Hacking8 安全信息流Hello Hacking8!
干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容
每日更新
| 时间 | 节点 | |
|---|---|---|
| 2021年10月26日 10:02 | Github关注 | |
| 2021年10月26日 10:02 | hackernews.cc | 安全专家发现 BlackMatter 勒索软件漏洞 已防止数千万美元的赎金支付 总部位于新西兰的网络安全公司 Emsisoft 一直在悄悄地帮助 BlackMatter 勒索软件的受害者恢复被加密的文件,防止了“数千万美元”的赎金支付,并可能标志着 BlackMatter 事件的永久结束。作为 DarkSide(用来攻击 Colonial Pipeline)勒索软件的升级,BlackMatter 于今年 7 月首次出现。 最近 CISA 专门针对该勒索软件发出警告,表示它针对被视为关键基础设施的组织进行了“多次”攻击,包括美国食品和农业部门的两次攻击。该勒索软件作为一种服务操作,也是最近对奥林巴斯的攻击的罪魁祸首,这迫使这家日本科技巨头关闭了其欧洲、中东和非洲地区的业务。 EMSIsoft 今年早些时候发现,与 DarkSide 一样,BlackMatter 的加密机制有一个漏洞,允许 Emsisoft解密文件,BlackMatter 的加密过程也有一个漏洞,允许它恢复加密的文件而不必支付赎金。Emsisoft 直到现在才透露这个漏洞的存在,因为它担心会让 BlackMatter 集团立即推出一个修复程序。 Emsisoft 首席技术官 Fabian Wosar 在一篇博客文章中说:“了解 DarkSide 过去的错误,当 BlackMatter 对他们的勒索软件有效载荷进行修改,使我们能够再次恢复受害者的数据而无需支付赎金时,我们感到很惊讶”。 在发现漏洞之后,Emsisoft 就向执法部门、勒索软件谈判公司、事件响应公司、国家计算机应急准备小组(CERT)和值得信赖的合作伙伴通报了其解密能力的信息。这使得这些受信任的各方能够将 BlackMatter 受害者推荐给 Emsisoft,以恢复其文件,而不是支付赎金。 Wosar 表示:“从那时起,我们一直在忙于帮助BlackMatter受害者恢复他们的数据。在多个国家的执法机构、CERT和私营部门合作伙伴的帮助下,我们能够接触到许多受害者,帮助他们避免了数千万美元的要求”。Emsisoft 还联系了通过 BlackMatter 样本和公开上传到各个网站的赎金笔记发现的受害者。   (消息及封面来源:cnBeta) |
| 2021年10月26日 10:02 | hackernews.cc | 纽约时报记者详述被飞马恶意软件攻击的经过 一名遭受飞马间谍软件黑客攻击的记者透露了他们成为黑客攻击目标的经历,包括可疑信息和 “零点击”漏洞如何导致记者的智能手机被非法访问。7月的一项调查强调了NSO集团Pegasus间谍软件如何被用来攻击记者和人权活动家。 NSO集团的间谍软件本来只用于犯罪预防和调查目的,但却被一些政府滥用,对可能成千上万的活动家和记者进行监视。在《纽约时报》的一篇报道中,中东记者本-哈伯德解释了他是如何成为目标的,虽然哈伯德由于面临监禁或死亡的风险而采取了保护消息来源的预防措施,但他仍然成为飞马黑客的受害者。 在与公民实验室合作的过程中,哈伯德发现,他在2018年收到一条可疑的短信,被认为是由沙特阿拉伯发送的。该出版物的技术安全团队发现了2018年的另一次黑客企图,通过WhatsApp发送的第二条信息,邀请该记者参加在华盛顿沙特大使馆前举行的抗议活动,并附有一个可疑的链接。公民实验室证实,这两次尝试都没有成功,因为哈伯德没有点击每条信息中的链接,不过这并不是骚扰行为的结束。 对哈伯德设备的进一步调查显示,在2020年和2021年有2次黑客攻击成功,使用的是零点击漏洞,不需要用户点击链接就能感染。调查似乎不太可能揭开黑客的身份,据发现,第二次黑客攻击是为了清除第一次黑客攻击留下的痕迹。NSO集团否认其产品被用于攻击,认为技术和合同原因和限制,意味着哈伯德不可能成为2020年和2021年事件的目标。 目前还不清楚哈伯德在整个期间使用的到底是什么智能手机,但飞马公司以攻击iPhone等设备而闻名,利用iOS中的各种漏洞来击败设备上的安全措施。9月,苹果发布了iOS 14.8和iOS 12.5.5的补丁,堵塞了PegASUS滥用的安全漏洞。 成功感染Pegasus后,攻击者几乎可以无限制地访问iPhone或其他设备,包括能够提取数据、阅读加密信息、启用摄像头和麦克风、记录电话,并实时跟踪设备的GPS坐标。被认为是NSO客户的政府包括阿塞拜疆、哈萨克斯坦、卢旺达和阿联酋,还包括9月披露的德国。   (消息及封面来源:cnBeta) |
| 2021年10月26日 10:02 | hackernews.cc | 微软称俄罗斯黑客自 5 月以来至少入侵了 14 家 IT 供应链公司 微软表示,去年SolarWinds黑客事件背后由俄罗斯支持的Nobelium威胁集团仍在瞄准全球IT供应链,自2021年5月以来,有140家管理服务提供商(MSP)和云服务提供商受到攻击,至少有14家被攻破。 这次活动与Nobelium的传统做法相同,即通过攻破服务提供商来破坏一个重要的目标名单。就像以前的攻击一样,俄罗斯国家黑客使用了一个多样化和不断变化的工具包,包括一长串工具和战术,从恶意软件、密码喷剂、令牌盗窃到API滥用和鱼叉式网络钓鱼。这些新攻击的主要目标是为其客户部署和管理云服务和类似技术的经销商和技术服务提供商。 微软在发现这些攻击后通知了受影响的目标,还在威胁保护产品中增加了检测功能,使这些目标在未来能够发现入侵企图。自7月以来,超过600名微软客户成为目标。微软表示,自5月以来,它已经通知了140多个被Nobelium攻击的经销商和技术服务提供商。 微软将继续调查,但到目前为止,微软认为这些经销商和服务提供商中多达14家已经受到影响,但是总共有600多个微软客户被攻击了数千次,尽管在7月至10月期间攻击成功率很低。但是,这表明,Nobelium仍在试图发动类似于他们在攻破SolarWinds系统后发动的攻击,以获得对相关目标系统的长期访问,并建立间谍和渗透渠道。 Nobelium是俄罗斯对外情报局(SVR)的黑客部门,也被称为APT29、Cozy Bear和The Dukes。2021年4月,美国政府正式指责SVR部门协调了针对SolarWinds 广泛的网络间谍活动,导致多个美国政府机构被入侵。   (消息及封面来源:cnBeta) |
| 2021年10月26日 10:02 | freebuf | web安全101之反序列化 原创 序列化的核心思维旨在,将A变成B,最后再从B还原回A。 |
| 2021年10月26日 10:02 | 360安全客 | |
| 2021年10月26日 09:22 | T00ls论坛 | |
| 2021年10月26日 09:11 | 知识星球 | 代码审计小密圈 (F10wers) [师傅们强网拟态的一道题为什么传入的内容,既可以当做文件名,又] 师傅们强网拟态的一道题为什么传入的内容,既可以当做文件名,又可以当做过滤器,不太理解。 我在本地测试过了环境为php7.3.4 是成功的,详情见(p2) 我的思考如下: 一个完整的php://filter协议为 php://filter/read=con... |
| 2021年10月26日 09:03 | Security Boulevard | Webinar: Live Attack Simulation – Ransomware Threat Hunter Series Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. The post Webinar: Live Attack Simulation – Ransomware Threat Hunter Series appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 352’ via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic Permalink The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 352’ appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home. Related: T-Mobile breach reflects rising mobile device attacks For instance, if you’ve ever … (more…) The post GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | Popular npm Project Used by Millions Hijacked in Supply-Chain Attack Last week, Sonatype reported our discovery of three malicious npm cryptomining packages on npm: klow, klown, and okhsa. These packages, which infiltrated the npm registry between October 12th and 15th, installed Monero miners on Windows, macOS, and Linux machines. Interestingly, at least one of these packages was seen impersonating a popular, legitimate library called “ua-parser-js.” The post Popular npm Project Used by Millions Hijacked in Supply-Chain Attack appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | Cybersecurity First: Making Security a Priority Welcome to the final week of Cybersecurity Awareness Month. The theme this week is “Cybersecurity... The post Cybersecurity First: Making Security a Priority appeared first on Gurucul. The post Cybersecurity First: Making Security a Priority appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | Los consejos de Forrester para medir el valor entregado a los clientes Un reciente informe de Forrester presenta algunos consejos para identificar los propulsores de valor y definir indicadores para medir el rendimiento; todo enfocado en ofrecer la mejor experiencia para el cliente (CX). La sigla de CX (Customer Experiencie – … The post Los consejos de Forrester para medir el valor entregado a los clientes appeared first on ManageEngine Blog. The post Los consejos de Forrester para medir el valor entregado a los clientes appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | SecureLink’s New Chapter SecureLink.com looks a little different today. There are new phrases, the iconic blue and orange is a few shades darker, and our logo is more modern. That’s because today marks a new chapter in SecureLink’s continuous journey to offer industry-leading cybersecurity and privacy solutions. We’ve spent the past six months virtually brainstorming, physically drawing on […] The post SecureLink’s New Chapter appeared first on SecureLink. The post SecureLink’s New Chapter appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | DEF CON 29 Aerospace Village – Allan Tart’s ‘Holistic View Of A Flight With Crowd Sourced Data’ Our thanks to DEFCON for publishing their outstanding DEFCON 29 Aerospace Village videos on the organizations’ YouTube channel. Permalink The post DEF CON 29 Aerospace Village – Allan Tart’s ‘Holistic View Of A Flight With Crowd Sourced Data’ appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | 7 Scary Good Tips to Secure Your Website Nothing pairs quite as well as cybersecurity and Halloween. Prepare for more than trick-or-treaters this spooky season with these 5 wicked Website Security tips. 1 – Make a horcrux ( aka backup your data) – In Harry Potter, a horcrux lets wizards store a fragment of their soul in different objects as a safeguard against death. Similarly, a backup can restore your site to life after it’s compromised by a cyber attack. Attackers are always looking to exploit vulnerabilities. Continue reading 7 Scary Good Tips to Secure Your Website at Sucuri Blog. The post 7 Scary Good Tips to Secure Your Website appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Security Boulevard | SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM) As readers of the AppSec Observer blog are aware, application attacks have continued unabated throughout the massive economic and social changes of the past two years. Most readers are also aware that an increasing number of cyberattacks target the software supply chain. The devastating SolarWinds attack in 2020 was followed by the supply chain attack on Colonial Pipeline that disrupted fuel supplies in the eastern U.S., the attack on Kaseya that impacted hundreds of its customers’ customers, and many more. Frequent supply chain attacks have become something of a “new normal” for those of us whose everyday work involves protecting applications. The post SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM) appeared first on Security Boulevard. |
| 2021年10月26日 09:03 | Github关注 | |
| 2021年10月26日 09:03 | freebuf | FreeBuf早报 | 英国最大超市Tesco网站遭攻击;韩国运营商KT事故致全国断网40分钟 FIN7网络犯罪团伙创建空壳网安公司,招募渗透测试专家进行勒索攻击;纽约时报记者在报道沙特阿拉伯后多次被Pagesus间谍软件攻击。 |
| 2021年10月26日 08:22 | Github关注 | FunnyWolf starred Rices/Phishious An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers. |
| 2021年10月26日 08:02 | freebuf | Fastjson 1.2.24反序列化漏洞分析 Fastjson 是阿里巴巴开源的JSON解析库。可以将 Java 对象转换为 JSON 格式,当然也可以将 JSON 字符串转换为 Jav... |
| 2021年10月26日 08:00 | Sploitus Exploit | |
| 2021年10月26日 08:00 | Sploitus Exploit | |
| 2021年10月26日 07:04 | Trustwave Blog | Nobelium Targeting Resellers and Service Provers The Russia-based cyber gang Nobelium, which is believed to be responsible for the December 2020 SolarWinds attack, is on the move again, targeting resellers and IT service providers attempting to infiltrate their customer’s systems. |
| 2021年10月26日 07:00 | Sploitus Exploit | |
| 2021年10月26日 07:00 | Sploitus Exploit | |
| 2021年10月26日 07:00 | Sploitus Exploit | |
| 2021年10月26日 07:00 | Sploitus Exploit | |
| 2021年10月26日 05:05 | Stories by SAFARAS K A on Medi | Purple Team Operations [Part 1]: How To Assess Cyber Threats and Risk For Your Organization? Assessing the cyber security posture and cyber threat landscape of an organization is a primary task of any purple team and threat… Continue reading on InfoSec Write-ups » |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 05:00 | Sploitus Exploit | |
| 2021年10月26日 03:06 | Stories by SAFARAS K A on Medi | Zeno — THM Writeup (Abusing service file misconfigurations) Zeno — THM Writeup (Abusing service file misconfigurations) Hello all, today we be doing Zeno from TryHackMe. It is rated Medium and the description says “Do you have the same patience as the great stoic philosopher Zeno? Try it out!” Port scanning There was some problem with nmap and because of that it wasn’t able to show all the open ports. Rushi suggested to me that I use Rustscan. Thanks Rushi :D Found few more ports. So now I redid the nmap scan on these ports: We have a web server on port 12340. Let’s check that. The web server After some directory busting with different wordlists, I found these to be of interest: /index.html (Status: 200) /rms (Status: 301) /index.html does not return anything useful. /rms is Restaurant Management System. After exploring the website with burp proxy turned on in the background, I have found a few parameterized requests. We can do SQLi in the delete order query: http://10.10.200.163:12340/rms/delete-order.php?id=0' or 1-- - sqlmap We have time based SQLi. After some time |
| 2021年10月26日 03:06 | Stories by SAFARAS K A on Medi | A story of another awesome old school hacking that lead to a cool P1 bug or how Response 200 OK w/ size 0 doesn’t always mean 0 Continue reading on InfoSec Write-ups » |
| 2021年10月26日 03:06 | Stories by SAFARAS K A on Medi | CORS and Its Misconfigurations Before Understanding CORS, we need to know about SOP(Same Origin Policy). SOP is built as a security mechanism to safeguard web applications from requesting resources from another website. In a Simple way, your-website.com cannot access resources from another-website.com. So, to access resources, those 2 websites must have same protocol(HTTP/HTTPS), same domain name , same port number(80/443). Note:- Even a subdomain such as api.your-website.com do not have access to fetch domain from its root domain(your-webiste.com) because those 2 websites have different domain according to rules of SOP. If your website(your-website.com) needs access to api.your-website.com, then we need to enable/Configure CORS(Cross-Origin Resource Sharing) for that website to access a resource. To configure CORS, the website will set headers such as Access-Control-Allow-Origin and Access-Control-Allow-Credentials. Although there are more headers to configure cors, these are the widely used methods today. Access-Control-Allow-Origin:- Va |
| 2021年10月26日 03:05 | Stories by SAFARAS K A on Medi | A story of another awesome old school hacking that lead to a cool P1 bug or how Response 200 OK w/ size 0 doesn’t always mean 0 Continue reading on InfoSec Write-ups » |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Red Hat Security Advisory 2021-3960-01 Red Hat Security Advisory 2021-3960-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Red Hat Security Advisory 2021-3961-01 Red Hat Security Advisory 2021-3961-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Online Event Booking And Reservation System 1.0 Cross Site Scripting Online Event Booking and Reservation System version 1.0 suffers from a persistent cross site scripting vulnerability. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Ubuntu Security Notice USN-5122-1 Ubuntu Security Notice 5122-1 - It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Engineers Online Portal 1.0 Cross Site Scripting Engineers Online Portal version 1.0 suffers from a persistent cross site scripting vulnerability. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Engineers Online Portal 1.0 SQL Injection Engineers Online Portal version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to n11secur1ty in October of 2021. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Red Hat Security Advisory 2021-3968-01 Red Hat Security Advisory 2021-3968-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | Red Hat Security Advisory 2021-3967-01 Red Hat Security Advisory 2021-3967-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | FreeSWITCH 1.10.6 SIP Digest Leak FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. |
| 2021年10月26日 03:05 | Files ≈ Packet Storm | phpMyAdmin 4.8.1 Remote Code Execution phpMyAdmin version 4.8.1 remote code execution exploit. |
