前端、AI、后端免费学 | 青训营 X 豆包MarsCode 技术训练营报名启动
三个方向任你选!线上活动,全程免费!
Aggregator
Missing: Data Classification, Part 2 - Looking at System Classification
5 months ago
<p>Recap of Part 1This is the second of a two-part series on Data Classification. The first part spoke to the fact that most security programs grow organically and in the wake of the growth of the business. This…</p>
Rockie Brockway
Android 恶意软件“Necro”通过 Google Play 感染 1100 万台设备
5 months ago
在恶意 SDK 供应链攻击中,Android 版 Necro 恶意软件加载程序的新版本通过 Google Play 安装在 1100 万台设备上。
此新版本的 Necro 木马通过合法应用程序、Android 游戏模组和流行软件如 Spotify、WhatsApp 和 Minecraft 的修改版所使用的恶意广告软件开发工具包 (SDK) 安装。
Necro 会在受感染的设备上安装多个有效负载并激活各种恶意插件,包括:
·通过不可见的 WebView 窗口加载链接的广告软件(Island 插件、Cube SDK)
·下载并执行任意 JavaScript 和 DEX 文件的模块(Happy SDK、Jar SDK)
·专门用于促进订阅欺诈的工具(Web 插件、Happy SDK、Tap 插件)
·使用受感染设备作为代理来路由恶意流量的机制(NProxy 插件)
Google Play 上的 Necro Trojan
卡巴斯基在 Google Play 上的两款应用中发现了 Necro 加载程序,这两款应用都拥有大量用户群。
第一个是“Benqu”开发的 Wuta Camera,这是一款照片编辑和美化工具,在 Google Play 上的下载量超过 10,000,000 次。
Google Play 上的“无他相机”应用
威胁分析师报告称,Necro 病毒在 6.3.2.148 版本发布时出现在该应用程序中,并一直嵌入到 6.3.6.148 版本,也就是卡巴斯基通知谷歌的时候。
虽然该木马在 6.3.7.138 版本中被删除,但任何可能通过旧版本安装的有效载荷可能仍潜伏在 Android 设备上。
第二个携带 Necro 的合法应用程序是“WA message recovery-wamr”的 Max Browser,在卡巴斯基报告发布后被移除之前,它在 Google Play 上的下载量达到 100 万次。
卡巴斯基声称,Max Browser 的最新版本 1.2.0 仍然携带 Necro,因此没有可供升级到的干净版本,建议网络浏览器用户立即卸载它并切换到其他浏览器。
卡巴斯基表示,这两款应用程序都感染了名为“Coral SDK”的广告 SDK,该 SDK 采用混淆技术隐藏其恶意活动,并使用图像隐写术下载伪装成无害 PNG 图像的第二阶段有效负载 shellPlugin。
Necro 的感染图
谷歌表示,他们已经知道被举报的应用程序并且正在对其进行调查。
外部官方来源
在 Play Store 之外,Necro 木马主要通过非官方网站分发的流行应用程序的修改版本 (mod) 进行传播。
卡巴斯基发现的著名例子包括 WhatsApp mods“GBWhatsApp”和“FMWhatsApp”,它们承诺提供更好的隐私控制和扩展的文件共享限制。另一个是 Spotify mod“Spotify Plus”,它承诺免费访问无广告的高级服务。
传播恶意 Spotify mod 的网站
报告还提到了 Minecraft 模组以及其他热门游戏如 Stumble Guys、Car Parking Multiplayer 和 Melon Sandbox 的模组,这些模组都感染了 Necro 加载程序。
在所有情况下,恶意行为都是相同的——在后台显示广告为攻击者创造欺诈性收入、在未经用户同意的情况下安装应用和 APK,以及使用不可见的 WebView 与付费服务进行交互。
由于非官方 Android 软件网站不提供可靠的下载数量报告,因此此次最新的 Necro 木马病毒感染总数尚不清楚,但来自 Google Play 的感染数量至少为 1100 万。
胡金鱼
New variant of Necro Trojan infected more than 11 million devices
5 months ago
New variant of Necro Trojan infected more than 11 million devices Pierluigi Paganini September
Mozilla accused of tracking users in Firefox without consent
5 months ago
error code: 1106
数据泄露情报主动运营服务升级,支持线索动态实时查看和分类管理
5 months ago
DRRC「主动运营」服务支持跟进记录查看和线索分类管理,能够有效帮助客户关注和管理多条数据交易线索进展。
Rethinking privacy: A tech expert’s perspective
5 months ago
Data privacy has become one of the most pressing challenges of our time, but it didn’t happen overnight. The proliferation of data collection, coupled with the rise of advanced technologies like artificial intelligence and machine learning, has made it easier to piece together detailed profiles of individuals, often from what we consider public information. In this Help Net Security video, Dr. Micah Altman, lead co-author of the TechBrief on Data Privacy Protection and Research Scientist … More →
The post Rethinking privacy: A tech expert’s perspective appeared first on Help Net Security.
Help Net Security
Google sees 68% drop in Android memory safety flaws over 5 years
5 months ago
error code: 1106
Meta halts routing via Deutsche Telekom over €20M peering fee
5 months ago
error code: 1106
CVE-2024-6153 | Parallels Desktop up to 17.1.1 Updater protection mechanism
5 months ago
A vulnerability classified as critical was found in Parallels Desktop. This vulnerability affects unknown code of the component Updater. The manipulation leads to protection mechanism failure.
This vulnerability was named CVE-2024-6153. Attacking locally is a requirement. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-6154 | Parallels Desktop up to 17.1.1 Toolgate heap-based overflow
5 months ago
A vulnerability, which was classified as critical, has been found in Parallels Desktop. This issue affects some unknown processing of the component Toolgate. The manipulation leads to heap-based buffer overflow.
The identification of this vulnerability is CVE-2024-6154. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-42123 | Linux Kernel up to 6.9.8 AMD GPU err_addr double free (8e24beb3c2b0/506c245f3f1c)
5 months ago
A vulnerability classified as critical was found in Linux Kernel up to 6.9.8. This vulnerability affects the function err_addr of the component AMD GPU. The manipulation leads to double free.
This vulnerability was named CVE-2024-42123. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-7409 | QEMU NBD Server denial of service
5 months ago
A vulnerability, which was classified as problematic, has been found in QEMU. This issue affects some unknown processing of the component NBD Server. The manipulation leads to denial of service.
The identification of this vulnerability is CVE-2024-7409. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com
CVE-2024-7625 | HashiCorp Nomad/Nomad Enterprise up to 1.8.2/1.7.10/1.6.13 Archive Header external reference
5 months ago
A vulnerability was found in HashiCorp Nomad and Nomad Enterprise up to 1.8.2/1.7.10/1.6.13. It has been rated as problematic. This issue affects some unknown processing of the component Archive Header Handler. The manipulation leads to externally controlled reference.
The identification of this vulnerability is CVE-2024-7625. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8338 | HFO4 shudong-share 2.4.7 File Extension fileReceive.php file unrestricted upload
5 months ago
A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is known as CVE-2024-8338. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2016-5746 | libstorage/libstorage-ng/yast-storage pwdf Password cleartext storage in a file or on disk (Nessus ID 93712 / ID 169176)
5 months ago
A vulnerability was found in libstorage, libstorage-ng and yast-storage. It has been declared as problematic. This vulnerability affects unknown code of the file /tmp/libstorage-XXXXXX/pwdf. The manipulation leads to cleartext storage in a file or on disk (Password).
This vulnerability was named CVE-2016-5746. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2016-5759 | Directory Administrator Script /etc/hosts input validation (Nessus ID 94240 / ID 169290)
5 months ago
A vulnerability was found in Directory Administrator. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /etc/hosts of the component Script. The manipulation as part of Directory leads to improper input validation.
This vulnerability is known as CVE-2016-5759. Attacking locally is a requirement. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2016-5792 | Moxa SoftCMS up to 1.4 sql injection (ID 370240 / BID-92262)
5 months ago
A vulnerability classified as very critical was found in Moxa SoftCMS up to 1.4. This vulnerability affects unknown code. The manipulation leads to sql injection.
This vulnerability was named CVE-2016-5792. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
HP报告:已在野外发现生成式AI制作的恶意软件有效载荷
5 months ago
攻击者已利用先进的人工智能工具创建了更复杂、更具规避性的恶意软件。
国投智能入选首个AI安全产业图谱
5 months ago
9月12日,CSA大中华区在国家网络安全宣传周成都系列活动上正式发布《AI安全产业图谱(2024)》。国投智能凭借在AI技术研究和产品能力方面的优势,入选AI赋能安全-反欺诈风险控制、和AI安全研究-创新技术应用及成果转化领域。这是CSA大中华区首次对国内AI安全生态进行广泛深入的调研,图谱得到了超过100家单位的参与,为快速发展的AI行业提供了重要的安全指引。
本次《AI安全产业图谱(2024)》收录了来自AI与安全相关单位的产品、技术、解决方案或科研成果,共分为AI内生安全、AI赋能安全、AI安全服务、AI安全研究四个大类,18个小类,涵盖了AI技术原生的安全需求、AI技术对安全产业赋能的重要作用,以及AI在安全服务以及相关研究工作的市场空间及业务需求。旨在通过持续的介绍与推广,搭建起AI安全解决方案提供方与需求方之间的桥梁,帮助需求方快速找到符合自身需求的解决方案,同时也为提供方推广其成熟的技术与解决方案创造更多机会,为快速发展的AI行业提供重要的安全指引。作为国投集团参与国家数字经济安全稳定发展平台,国投智能积极落实国务院国资委提出的人工智能+战略,深化人工智能技术在全行业、全产品线中的应用,持续深耕人工智能领域,参与编制国内首个生成式人工智能标准体系,推出国内首个公共安全行业大模型——美亚“天擎”及其信创一体机,赋能反诈。同时,公司专注深度合成和生成式AI技术研究,打造视频图像检测鉴定的一体化智能装备——AI-3300慧眼视频图像鉴真工作站。
未来,公司将持续发力,不断打磨推出更为安全、可信、可靠的人工智能技术产品,迎接新挑战,为维护和保障人工智能的安全发展贡献力量!
企业资讯