当前节点:rss
时间节点
2022年6月26日 05:09malware.news
Warning: This scenario is not officially supported by Whonix. Depending on your threat model you might want to reconsider setting this up. If you are just trying to tunnel out malware traffic you should be OK. Be aware that I’m not a lawyer and you are doing everything at your own risk!
So, you are planning to tunnel the traffic of one of your VMWare based VMs through the Tor network? Then, I have good news for you! I’ll be your guide for today to set this up. Please be advised, that the limitations of Tor also apply to our planned setup.
What is Whonix?
According to Wikipedia, “Whonix is a Kicksecure–based security hardened Linux distribution. Its main goals are to provide strong privacy and anonymity on the Internet.
The operating system consists of two virtual machines, a “Workstation” and a Tor “Gateway”, running Debian GNU/Linux. All communications are forced through the Tor network.
Both Whonix and Kicksecure have comprehensive documentation which spans from basic operating system maintenance to more ad
2022年6月26日 05:09malware.news
Another day, another malicious script was found! Today, the script is a Windows bat file that executes malicious PowerShell code but the way it works is interesting. The script has a VT score of 16/54 ( )[1]. The script uses the Windows command-line tool “clip.exe” which is often unknown to people:
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
又一天,又一个恶意脚本被发现了!今天,这个脚本是一个 Windows bat 文件,它执行恶意的 PowerShell 代码,但是它的工作方式很有趣。该脚本的 VT 得分为16/54()[1]。该脚本使用 Windows 命令行工具“ clip.exe”,人们通常不知道这个工具:
文章链接: InfoSec 处理者日记博客-SANS 互联网风暴中心
1名1职参与者
阅读完整主题
2022年6月26日 05:09malware.news
Today, many Americans will head out to the water—not to swim, but to catch a catfish in time for National Catfish Day.
But when we talk about catfishing in cybersecurity, we mean something different. Here, catfishing refers to someone who assumes someone else’s identity online in order to harass, troll, or scam someone.
But there are ways to protect yourself:
1. Be suspicious
Catfishes and romance scammers prowl social media sites and dating apps.
Usually, scammers will message potential targets privately first, through DMs. And when the target bites, they immediately ask them to switch to a more private chat option, such as email or text.
If you suspect you are being catfished, ask them questions that only someone with their background would know. If they’re hesitant, slow to answer, or try to avoid your questions, then be wary.
2. Don’t fall too quickly for a pretty face
Scammers know that people are likely to respond positively if they’re using an image of someone who looks good. But you can use that prett
2022年6月25日 17:36Stories by SAFARAS K A on Medi
Meta from HackTheBox — Detailed Walkthrough
Showing you all the tools and techniques needed to complete the box.
Machine Information
Meta from HackTheBox
Meta is a medium machine on HackTheBox. An initial scan finds a simple website but that is a dead end. After some enumeration we have a subdomain, and from there we find a way to exploit a vulnerable version of exiftool. This leads to a reverse shell, where we find a vulnerable version of Mogrify that lets us exfiltrate a private ssh key. Logged in as a user, more enumeration finds neofetch which we force to use a config file under our control via a misconfigured environmental variable.
Skills required are basic web and OS enumeration. Skills learned are using public exploits, and leveraging them.
Hack The Box :: Penetration Testing Labs
Initial Recon
As always let’s start with Nmap:
Nmap scan of Meta
Let’s add the IP to our hosts file:
┌──(root💀kali)-[~/htb/meta]
└─# echo "10.10.11.140 artcorp.htb" > /etc/hosts
Now have a look at the website on port 80 to l
2022年6月25日 09:31Microsoft Security Response Ce
Hidden Talents: He was a competitive swimmer for many years. Instrument of Choice: His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life: The Office, World War Z, The Matrix, Breaking Bad, The Thick of It. Favorite non-profit: RSPCA How he …
A Man of Action: Meet Callum Carney Read More »
隐藏的天赋: 他多年来一直是一名游泳运动员。乐器的选择: 他的手指是为键盘而生的,但他过去常常吹小号。他的余生有5部娱乐作品: 《办公室》、《僵尸世界》、《黑客帝国》、《绝命毒师》、《幕后黑手》。最喜欢的非营利组织: 皇家防止虐待动物协会。
一个行动的人: 与卡勒姆 · 卡尼见面阅读更多”
2022年6月25日 07:35Black Hills Information Securi
ORIGINALLY AIRED ON JUNE 20, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-20 01:31 – Story # 1: Internal TikTok Meetings Shows That […]
The post Talkin’ About Infosec News – 6/20/2022 appeared first on Black Hills Information Security.
本期讨论文章: 00:00-BHIS-Talkin’Bout [ infosec ] News 2022-06-2001:31-Story # 1: Internal TikTok Meetings Shows That [ ... ]
2022年6月20日《关于信息安全新闻的讨论》一文最早出现在布莱克山信息安全网站上。
2022年6月25日 06:08malware.news
ORIGINALLY AIRED ON JUNE 20, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-20 01:31 – Story # 1: Internal TikTok Meetings Shows That […]
The post Talkin’ About Infosec News – 6/20/2022 appeared first on Black Hills Information Security.
Article Link: Talkin’ About Infosec News - 6/20/2022 - Black Hills Information Security
1 post - 1 participant
Read full topic
本期讨论文章: 00:00-BHIS-Talkin’Bout [ infosec ] News 2022-06-2001:31-Story # 1: Internal TikTok Meetings Shows That [ ... ]
2022年6月20日《关于信息安全新闻的讨论》一文最早出现在布莱克山信息安全网站上。
文章链接: 谈论信息安全新闻 -6/20/2022-Black Hills 信息安全
1名1职参与者
阅读全部主题
2022年6月25日 06:08malware.news
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 17 and June 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics,…



[[ This is only the beginning! Please visit the blog for the complete entry ]]
Article Link: Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Roundup for June 17 to June 24
1 post - 1 participant
Read full topic
今天,塔洛斯发表了一篇关于我们在6月17日到6月24日之间观察到的最普遍的威胁的文章。和以前的综述一样,这篇文章并不打算做深入的分析。相反,这篇文章将通过强调关键的行为特征来总结我们观察到的威胁。



[[这仅仅是开始! 请访问博客获得完整的条目]]
文章链接: 思科塔洛斯情报集团-综合威胁情报: 6月17日至6月24日的威胁综述
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
A joint operation by European law enforcement entities has dealt yet another major blow to organised crime groups involved in global glass eel trafficking. Operation Lake VI ran from November 2021 to June 2022, with Europol, EFCA, OLAF, and the EU Commission’s DG SANTE coordinating law enforcement authorities from 24 countries* across Europe and around the globe. In the operation’s…
Article Link: 49 individuals across Europe arrested in major blow to eels trafficking | Europol
1 post - 1 participant
Read full topic
欧洲执法机构的一项联合行动再次对参与全球玻璃鳗鱼贩运的有组织犯罪集团造成重大打击。第六湖行动从2021年11月开始,到2022年6月结束,欧洲刑警组织、欧洲基金会、欧洲反洗钱局以及欧盟委员会的总局 SANTE 协调欧洲和全球24个国家 * 的执法当局。在行动中..。
文章链接: 欧洲各地49人因走私鳗鱼被捕 | 欧洲刑警组织
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Google offers up better password management for Chrome on iOS to appeal to iPhone users who stick with Safari.
Article Link: iPhone users: Google Chrome browser on iOS is getting these five new features | ZDNet
1 post - 1 participant
Read full topic
谷歌在 iOS 上为 Chrome 提供了更好的密码管理,以吸引那些坚持使用 Safari 的 iPhone 用户。
文章链接: iPhone 用户: iOS 上的谷歌 Chrome 浏览器正在获得这五项新功能
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
The French Border Police (Police National/Police aux frontières), the Spanish National Police (Policía Nacional), the Portuguese Judicial Police (Polícia Judiciária) and the Brazilian Federal Police (Polícia Federal), supported by Europol and Eurojust, dismantled a criminal network involved in human trafficking for sexual exploitation. The investigation resulted in simultaneous law enforcement actions in France, Portugal and Spain. The actions of 20-23…
Article Link: 10 arrests for sexual exploitation in France, Spain and Portugal | Europol
1 post - 1 participant
Read full topic
在欧洲刑警组织和欧洲司法组织的支持下,法国边防警察(国家警察/边境警察)、西班牙国家警察(国家警察)、葡萄牙司法警察(司法警察)和巴西联邦警察(联邦警察)捣毁了一个涉及性剥削人口贩卖的犯罪网络。调查导致法国、葡萄牙和西班牙同时采取执法行动。20-23的行动..。
法国、西班牙和葡萄牙10人因性剥削被捕 | 欧洲刑警组织
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Got a tech question? Ed Bott and ZDNet’s squad of editors and experts probably have the answer.
Article Link: When I reset my Windows PC, I ended up with Home edition. How do I get my Pro upgrade back? [Ask ZDNet] | ZDNet
1 post - 1 participant
Read full topic
有什么技术问题吗? Ed Bott 和 ZDNet 的编辑和专家小组可能有答案。
文章链接: 当我重置我的 Windows 电脑,我结束了家庭版。我怎样才能拿回我的专业版升级?[问 ZDNet ] | ZDNet
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
The threat landscape is constantly shifting.
As attackers continue to hone their tools and exploit new vulnerabilities, our team works diligently to identify and analyze threats posed to webmasters.
So – what do you need to do to stay one step ahead of attackers? Join Sucuri researcher Ben Martin on July 6th in our latest webinar to uncover the latest insights into emerging and ongoing trends and threats in the website security landscape.
Continue reading 2021 Threat Report Webinar at Sucuri Blog.
The post 2021 Threat Report Webinar appeared first on Security Boulevard.
Article Link: 2021 Threat Report Webinar - Security Boulevard
1 post - 1 participant
Read full topic
威胁的格局在不断变化。
由于攻击者继续磨练他们的工具和利用新的漏洞,我们的团队勤奋地工作,以确定和分析威胁构成的网站管理员。
那么,你需要做些什么来保持领先于攻击者一步呢?7月6日,加入 Sucuri 研究员 Ben Martin 的行列,在我们最新的网络研讨会上揭示网站安全领域正在出现的和正在进行的趋势和威胁的最新见解。
继续阅读 Sucuri 博客上的2021年威胁报告网络研讨会。
2021年后的威胁报告网络研讨会首先出现在安全大道上。
文章链接: 2021威胁报告网络研讨会-安全大道
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Microsoft’s PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesn’t look out of place running on a company network.
In most places it isn’t practical to block PowerShell completely, which raises the question: How do you stop the bad stuff without disrupting the good stuff?
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell that attempts to answer that question.
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom National Cyber Security Centre (NCSC-UK) hope that “these recommendations will help defenders detect and prevent abuse by threat actors, while enabling legitimate use by administrators and defenders.”
PowerShell
Although it’s closely associat
2022年6月25日 05:39malware.news
This Week in Malware, highlights include malicious Python packages that not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint. Also stated below are some more dependency confusion packages caught by us.
Article Link: This Week in Malware—show me your secrets!
1 post - 1 participant
Read full topic
本周的恶意软件,重点包括恶意的 Python 软件包,它们不仅泄露了你的秘密ーー AWS 凭证和环境变量,而且还将它们上传到一个公开的端点。下面还说明了我们捕获的一些更多的依赖性混淆包。
文章链接: 本周的恶意软件-让我看看你的秘密!
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Scalpers are snapping up public service appointments and selling them on.
Article Link: Scalper bots are snapping up appointments for government services in Israel | ZDNet
1 post - 1 participant
Read full topic
黄牛党正在抢购公共服务职位,并将其出售。
黄牛党机器人抢购以色列政府服务的预约
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Patch your systems, says cybersecurity agency, because attackers are using these flaws.
Article Link: CISA: Hackers are still using Log4Shell to breach networks, so patch your systems | ZDNet
1 post - 1 participant
Read full topic
网络安全机构说,修补你的系统,因为攻击者正在使用这些漏洞。
文章链接: CISA: 黑客仍然在使用 Log4Shell 入侵网络,所以修补你的系统 | ZDNet
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
The Black Basta ransomware is a new strain of ransomware discovered in April of 2022. Although active for just two months, the group already rose to prominence claiming attribution of nearly 50 victims as of the publication of this report.
Article Link: Cybereason vs. Black Basta Ransomware
1 post - 1 participant
Read full topic
黑色巴斯塔勒索软件是2022年4月发现的一种新型勒索软件。该组织虽然只活动了两个月,但在本报告发表时已经声名鹊起,声称有近50名受害者。
文章链接: Cybereason vs Black Basta 勒索软件
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
The Senate on Thursday confirmed President Joe Biden’s pick to be the new head of the U.S. Air Force’s information warfare branch.
Air Force Maj. Gen. Kevin Kennedy, U.S. Cyber Command’s director of operations, was approved by voice vote to be the next chief of the 16th Air Force (Air Forces Cyber) and receive his third star.
He will be only the second officer to lead the organization since the service consolidated two numbered air forces into a single entity in 2019 that included cyber and electronic warfare operations, among various other missions.
Kennedy will replace Lt. Gen. Timothy Haugh, who lawmakers confirmed in May to be the new deputy chief at Cyber Command.
Kennedy’s confirmation occurred late Thursday night — less than a week after he was advanced by the Senate Armed Services Committee — as the chamber cleared some of its agenda before the two-week July 4 recess.
The approval is the latest in a chain of personnel moves among the military’s top cybersecurity leaders. Senators this year already app
2022年6月25日 05:39malware.news
Hermit highlights a wider issue concerning our privacy and freedom.
Article Link: Google details commercial spyware that targets both Android and iOS devices | ZDNet
1 post - 1 participant
Read full topic
隐士强调了一个更广泛的问题,关于我们的隐私和自由。
文章链接: 谷歌详细介绍了针对 Android 和 iOS 设备的商业间谍软件
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Learn about the unique implementations of API Hammering malware samples and how to mitigate them.
The post There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families appeared first on Unit 42.
Article Link: There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
1 post - 1 participant
Read full topic
了解 API 锤击恶意软件示例的独特实现以及如何减轻它们。
《睡眠不止一种方式: 深入研究各种恶意软件家族对 API 的攻击》这篇文章最早出现在42号单元。
文章链接: 不止一种睡眠方式: 深入研究各种恶意软件家族的 API 攻击实现
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Do you need a blockchain? And if so, what kind?
Trail of Bits has released an operational risk assessment report on blockchain technology. As more businesses consider the innovative advantages of blockchains and, more generally, distributed ledger technologies (DLT), executives must decide whether and how to adopt them. Organizations adopting these systems must understand and mitigate the risks associated with operating a blockchain service organization, managing wallets and encryption keys, relying on external providers of APIs, and many other related topics. This report is intended to provide decision-makers with the context necessary to assess these risks and plan to mitigate them.
In the report, we cover the current state, use cases, and deficiencies of blockchains. We survey the common pitfalls, failures, and vulnerabilities that we’ve observed as leaders in the field of blockchain assessment, security tooling, and formal verification.
Blockchains have significantly different constraints, security proper
2022年6月25日 05:39malware.news
DataBathing — A Framework for Transferring the Query to Spark Code
A mini-guide about Query-Config Driven Coding
Photo credit: Pixabay
Our team has successfully transformed from Hive SQL driven to code driven for data engineering. We are using Spark (Scala or Python) every day, and our calculation performance has increased significantly. (We have reduced our average running time by 10–80%.)
However, coding will take more time, and different developers will have different versions of the coding style, impacting the spark job performance.
Then how can we solve the above issues? Can we have some standardized ways to utilize SQL for a complex pipeline? — I will explain why we don’t want to use Spark SQL directly in the following blog.
Yes, this is why DataBathing is coming !!!
Agenda
DataBathing is coming
Spark Dataframe versus Spark SQL
HERO: mo_sql_parsing
Small demo
Currently supported features
Next roadmap
Contribution
Thanks
Summary
DataBathing is coming
DataBathing is a library that can transfer the SQL to 
2022年6月25日 05:39malware.news
This is the first post of “ZTNA Partners,” a series where we take a closer look at how our partnerships protect today's hybrid workforces and environments with ZTNA 2.0.
Up until 2020, digital transformation was among the long-term goals of many organizations. The global pandemic changed all that, compressing the timeframe for digital transformation from years to months, weeks or even days. Suddenly businesses had to support hybrid workforces, new distribution and sales channels, as well as soaring customer expectations.
As they worked to meet the new business demands of the past two years, organizations rapidly expanded their use of clouds by more than 25%, but struggled with comprehensive security, compliance and technical complexity. At the same time, the cyberthreat landscape has become increasingly menacing. It’s clear that organizations need a new approach to security to align with these trends and allow companies to reap the benefits of digital transformation while protecting data and operations from c
2022年6月25日 05:39malware.news
As we’ve mentioned before, the same numerical value can be used represented in different ways even if it’s the same bit pattern on the binary level. One of the representations used in IDA is offset.
Offsets
In IDA, an offset is a numerical value which is used as an address (either directly or as part of an expression) to refer to another location in the program.
The term comes from the keyword used in MASM (Microsoft Assembler) to distinguish an address expression from a variable.
For example:
mov eax, g_var1
Loads  the value from the  location g_var1 into register eax. In C, this would be equivalent to using the variable’s value.
While
mov eax, offset g_var1
Loads the address of the location g_var1 into eax. In C, this would be equivalent to taking the variable’s address.
On the binary level, the second instruction is equivalent to moving of a simple integer, e.g.:
mov eax, 0x40002000
However, during analysis the offset form is obviously preferred, both for readability and because it allows you to see cross-
2022年6月25日 05:39malware.news
The US government’s cyber insurance only covers certain events and maybe not ones that could destroy IT systems.
Article Link: US watchdog is worried cyber insurance won't cover 'catastrophic cyberattacks' | ZDNet
1 post - 1 participant
Read full topic
美国政府的网络保险只覆盖某些事件,也许不包括那些可能破坏 IT 系统的事件。
文章链接: 美国监管机构担心网络保险不会涵盖“灾难性网络攻击”
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
Blockchain company Harmony said $100 million in cryptocurrency was stolen from the platform on Thursday evening. The company said the FBI is now investigating the theft alongside several cybersecurity firms.
A cross-chain bridge – also known as a blockchain bridge – allows people to transfer tokens, assets, smart contract instructions and data between blockchains. They have become a ripe target for hackers in recent months and exploits in bridges have led to millions of dollars in losses.
Harmony – which helps people send cryptocurrency, stablecoins and NFTs between different blockchains like Ethereum and Binance Smart Chain – has notified other exchanges and stopped the Horizon bridge to prevent further transactions.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.

More
— Harmony (@harmonyprotocol) June 23, 2022
In
2022年6月25日 05:39malware.news
Japanese automotive hose giant Nichirin was forced to pause production this week after a US subsidiary was hit with ransomware.
In a statement, the company said it first discovered the ransomware attack on June 14. Servers at the US subsidiary – which is based in El Paso, Texas – were shut down in an effort to contain the attack.
Nichirin confirmed that none of their other subsidiaries were affected by the attack.
“We are proceeding with countermeasures and restoration for the blocked network. Currently, the [US subsidiary’s] production control system is also shut down, but we are manually producing and shipping,” the company explained.
“We are trying not to interfere with the deliveries. However, since the work for business recovery is being prioritized, it is expected that it will take some time to investigate the cause of unauthorized access, the influence of information leakage, etc.”
Nichirin was forced to temporarily shut down its website as it dealt with the attack but it is available in Japan.
They pl
2022年6月25日 05:39malware.news
A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”
The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.
Article Link: NSA Wants To Help you Lock Down MS Windows in PowerShell - Security Boulevard
1 post - 1 participant
Read full topic
来自四家信息安全机构的一份新备忘录告诉我们如何正确使用 PowerShell,而不是让代码滥用它来“依赖土地生存”
美国国家安全局希望帮助你在 PowerShell 中锁定微软视窗的帖子首先出现在安全大道上。
文章链接: 美国国家安全局希望帮助您锁定在 PowerShell-安全大道微软窗口
1名1职参与者
阅读全部主题
2022年6月25日 05:39malware.news
As Instagram tests a new age verification tool, what are some of the concerns when it comes to confirming someone's age on the internet?
The post Instagram’s new age verification tool – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Article Link: Instagram’s new age verification tool – Week in security with Tony Anscombe | WeLiveSecurity
1 post - 1 participant
Read full topic
随着 Instagram 测试一种新的年龄验证工具,在互联网上确认某人的年龄时,有哪些担忧?
Instagram 的新时代验证工具——与 Tony Anscombe 一起的安全周首先出现在 WeLiveSecurity 上
文章链接: Instagram 的新时代验证工具-与 Tony Anscombe 的安全周 | WeLiveSecurity
1名1职参与者
阅读全部主题
2022年6月25日 05:38malware.news
The Federal Trade Commission finalized settlement orders Friday that require online custom merchandise platform CafePress to beef up security and force the company’s former owner to pay half a million dollars to small business owners over allegations it left sensitive information vulnerable then tried to cover up a major breach.
The FTC announced an action in March against former CafePress owner Residual Pumpkin Entity LLC and PlanetArt LLC, which purchased the platform in 2020. In the agency’s complaint, it alleged the company had poor information security practices, including personal information including Social Security Numbers left in plaintext, and a series of cybersecurity incidents.
CafePress also tried to cover up a major data breach in 2019, the FTC alleged, failing to notify affected customers until a month after it was widely reported. The agency’s commissioner’s voted 5-0 to finalize the orders.
Representatives for Residual Pumpkin Entity and PlanetArt did not immediately respond to requests for 
2022年6月25日 05:38malware.news
The Microsoft program—PowerShell—has granted malicious actors in major hacks remote command and control ability over victims, but, by the same token, it can improve cybersecurity management across an enterprise.
Article Link: Allied Cybersecurity Agencies Advise Against Disabling Popular Tool for Cyberattackers - Nextgov
1 post - 1 participant
Read full topic
微软的 PowerShell 项目赋予恶意黑客对受害者进行远程指挥和控制的能力,但同样,它也可以改善整个企业的网络安全管理。
文章链接: 联盟网络安全机构建议禁用网络攻击者常用的工具-Nextgov
1名1职参与者
阅读全部主题
2022年6月25日 05:38malware.news
House appropriators on Friday voted in favor of a $2.9 billion budget for the Cybersecurity and Infrastructure Security Agency (CISA).
The House Appropriations Committee approved its homeland security funding bill, 32-25. The amount for CISA is $417 million more than the Biden administration requested for the DHS cyber wing and $334 million above its fiscal year 2022 allotment.
“As our economy and infrastructure continue to grow more reliant on the internet, cyberattacks and intrusions by foreign actors are of increasing concern,” Chair Rosa DeLauro (D-Conn.) said in her opening statement.
She noted the spending bill also included $12.8 million for the Homeland Security Investigations — the department’s investigative arm — to “combat cybercrime.”
Rep. Lucille Roybal-Allard (D-Calif.), who chairs the Appropriations Homeland Security subpanel and is not running for re-election, said the legislation makes “important investments in critical infrastructure cyber defense.”
The Democrat-controlled panel approved the
2022年6月25日 05:38malware.news
Ransomware groups are targeting a zero-day affecting a Linux-based Mitel VoIP appliance, according to researchers from CrowdStrike.
The zero-day – tagged as CVE-2022-29499 – was patched in April by Mitel after CrowdStrike researcher Patrick Bennett discovered the issue during a ransomware investigation.
In a blog post on Thursday, Bennett explained that after taking the Mitel VoIP appliance offline, he discovered a “novel remote code execution exploit used by the threat actor to gain initial access to the environment.”
“After tracing threat actor activity to an IP address assigned to the Mitel MiVoice Connect VoIP appliance, CrowdStrike received a disk image of the Linux system and began analysis. CrowdStrike’s analysis identified anti-forensic techniques that were performed by the threat actor on the Mitel appliance in an attempt to hide their activity,” Bennett said.
“Although the threat actor deleted all files from the VoIP device’s filesystem, CrowdStrike was able to recover forensic data from the device.
2022年6月25日 05:38malware.news
A hacker is selling access to 50 vulnerable networks on a cybercriminal forum after breaking into systems through the recently-discovered Atlassian Confluence zero-day.
The Rapid7 Threat Intelligence team told The Record that it found an access broker on the Russian-language forum XSS selling root access to 50 vulnerable networks – all allegedly within the United States.
Erick Galinkin, principal AI Researcher at Rapid7, said the access was gained through CVE-2022-26134, a widely-discussed unauthenticated remote code execution vulnerability. A patch for the bug was released earlier this month after the zero-day was discovered in May.
Galinkin explained that Rapid7 has seen an uptick in patching but noted that the sale underscores the critical need to patch and protect internet-facing servers specifically.
He shared a screenshot of the XSS post but censored the companies that are listed.
A screenshot of the XSS post. (Erick Galinkin/Rapid7)
The broker selling access to the 50 networks also claims to have a lis
2022年6月25日 05:38malware.news
The Federal Trade Commission should investigate Google and Apple’s role in the creation of an exploitable online advertising tracking ecosystem that will be leveraged against their users in a Post-Roe world, Democratic lawmakers wrote to the agency Friday — the same day that the Supreme Court overturned Roe v. Wade, ending constitutional protections for abortion access in the U.S.
The letter — sent by Senators Ron Wyden, Elizabeth Warren, Cory Booker, and Congresswoman Sara Jacobs — argues the companies are engaged in “unfair and deceptive practices by enabling the collection and sale of hundreds of millions of mobile phone users’ personal data.”

Both companies use unique tracking identifiers in their popular Android and iOS mobile operating systems for advertising purposes, which have effectively become a central piece of information used within the data broker market to link devices to vast amounts of data collected about users.
Until recently, this identifier was turned on by default in both operating sys
2022年6月25日 01:37text/plain
When you join a public WiFi network, sometimes you’ll notice that you have to accept “Terms of Use” or provide a password or payment to use the network. Your browser opens or navigates to a page that shows the network’s legal terms or web log on form, you fill it out, and you’re on yourContinue reading "Captive Portals"
当你加入一个公共 WiFi 网络,有时你会注意到,你必须接受“使用条款”或提供密码或支付使用该网络。您的浏览器打开或导航到一个显示网络的法律条款或网络登录表单的页面,您填写它,并在您的继续阅读“俘虏门户”
2022年6月24日 23:34Hex Rays
As we’ve mentioned before, the same numerical value can be used represented in different ways even if it’s the same bit pattern on the binary level. One of the representations used in IDA is offset. Offsets In IDA, an offset is a numerical value which is used as an address (either directly or as part of [...]
正如我们前面提到的,相同的数值可以用不同的方式来表示,即使它在二进制级别上是相同的位模式。IDA 中使用的表示之一是偏移量。在 IDA 中,偏移量是一个用作地址(直接或作为[ ... ]的一部分)的数值
2022年6月24日 23:10Packet Storm
Yashma Ransomware Builder version 1.2 malware suffers from an insecure permissions vulnerability.
Yashma Ransomware Builder 1.2版的恶意软件存在不安全的权限漏洞。
2022年6月24日 23:10Packet Storm
Backdoor.Win32.Shark.btu malware suffers from an insecure permissions vulnerability.
后门: Win32.Shark.btu 恶意软件存在不安全的权限漏洞。
2022年6月24日 23:10Packet Storm
Trojan-Mailfinder.Win32.VB.p malware suffers from an insecure permissions vulnerability.
特洛伊-Mailfinder. Win32.VB. p 恶意软件存在不安全的权限漏洞。
2022年6月24日 23:10Packet Storm
Backdoor.Win32.InfecDoor.17.c malware suffers from an insecure permissions vulnerability.
后门: Win32.InecDoor.17.c 恶意软件存在不安全的权限漏洞。
2022年6月24日 23:10Packet Storm
Ubuntu Security Notice 5487-3 - USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
Ubuntu 安全公告5487-3-USN-5487-1修复了 Apache HTTP Server 中的几个漏洞。不幸的是,它造成了倒退。USN-5487-2恢复了 Ubuntu 14.04 ESM 中导致退化的补丁,以便进一步研究。此次更新重新添加了 Ubuntu 14.04 ESM 的安全修复,并修复了两个不同的回归: 一个只影响 Ubuntu 14.04 ESM 中的 mod _ xy,另一个影响 Ubuntu 16.04 ESM 和 Ubuntu 18.04 LTS 中的 mod _ sed。
2022年6月24日 23:10Packet Storm
Ubuntu Security Notice 5492-1 - It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash.
Ubuntu 安全公告5492-1-发现 Vim 在打开和搜索某些文件的内容时错误地处理了内存。如果攻击者可以欺骗用户打开一个特制的文件,它可能会导致 Vim 崩溃。
2022年6月24日 23:10Packet Storm
2022年6月24日 23:10Packet Storm
2022年6月24日 23:10Packet Storm
2022年6月24日 23:10Packet Storm
2022年6月24日 21:37Trail of Bits Blog
Do you need a blockchain? And if so, what kind? Trail of Bits has released an operational risk assessment report on blockchain technology. As more businesses consider the innovative advantages of blockchains and, more generally, distributed ledger technologies (DLT), executives must decide whether and how to adopt them. Organizations adopting these systems must understand and […]
你需要区块链吗?如果是的话,是哪种呢?Trail of Bits 发布了一份区块链技术的作业风险评估报告。随着越来越多的企业考虑区块链的创新优势,以及更普遍的分布式分类账技术(DLT) ,高管们必须决定是否以及如何采用这些技术。采用这些系统的组织必须理解和[ ... ]
2022年6月24日 19:32burp
Fury among online community over decision to include presenter
网络社区对邀请演讲者的决定感到愤怒
2022年6月24日 17:32Blog on STAR Labs
For the past few weeks, I have been working on conducting N-day analysis and bug hunting in the io_uring subsystem of the Linux kernel with the guidance of my mentors, Billy and Ramdhan. In this article, I will briefly discuss the io_uring subsystem, as well as my approach to discovering and developing a new kernel exploit technique during my N-day analysis of CVE-2021-41073. I will also discuss two bugs I found while analyzing a new io_uring feature.
在过去的几个星期里,我一直在我的导师 Billy 和 Ramdhan 的指导下,在 Linux 内核的 io _ uring 子系统中进行 N 天分析和 bug 搜索。在本文中,我将简要讨论 io _ uring 子系统,以及我在对 CVE-2021-41073进行 N 天分析时发现和开发一种新的内核开发技术的方法。我还将讨论在分析一个新的 io _ uring 特性时发现的两个 bug。
2022年6月24日 17:31360漏洞预警
2022年06月24日,360CERT监测发现Oracle官方在4月补丁日中修复的 `Oracle JDeveloper ADF Faces 远程代码执行漏洞` 的技术细节公开,漏洞编号为 `CVE-2022-21445` ,漏洞等级: `严重` ,漏洞评分: `9.8` 。
2022年6月24日 17:31360漏洞预警
近期,360安全大脑监测到一个挖矿僵尸网络,并对其进行了持续跟踪。其bot模块为[GitHub开源的IRCBot](https://github.com/funtimes-ninja/malware/blob/master/069df22fbc0ed676432e9a35608bbc35c9f0bd747f54b9fef11f129706c8194a)(采用Perl语言编写),且病毒脚本中包含perlbot关键字,遂命名为 **PBot** 。该僵尸网络正利用 **Spring4Shell漏洞(CVE-2022-22965)、GitLab CE/EE RCE漏洞(CVE-2021-22205)** 等漏洞大肆攻击互联网中主机以植入恶意脚本构建僵尸网络、挖矿牟利。目前该病毒家族至少包含7个漏洞利用模块(详见附录1),并收集了上万个脆弱主机IP地址。
2022年6月24日 17:09绿盟科技博客
2022年度RSA Conference依旧将隐私保护作为重要议题讨论,议题内容从隐私合规转向隐私工程,本文章介绍了隐私工程的相关概念与实践思路,包括隐私工程生命周期、隐私工程基本元素、隐私威胁、隐私脆弱性、隐私风险等,分析了隐私风险评估的事实思路,并提供了适用于我国个人信息保护法的一种隐私影响评估方法。
2022年6月24日 14:09malware.news
The ASEC analysis team has once again discovered the distribution of LockBit ransomware using phishing e-mail, and disguising itself as copyright claims e-mail which was introduced in the previous blog. The filename of the attachment in e-mail had password included, which is similar to that of phishing e-mail distributed last February (see the link below).
LockBit Ransomware Being Distributed Using Resume and Copyright-related Emails
Figure 1. E-mail details
As shown in Figure 2, the phishing e-mail has a compressed file as an attachment that contains another compressed file inside.
Figure 2. Inside the compressed file
Upon decompressing the file in the compressed file, an executable disguised using a PDF file icon is found.
Figure 3. Executable disguised as a PDF file
As shown in Figure 4, this file is confirmed to be a NSIS File. Looking into the nsi script detail, it decodes the data file ‘162809383’ and performs malicious behaviors through recursions and injections.
Figure 4. Inside the NSIS file



Figur
2022年6月24日 13:39malware.news
A quick diary to wrap-up the week with a nice Python script that interacts with the victim. Most malicious scripts try to remain below the radar to perform their nasty tasks. I found a Python script that has some interesting features. The file has a VT score of 10/55 (SHA256:e21f6c09fb1658397d0996751f4c79114f50a0853668227c1c589fb716b31603)[1]. The core feature is this script is to implement a keylogger but it has interesting capabilities.
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
用一个与受害者交互的优秀 Python 脚本来结束一周的快速日记。大多数恶意脚本都试图保持低调以执行它们讨厌的任务。我发现了一个 Python 脚本,它有一些有趣的特性。该文件的 VT 评分为10/55(SHA256: e21f6c09fb1658397d096751f4c79114f50a0853668227c1c589fb716b31603)[1]。这个脚本的核心特性是实现一个键盘记录器,但是它有一些有趣的功能。
文章链接: InfoSec 处理者日记博客-SANS 互联网风暴中心
1名1职参与者
阅读全部主题
2022年6月24日 13:31360漏洞预警
360-CERT每日安全简报
2022年6月24日 10:09跳跳糖
这里的rwctf_station-escape的主要基于长亭师傅在知乎的文章进行,在此基础上进行了比较详细的exp分析和调试
2022年6月24日 09:37text/plain
Fiddler’s ImageView Inspector offers a lot of powerful functionality for inspecting images and discovering ways to shrink an image’s byte-weight without impacting its quality. Less well-known is the fact that the ImageView Inspector is very extensible, such that you can add new tools to it very simply. To do so, simply download any required executablesContinue reading "Extending Fiddler’s ImageView"
Fiddler 的 ImageView 检查器提供了很多强大的功能来检查图像,并发现在不影响图像质量的情况下缩小图像字节量的方法。不太为人所知的是 ImageView 检查器是可扩展的,因此您可以非常简单地向其添加新工具。要做到这一点,只需下载任何必需的可执行文件
2022年6月24日 06:09malware.news
Heard of the sandwich generation? Well, if you’ve got a tribe of kids and parents who are aging then you are a fully-fledged member! And as members of this special club, not only do we need to manage and keep our offspring in check, but we also have to reserve some energy to help our parents navigate life’s challenges which of course includes the online world.
In the broadest sense, the sandwich generation is the ‘caught in the middle’ generation who have living parents and children to care for. More often than not, it’s people like us, smack-bang in middle age, who support both their parents and children financially, physically, and/or emotionally. And with life expectancies looking rosier than ever and many of us choosing to have careers before we become parents, it’s inevitable that us middle-aged folks are feeling a little squeezed at both ends!
Digital Parenting Can Feel All Consuming
Getting our head around keeping our kids safe online can feel overwhelming for many of us. Keeping up with the latest app