Cybersecurity information flow

不定期收集,整理和编写常用优秀软件和服务的 Dockerfile 文件. https://docker.ioiox.com

🌿 基于springboot的快速学习示例,整合自己遇到的开源框架,如：rabbitmq(延迟队列)、Kafka、jpa、redies、oauth2、swagger、jsp、docker、k3s、k3d、k8s、mybatis加解密插件、异常处理、日志输出、多模块开发、多环境打包、缓存cach…

自动化爬取并自动测试所有swagger接口

GST Invoice Billing Inventory, a business accounting app for small and medium businesses with over 1M downloads has left a database open, exposing sensitive personal and corporate data up for grabs. The popular and reputable GST Invoice Billing Inventory (previously known as Book Keeper) app is one of the thousands of apps on the Google […]

Category: DDoS Attack Content: Proof of down time: https://check-host.net/check-report/13b67845k6fe Source: telegram Source Link: https://t.me/CyberArmyofRussia_Reborn/5856 Threat Actor: Russian Cyber Army Team Victimology Country : Ukraine Industry : Library Organization : scientific library of kharkiv national university of internal affairs

Category: Malware Content: Threat actor claims to sell malicious software for Windows with abilities like bypassing security, hiding files, and disabling protections. It claims to hide files and trick security systems in Windows computers. The seller says it can get past antivirus programs and security features, even on specific versions of Windows. Source: openweb Source […]

Category: Alert Content: Threat actor claims to have access to US company and selling it on a cybercrime forum. Source: openweb Source Link: https://forum.exploit.in/topic/234507/ Threat Actor: motoreat Victimology Country : USA Industry : undefined Organization : undefined

Category: DDoS Attack Content: Proof of down time: https://check-host.net/check-report/13b68f29k7f9 Source: telegram Source Link: https://t.me/noname05716eng/2608 Threat Actor: NoName057(16) Victimology Country : Finland Industry : Government Administration Organization : cyber security center

Category: DDoS Attack Content: Proof of down time: https://check-host.net/check-report/13b69470kdcf Source: telegram Source Link: https://t.me/noname05716eng/2608 Threat Actor: NoName057(16) Victimology Country : Finland Industry : Transportation & Logistics Organization : saimaa saaristo- ja veeilypalvelut oy

Category: DDoS Attack Content: Proof of down time: https://check-host.net/check-report/13b69890k3cf Proof of down time: https://check-host.net/check-report/13b699a6ke5a Source: telegram Source Link: https://t.me/noname05716eng/2608 Threat Actor: NoName057(16) Victimology Country : Finland Industry : Translation & Localization Organization : the finnish railways agency

Category: DDoS Attack Content: Proof of down time: https://check-host.net/check-report/13b69bb5kc58 Proof of down time: https://check-host.net/check-report/13b6a5c9k955 Source: telegram Source Link: https://t.me/noname05716eng/2608 Threat Actor: NoName057(16) Victimology Country : Finland Industry : Government Administration Organization : undefined

Category: Ransomware Content: Group claims to have targeted Syrtech Perforating and Roll Forming Co is North America’s leader for perforated and roll formed metal. Syrtech Perforating and Roll Forming Co specializes in stock and custom manufactured perforated metal coils, sheets as well as standardized and custom roll formed metal shapes. Source: tor Source Link: http://threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion/SYRTECH/index.html […]

Category: DDoS Attack Content: Proof of down time: https://check-host.cc/report?u=dac2508a-0111-4e46-a70f-833a4ee9af89 Source: telegram Source Link: https://t.me/TheReturnees710/286 Threat Actor: The Returnees Victimology Country : Israel Industry : Defense & Space Organization : imi systems ltd.

有新的漏洞组件被发现啦,组件ID:Ruijie
Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.

2023年12月06日，360CERT监测发现 `Apache` 发布了 `Ofbiz` 的风险通告，漏洞编号为 `CVE-2023-49070` ，漏洞等级： `严重` ，漏洞评分： `9.8` 。

有新的漏洞组件被发现啦,组件ID:Jira
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network.

2023年12月06日，360CERT监测发现 `Apache`   发布了 `Ofbiz`   的风险通告，漏洞编号为 `CVE-2023-49070`   ，漏洞等级： `严重`  ，漏洞评分： `9.8`  。

黑客案件破案数连续三年上涨，年均增幅达27.7%，黑客犯罪日益突出，目前具有五大趋势特点。

近日，北京有一家互联网公司的求职APP遭遇撞库攻击，其短信验证码接口遭受攻击达1300余万次，最终该黑客攻击成功匹配了30余万个注册账号。经过警方调查，一个集编写恶意程序、实施撞库攻击、泄露数据资料为一体的“撞库黑客”团伙浮出水面。该团伙共导致300余万条用户...

MLX: An array framework for Apple silicon

Ghidra Extension to integrate BinDiff for function matching

随着大语言模型（LLM）开始整合多模态功能，攻击者可能会在图像和音频中隐藏恶意指令，利用这些指令操纵AI聊天机器人（例如ChatGPT）背后的LLM对用户提示的响应。在2023年欧洲黑帽大会上表示，研究人员指出，这样的攻击方式将很快称为现实。 简单来说，攻击者可能会利用这些所谓的“间接提示注入”攻击，将用户重定向到恶意URL，从用户那里提取个人信息，传递有效载荷，以及采取其他恶意行动。随着LLM日益成为多模态或能够对结合文本、音频、图片乃至视频的上下文输入作出回应，此类攻击可能会成为一个重大问题。 隐藏在图像和音频中的恶意指令 在本周举办的2023年欧洲黑帽大会上，康奈尔大学的研究人员将展示他们开发的一种攻击，该攻击利用图像和声音向多模态LLM注入指令，导致模型输出攻击者指定的文本和指令。他们的概念验证攻击示例针对的是PandaGPT和LLaVa多模态LLM。 研究人员在一篇题为“滥用图像和声音进行多模态LLM中的间接指令注入”的论文中写道：“攻击者的目标是引导用户与多模态聊天机器人之间的对话。”为此，攻击者将提示融入图像或音频片段，并操纵用户询问聊天机器人有关它的问题。”研究人员计划展示一旦聊天机器人处理了输入，它将输出隐藏在音频或图像文件中的攻击者注入的提示，或者遵循攻击者可能在提示中包含的任何指令。 例如，研究人员将一条指令混合到在线可用的音频片段中，导致PandaGPT响应攻击者特定的字符串。如果用户将音频片段输入聊天机器人，并要求描述声音，模型的响应将指导用户访问一个恶意URL，表面上是为了了解更多关于制造声音的“非常罕见的鸟”。 在另一个示例中，研究人员将指令混合到一幢建筑物的图像中，如果用户将图像输入聊天机器人并询问有关它的问题，那么LLaVa将会像哈利·波特一样聊天。 康奈尔大学的研究员、报告的作者之一本·纳西（Ben Nassi）表示，他们研究的目标之一是找到一种方式，可以以用户无法察觉的方式间接地将提示注入到多模态聊天机器人中。另一个目标是确保他们能够“扰动”图像或音频，而不影响LLM正确回答有关输入的问题。 纳西将这项研究描述为建立在其他人的研究基础上，这些研究展示了LLM如何容易受到提示注入攻击的影响，其中敌手可能以这样的方式设计输入或提示，以故意影响模型的输出。一个最近的例子是谷歌DeepMind和六所大学的研究人员进行的一项研究，该研究表明，通过简单地引导ChatGPT重复某些单词，如

最近发现黑客找到了一种使用第三方键盘绕过 iPhone 安全性的方法。根据 Certo Software 的 Russell Kent-Payne 的一份报告，攻击者正在使用这些键盘记录私人消息、浏览器历史记录，甚至 iPhone 用户密码。 在许多有关网络跟踪的报道之后，开始对此威胁进行研究。在调查过程中，发现所有受影响的设备都安装了恶意键盘。 左侧为默认的 iOS 键盘，右侧为用作键盘记录器的自定义键盘 这种攻击的特殊之处在于，黑客不需要破解设备或获取 iCloud 的访问权限。相反，他们使用苹果的 TestFlight 平台来分发键盘，因为该平台上的应用程序不会像 App Store 上的应用程序那样经过严格的安全审查。 通过设备设置安装恶意键盘后，黑客将标准的iPhone键盘替换为自己的键盘，与原来的键盘没有区别。这样的键盘可以记录用户输入的所有内容并将数据发送到黑客的服务器。 如何检查和保护 要检查 iPhone 是否安装了恶意键盘，先打开“设置”，转到“键盘”，然后检查已安装键盘的列表。如果发现启用了完全控制权限的陌生键盘，建议删除可疑键盘。 还值得考虑使用 Mac 防病毒软件，它可以扫描的 iPhone 或 iPad 是否存在恶意软件，但需要通过 USB 连接到Mac。目前，苹果尚未对这种攻击方法发表评论。   转自安全客，原文链接：https://www.anquanke.com/post/id/291678 封面来源于网络，如有侵权请联系删除

Category: Ransomware Content: Group claim to publish the organizations data on 13.12.2023. Claimed data includes Invoice, Receipts, Accounting documents, Personal data, Certificates, Employment contracts, A huge amount of confidential information, Confidentiality agreements, Personal files etc. Source: tor Source Link: http://xb6q2aggycmlcrjtbjendcnnwpmmwbosqaugxsqb4nx6cmod3emy7sad.onion/company/7890318 Threat Actor: 8BASE Victimology Country : Canada Industry : Events Services Organization : calgary telus […]

Category: Ransomware Content: Group claim to publish the organizations data on 13.12.2023. Claimed data includes Invoice, Receipts, Accounting, documents, Personal data, Certificates Employment contracts, A huge amount of confidential information, Confidentiality agreements, Personal files etc. Source: tor Source Link: http://xb6q2aggycmlcrjtbjendcnnwpmmwbosqaugxsqb4nx6cmod3emy7sad.onion/company/7890317 Threat Actor: 8BASE Victimology Country : UK Industry : Marketing, Advertising & Sales Organization : […]

Category: Ransomware Content: Group claims to have publish the organizations data on 16 Dec, 2023. Sample screenshots are provided on their darkweb portal. Source: tor Source Link: http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion/post/lWGu87UWgI0woeSQ65701c989bbb5 Threat Actor: LOCKBIT 3.0 Victimology Country : Italy Industry : Manufacturing Organization : fpz

Category: Ransomware Content: Group claims to have publish the organizations data on 18 Dec, 2023. LABELIANS is a Wholesale company in medical analysis and research laboratories field in France. Source: tor Source Link: http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion/post/9q6znvsSaTsBEA8s65701d99f39fe Threat Actor: LOCKBIT 3.0 Victimology Country : France Industry : Wholesale Organization : labelians groupe

Category: Ransomware Content: Group claims to have publish the organizations data within 12-13 days. The Sample includes screenshots of documents. Source: tor Source Link: http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion/detail?id=df3d6cec917d017fdc6005a760473b28 Threat Actor: MEDUSA Victimology Country : USA Industry : Hospital & Health Care Organization : accu reference medical lab

Category: Ransomware Content: Group claims to have publish the organizations data within 11-12 days. Sagent is a IT Services and IT Consulting company in USA. Source: tor Source Link: http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion/detail?id=4957894f13f33532d8ce692c736b10c8 Threat Actor: MEDUSA Victimology Country : USA Industry : Information Technology (IT) Services Organization : sagent

Introduction Security information and event management (SIEM) tooling allows security teams to collect and analyse logs from a wide variety of sources. In turn this is used to detect and handle incidents. Evidently it is important to ensure that the log ingestion is complete and uninterrupted. Luckily SIEMs offer out-of-the-box solutions and/or capabilities to create … Continue reading Data Connector Health Monitoring on Microsoft Sentinel →