybersecurity-lessons-to-learn-from-stranger-things/
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
BlackHat Asia 2022 took place in Singapore’s Marina Bay Sands Expo & Convention Centre on the 12th and 13th of May. Whereas this is the usual location for BlackHat Asia, it was my first time visiting this edition, as well as my first visit to the country. In this blog I will share my impression … Read more
Article Link: My impression of BlackHat Asia 2022 – Max Kersten
1 post - 1 participant
Read full topic
黑帽亚洲2022于5月12日和13日在新加坡滨海湾金沙的博览会和会议中心举行。尽管这里是 BlackHat Asia 的老地方,但这是我第一次访问这个版本,也是我第一次访问这个国家。在这个博客中我将分享我的印象... 阅读更多
文章链接: 我对 BlackHat 亚洲2022的印象-Max Kersten
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
<div> <div> <div> <div>
<div><h2><strong>Conversion Rate Optimisation Specialist (m/f/d)</strong></h2>
Malta, Skopje(Macedonia), Hannover(Germany)
Apply now
<div><p>The Hornetsecurity Group is the leading cloud security provider in Europe, which protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. Its services are provided worldwide via 11 redundantly secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With more than 350 employees, the Hornetsecurity Group is represented globally at several locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 50,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, DEKRA and CLAAS.</p>
Due to continued growth, we are looking for a driven and
2022年5月29日 05:09malware.news
Security leaders need to understand how the market perceives their cybersecurity; eroded trust can result in significant financial consequences. Here are 3 key stakeholders to build trust with.
Article Link: How To Build a Trusted Cybersecurity Program | Bitsight
1 post - 1 participant
Read full topic
安全领导人需要了解市场如何看待他们的网络安全; 信任受到侵蚀可能导致重大的财务后果。以下是与之建立信任的3个关键利益相关者。
文章链接: 如何建立一个可信的网络安全程序 | Bitsight
1个职位-1名参加者
读完整主题
2022年5月29日 05:09malware.news
In my diary entry “Huge Signed PE File” we stripped a huge PE file with signature like this:
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
在我的日记“巨大的签名 PE 文件”中,我们剥离了一个巨大的 PE 文件,其签名如下:
文章链接: 信息安全处理程序日记博客-SANS 互联网风暴中心
1个职位-1名参加者
读完整主题
2022年5月28日 21:34Data Breach – Security Affairs
Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain’s exit from the EU, the Reuters reported. According to a Google cybersecurity official and the former head of UK foreign intelligence, the “Very English Coop d’Etat” website was set up to publish private emails from Brexit supporters, including […]
The post Reuters: Russia-linked APT behind Brexit leak website appeared first on Security Affairs.
据路透社报道,一家新网站发布了英国退欧主要支持者泄露的电子邮件,该网站的幕后主使是与俄罗斯有关的威胁行为者。谷歌(Google)一位网络安全官员、英国前外国情报机构负责人表示,“非常英国的国家合作局”(Coop d’etat)网站的设立是为了发布 Brexit 支持者的私人电子邮件,其中包括[ ... ... ]
路透社的帖子: 英国脱欧泄密网站背后与俄罗斯有关的 APT 首先出现在《安全事务》上。
2022年5月28日 06:39Packet Storm
This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.
这篇白皮书演示了在一个名为 COOLHANDLUKE 的漏洞中利用跨网站脚本和通用语言来违反网络分段/第二层 VLAN 策略,同时在没有路由器的隔离的、空间隔离的网络之间传送文件。这个问题影响到 HPE Procurve、 Aruba Networks、 Cisco、 Dell 和 Netgear 产品。
2022年5月28日 05:39malware.news
Security Operations Centers (SOCs) are the first line of defense for businesses when responding to cyber attacks. But with SOC teams struggling to find skilled resources coupled with the increasing volume and sophistication of attacks, Defenders must have a well-defined incident response workflow.
The Cybereason Defense Platform offers multi-tenancy capabilities to enable SOC teams to divide workflows based on roles:
Article Link: Improving SOC Workflows with Cybereason Role-Based Incident Response
1 post - 1 participant
Read full topic
安全操作中心(SOCs)是企业应对网络攻击的第一道防线。但随着 SOC 团队努力寻找熟练的资源,加上攻击的数量和复杂性不断增加,捍卫者必须有一个定义良好的事件响应工作流程。
Cybereason 防御平台提供了多租户功能,使 SOC 团队能够根据角色划分工作流:
文章链接: 基于 Cybereason 角色的事件响应改进 SOC 工作流程
1名1岁以后的参与者
阅读完整主题
2022年5月28日 05:39malware.news
As millions of people around the world practice social distancing and work their office jobs from home, video conferencing has quickly become the new norm. Whether you’re attending regular work meetings, partaking in a virtual happy hour with friends, or catching up with extended family across the globe, video conferencing is a convenient alternative to many of the activities we can no longer do in real life. But as the rapid adoption of video conferencing tools and apps occurs, is security falling by the wayside?
Avoid Virtual Party Crashers
One security vulnerability that has recently made headlines is the ability for uninvited attendees to bombard users’ virtual meetings. How? According to Forbes, many users have posted their meeting invite links on social media sites like Twitter. An attacker can simply click on one of these links and interrupt an important conference call or meeting with inappropriate content.
Ensure Data is in the Right Hands
Online conferencing tools allow users to hold virtual meeting
2022年5月28日 05:39malware.news
As with everything digital, there's someone, somewhere devising a method to steal the assets away from their rightful owners
The post Scams targeting NFT investors – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Article Link: Scams targeting NFT investors – Week in security with Tony Anscombe | WeLiveSecurity
1 post - 1 participant
Read full topic
就像所有数字化的东西一样,有人在某个地方设计一种方法,从合法所有者那里窃取资产
针对 NFT 投资者的骗局——与托尼 · 安斯科姆(Tony Anscombe)的安全周——首先出现在 WeLiveSecurity 上
文章链接: 针对 NFT 投资者的骗局-Tony Anscombe 安全周 | WeLiveSecurity
1个职位-1名参加者
读完整主题
2022年5月28日 05:39malware.news
New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience
The post Cybersecurity: A global problem that requires a global answer appeared first on WeLiveSecurity
Article Link: Cybersecurity: A global problem that requires a global answer | WeLiveSecurity
1 post - 1 participant
Read full topic
俄罗斯入侵乌克兰之后,新的、更加恶化的网络风险正在加剧增强复原力的紧迫性
后网络安全: 一个需要全球性答案的全球性问题首先出现在 WeLiveSecurity 上
文章链接: 网络安全: 需要全球解决的全球性问题 | WeLiveSecurity
1名1岁以后的参与者
阅读完整主题
2022年5月28日 05:39malware.news
Patch these security flaws if the software is still running on your systems, the US cybersecurity authority has warned.
Article Link: CISA adds 75 actively exploited bugs to its must-patch list in just a week | ZDNet
1 post - 1 participant
Read full topic
美国网络安全当局警告说,如果你的系统上的软件仍然在运行,就修补这些安全漏洞。
文章链接: 中国钢铁工业协会在短短一周内就在其必须补丁列表中添加了75个主动开发的 bug
1名1岁以后的参与者
阅读完整主题
2022年5月28日 05:39malware.news
When changing operand representation, you may need to check what are the operand types currently used by IDA for a specific instruction. In some cases it is obvious (e.g. for offset or character type), but the hex and default, for example, look exactly the same in most processors so it’s not easy to tell them apart just by look.
To check the current flags of an instruction (or any other address) in the database,  use View > Print internal flags (hotkey F) .
Wen you invoke it, IDA prints flags for the current address to the Output window. It only prints info about non-default operand types — the default ones are omitted (except for suspicious operands which are printed as void).
code and flow are generic instruction flags: they mean that the current item is marked as code (instruction) and the execution reaches it from the previous address (this is the case for most instructions in the program).
Whenever IDA prints information about the second operand (number 1 since they  are counted from 0), the operands 2,3
2022年5月28日 05:39malware.news
Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks. The vulnerabilities, which affected apps with millions of downloads, have been fixed by all involved parties. Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could have been attack vectors for attackers to access system configuration and sensitive information.
As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device. We worked with mce Systems, the developer of the framework, and the affected mobile service providers to solve these issues. We commend the quick and professional resolution from the mce Systems engineering teams, as well as the relevant p
2022年5月28日 05:39malware.news
Russian cybercrime forums are teeming with the network credentials and virtual private network accesses of employees from U.S. colleges and universities, according to a new alert from the FBI.
This week, the FBI said U.S. college and university credentials are being advertised widely across cybercrime forums. In May 2021, the FBI says it found more than 36,000 email and password combinations for email accounts ending in .edu publicly available on instant messaging platforms frequented by cybercriminals.
According to the FBI, most of the credentials stem from spear-phishing, ransomware or other cyberattacks on U.S. colleges and universities that have become more prevalent over the years.
When contacted about cyberattacks and ransomware incidents, U.S. colleges and universities often claim that there is no evidence of data theft or sale. But Emsisoft threat analyst Brett Callow, a ransomware expert tracking attacks on universities and K-12 schools, said 10 of the 13 attacks on colleges this year involved data e
2022年5月28日 05:39malware.news
Synopsis
The Exfiltration Phase of The Kill Chain of a Cryptocurrency-Based Attack Provides the Greatest Opportunity to Identify Cybercriminals
Cryptocurrency gained through illicit means is less useable than other assets due to the way cryptocurrency systems currently do not fully protect owner identity and allow for only limited liquidity. This incentivizes threat actors to transfer assets out of DeFi platforms and into traditional markets after successfully stealing cryptocurrency. Centralized markets contain strong controls including Know Your Customer (KYC), Anti Money Laundering (AML), and other standards specifically designed to strip away anonymity and additional information to identify asset owners. A focus on identification and tracing of illicit assets leaving DeFi systems provides key cryptocurrency threat intelligence to analysts trying to determine attribution and deter threat actors. This report looks at some different paths available to threat actors for obfuscating cryptocurrency assets.
Back
2022年5月28日 05:39malware.news
The leak of a Supreme Court opinion draft overturning Roe v. Wade earlier this month and a wave of state-level laws in the U.S. radically limiting abortion are forcing many Americans to re-examine the relationship between their digital privacy and the ability to make their own health decisions.
But marginalized groups have already been navigating those challenges and learning hard fought lessons about cybersecurity — including sex workers whose labor is often criminalized; queer people also targeted by state-level laws pushed by conservative U.S. legislators; and reproductive rights activists overseas.
“The decisions around one’s body should always be private, but when the right to reproductive health is blocked by civil and state initiatives, when people can even get chased, privacy becomes key not only to reproductive rights but to the integrity of that person,” said Angela Alarcón, a campaigner at international digital rights nonprofit Access Now.
The right for people to control what happens to their own b
2022年5月28日 05:38malware.news
Agency officials identified a lack of guiding standards for determining and mitigating risk from certain implementations of the technology and advised agencies to proceed with caution, employing penetration tests accordingly.
Article Link: CISA, DOD Report Gaps for Agencies Assessing 5G Security Risks - Nextgov
1 post - 1 participant
Read full topic
原子能机构官员指出,缺乏确定和减轻某些技术实施风险的指导标准,并建议各机构谨慎行事,相应地进行渗透测试。
文章链接: CISA,国防部评估5g 安全风险机构报告差距 -Nextgov
1名1岁以后的参与者
阅读完整主题
2022年5月28日 05:38malware.news
A Brooklyn resident was sentenced to four years in federal prison this week after pleading guilty to being an integral member of the Infraud Organization, a cybercrime cartel that stole over four million credit and debit card numbers and cost victims more than $568 million dollars.
John Telusma – a 37-year-old who went by “Peterelliot” online – is the 14th member of the Infraud gang to be charged in connection to the group’s activities, which the Justice Department said involved the “mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, computer malware, and other contraband.”
Telusma joined Infraud in August 2011 and spent more than five years helping the group monetize their credit card theft. The group spent years marketing troves of stolen bank account information, PayPal accounts and more that gave members free rein to buy flights and concert tickets.
“Telusma was among the most prolific and active members of the Infraud Organization, pu
2022年5月28日 05:38malware.news
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 20 and May 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics,…



[[ This is only the beginning! Please visit the blog for the complete entry ]]
Article Link: Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Roundup for May 20 to May 27
1 post - 1 participant
Read full topic
今天,Talos 正在发表一篇文章,让我们一窥5月20日到5月27日期间我们所观察到的最普遍的威胁。和以前的综述一样,这篇文章并不是一个深入的分析。相反,这篇文章将通过突出关键行为特征来总结我们所观察到的威胁,..。



[这仅仅是个开始! 请访问我的博客查看完整的条目]
文章链接: 思科塔罗斯情报组-综合威胁情报: 5月20日至5月27日威胁综述
1名1岁以后的参与者
阅读完整主题
2022年5月28日 01:35Microsoft Security Blog
Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
The post Android apps with millions of downloads exposed to high-severity vulnerabilities appeared first on Microsoft Security Blog.
微软发现了多个大型移动服务提供商在预装的 Android 系统应用程序中使用的移动框架中存在高度严重的漏洞,这些漏洞可能使用户遭受远程或本地攻击。
后安卓应用程序的数百万下载暴露出高度严重的漏洞首次出现在微软安全博客。
2022年5月28日 01:34Hex Rays
When changing operand representation, you may need to check what are the operand types currently used by IDA for a specific instruction. In some cases it is obvious (e.g. for offset or character type), but the hex and default, for example, look exactly the same in most processors so it’s not easy to tell [...]
在更改操作数表示形式时,您可能需要检查特定指令的 IDA 当前使用的操作数类型。在某些情况下,这是显而易见的(例如,对于偏移量或字符类型) ,但是十六进制和默认值,例如,在大多数处理器中看起来完全相同,所以很难说[ ... ]
2022年5月28日 00:10Packet Storm
Ubuntu Security Notice 5448-1 - It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code.
Ubuntu 安全通知5448-1——当执行 fmt _ 条目函数时,发现 ncurses 没有正确检查数组边界,这可能导致超出边界的写入。攻击者可能会利用这个问题来执行任意代码。发现 ncurses 没有正确地检查用户输入,这可能导致它被当作格式参数处理。攻击者可能会利用这个问题公开敏感信息或执行任意代码。
2022年5月28日 00:10Packet Storm
Ubuntu Security Notice 5449-1 - It was discovered that libXv incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Ubuntu 安全通知5449-1-发现 libXv 错误地处理了某些输入。攻击者可能会利用这个问题引发分布式拒绝服务攻击,或者执行任意代码。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-4712-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.
Red Hat Security Advisory 2022-4712-01-ovirt-engine 包提供了 Red Hat 虚拟化管理器,这是一个中央管理平台,允许系统管理员查看和管理虚拟机。Manager 提供了一系列全面的特性,包括搜索功能、资源管理、实时迁移和虚拟基础设施供应。Ovirt-Ansible-Hosted-Engine-setup 包为部署 Red Hat 虚拟化 Hosted-Engine 提供了一个 Ansible 角色。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-2264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.58.
Red Hat Security Advisory 2022-2264-01-Red Hat OpenShift Container Platform 是 Red Hat 的云计算 Kubernetes 应用平台解决方案,专为内部或私有云部署而设计。本通知包含 Red Hat OpenShift Container Platform 4.6.58的容器图像。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.
红帽安全咨询2022-4711-01-ovirt 引擎包提供红帽虚拟化管理器,一个集中管理平台,允许系统管理员查看和管理虚拟机。Manager 提供了一系列全面的特性,包括搜索功能、资源管理、实时迁移和虚拟基础设施配置。处理的问题包括跨网站脚本和分布式拒绝服务攻击漏洞。
2022年5月28日 00:10Packet Storm
Ubuntu Security Notice 5450-1 - Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. Thomas Weißschuh discovered that subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact.
Ubuntu Security Notice 5450-1-Evgeny Kotkov 发现 subversion 服务器在某些情况下没有正确遵循基于路径的授权规则。攻击者可能会利用这个问题检索有关私有路径的信息。Thomas weiß schuh 发现 subversion 服务器在某些配置中没有正确处理内存。远程攻击者可能会利用这个问题导致分布式拒绝服务攻击攻击或其他未指明的影响。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-4764-01 - The ovirt-host package consolidates host package requirements into a single meta package. Issues addressed include a Bugzilla fix for vdsm where there was a disclosure of sensitive values in log files.
Red Hat Security Advisory 2022-4764-01-ovirt-host 包将主机包需求合并为一个元包。所解决的问题包括一个针对 vdsm 的 Bugzilla 修复程序,其中在日志文件中公开了敏感值。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-2265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58.
Red Hat Security Advisory 2022-2265-01-Red Hat OpenShift Container Platform 是 Red Hat 的云计算 Kubernetes 应用平台解决方案,专为内部或私有云部署而设计。本建议包含 RedHat OpenShift 容器平台4.6.58的 RPM 包。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-2263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-2263-01-Red Hat OpenShift Container Platform 是 Red Hat 的云计算 Kubernetes 应用平台解决方案,专为内部或私有云部署而设计。本建议包含 RedHat OpenShift 容器平台4.6.58的 RPM 包。解决的问题包括权限提升漏洞。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-4773-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.
红帽安全咨询2022-4773-01-Mozilla Thunderbird 是一个独立的邮件和新闻组客户端。此更新将雷鸟升级到91.9.1版。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-4774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.
红帽安全咨询2022-4774-01-Mozilla Thunderbird 是一个独立的邮件和新闻组客户端。此更新将雷鸟升级到91.9.1版本。
2022年5月28日 00:10Packet Storm
Red Hat Security Advisory 2022-4767-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.
Red Hat Security Advisory 2022-4767-01-Mozilla Firefox 是一款开源的 web 浏览器,专为标准遵循、性能和可移植性而设计。此更新将 Firefox 升级到91.9.1 ESR 版本。
2022年5月27日 23:40Packet Storm
2022年5月27日 23:40Packet Storm
2022年5月27日 23:40Packet Storm
2022年5月27日 23:40Packet Storm
2022年5月27日 23:32burp
Drupal rolls out update for issue that is contingent on cookie middleware being enabled
Drupal 根据启用 Cookie 中间件的情况推出更新
2022年5月27日 21:34Data Breach – Security Affairs
The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks […]
The post FBI: Compromised US academic credentials available on various cybercrime forums appeared first on Security Affairs.
美国联邦调查局警告高等教育部门的组织,在网络犯罪论坛上出售的证书可以让威胁者进入他们的网络。美国联邦调查局发布了一个警告,通知高等教育部门关于黑暗网络论坛上登录凭证的可用性,这些凭证可以被威胁者用来发动攻击[ ... ]
后联邦调查局: 在各种网络犯罪论坛上可以获得的被破坏的美国学术资格首先出现在安全事务上。
2022年5月27日 19:32burp
They claim that all data received was deleted
他们声称收到的所有数据都被删除了
2022年5月27日 17:39绿盟科技博客
一、漏洞概述 5月23日,绿盟科技CERT监测到Fastjson官方发布公告称在1.2.80及以下版本中存在新
Read More
2022年5月27日 17:39绿盟科技博客
RSAConference2022将于旧金山时间6月6日召开。大会的Innovation Sandbox(沙盒
Read More
2022年5月27日 17:36Stories by SAFARAS K A on Medi
Introduction
Continue reading on InfoSec Write-ups »
引言
继续阅读「资讯安全网专题报道」
2022年5月27日 17:31Noah Lab
English Version: http://noahblog.360.cn/a-new-exploit-method-for-cve-2021-3560-policykit-linux-privilege-escalation-en
0x01. The Vulnerability
PolicyKit CVE-2021-3560 是 PolicyKit 没有正确的处理错误,导致在发送 D-Bus 信息后立刻关闭程序后,PolicyKit 错误的认为信息的发送者为 root 用户,从而通过权限检查,实现提权而产生的漏洞。漏洞的利用方式如下:
dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply \ /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser \ string:boris string:"Boris Ivanovich Grishenko" int32:1
2022年5月27日 16:10burp
This release upgrades Burp's browser to Chromium 102.0.5005.61, which fixes a number of security issues.
这个版本将 Burp 的浏览器升级为 Chromium 102.0.5005.61,解决了一些安全问题。