Windows 静态恶意代码免杀与逃逸技术(一)
Windows 静态恶意代码免杀与逃逸技术
Aggregator
ERP-системы под прицелом государства: бизнесу грозит налог за верность SAP
6 months 1 week ago
Государство начинает считать ваши бизнес-процессы критическими.
Ghost in the Zip Reveals Expanding Ecosystem Behind PXA Stealer
6 months 1 week ago
Python-based PXA Stealer has stolen data from more than 4000 victims in over 62 countries, according to SentinalLabs
BSidesSF 2025: Something’s Phishy: See The Hook Before The Bait
6 months 1 week ago
Creator/Author/Presenter: Malachi Walker
Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.
Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!
The post BSidesSF 2025: Something’s Phishy: See The Hook Before The Bait appeared first on Security Boulevard.
Marc Handelman
CVE-2024-33625 | CyberPower PowerPanel up to 4.9.0 JWT Signing Key hard-coded password (icsa-24-123-01)
6 months 1 week ago
A vulnerability has been found in CyberPower PowerPanel up to 4.9.0 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component JWT Signing Key Handler. The manipulation leads to use of hard-coded password.
This vulnerability is known as CVE-2024-33625. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-34074 | Frappe up to 14.73.0/15.25.0 Login Page redirect
6 months 1 week ago
A vulnerability was found in Frappe up to 14.73.0/15.25.0. It has been rated as problematic. This issue affects some unknown processing of the component Login Page. The manipulation of the argument redirect leads to open redirect.
The identification of this vulnerability is CVE-2024-34074. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-1484 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web UI argument injection (cisco-sa-vman-cmdinj-nRHKgfHX)
6 months 1 week ago
A vulnerability was found in Cisco Catalyst SD-WAN Manager. It has been classified as critical. Affected is an unknown function of the component Web UI. The manipulation leads to argument injection.
This vulnerability is traded as CVE-2021-1484. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-1464 | Cisco Catalyst SD-WAN Manager up to 20.1.12 Requests improper authentication (cisco-sa-vman-authorization-b-GUEpSLK)
6 months 1 week ago
A vulnerability classified as critical was found in Cisco Catalyst SD-WAN Manager. This vulnerability affects unknown code of the component Requests Handler. The manipulation leads to improper authentication.
This vulnerability was named CVE-2021-1464. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-1481 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 HTTP data query logic injection (cisco-sa-vmanage-cql-inject-c7z9QqyB)
6 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Cisco Catalyst SD-WAN Manager. This issue affects some unknown processing of the component HTTP Handler. The manipulation leads to improper neutralization of special elements in data query logic.
The identification of this vulnerability is CVE-2021-1481. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-1482 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web-based Management Interface improper authorization (cisco-sa-vman-auth-bypass-Z3Zze5XC)
6 months 1 week ago
A vulnerability, which was classified as critical, was found in Cisco Catalyst SD-WAN Manager. Affected is an unknown function of the component Web-based Management Interface. The manipulation leads to improper authorization.
This vulnerability is traded as CVE-2021-1482. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-1483 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web UI xml external entity reference (cisco-sa-vman-xml-ext-entity-q6Z7uVUg)
6 months 1 week ago
A vulnerability was found in Cisco Catalyst SD-WAN Manager. It has been declared as problematic. This vulnerability affects unknown code of the component Web UI. The manipulation leads to xml external entity reference.
This vulnerability was named CVE-2021-1483. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-1466 | Cisco Catalyst SD-WAN Manager up to 20.1.1.1 vDaemon Service denial of service (cisco-sa-sdwan-vdaemon-bo-RuzzEA2)
6 months 1 week ago
A vulnerability classified as problematic was found in Cisco Catalyst SD-WAN Manager. Affected by this vulnerability is an unknown functionality of the component vDaemon Service. The manipulation leads to denial of service.
This vulnerability is known as CVE-2021-1466. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-28866 | GoCD up to 24.0.x redirect_to cross site scripting
6 months 1 week ago
A vulnerability, which was classified as problematic, was found in GoCD up to 24.0.x. Affected is an unknown function. The manipulation of the argument redirect_to leads to cross site scripting.
This vulnerability is traded as CVE-2024-28866. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20394 | Cisco AppDynamics Network Visibility Service denial of service (cisco-sa-appd-netvisdos-9zNbsJtK)
6 months 1 week ago
A vulnerability, which was classified as critical, has been found in Cisco AppDynamics. Affected by this issue is some unknown functionality of the component Network Visibility Service. The manipulation leads to denial of service.
This vulnerability is handled as CVE-2024-20394. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-4067 | micromatch up to 4.05 index.js micromatch.braces redos (ID 243 / Nessus ID 209968)
6 months 1 week ago
A vulnerability classified as critical was found in micromatch up to 4.05. Affected by this vulnerability is the function micromatch.braces of the file index.js. The manipulation leads to inefficient regular expression complexity.
This vulnerability is known as CVE-2024-4067. The attack can be launched remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-4068 | micromatch braces up to 3.0.2 lib/parse.js excessive platform resource consumption within a loop (Nessus ID 209012)
6 months 1 week ago
A vulnerability, which was classified as critical, has been found in micromatch braces up to 3.0.2. Affected by this issue is some unknown functionality in the library lib/parse.js. The manipulation leads to excessive platform resource consumption within a loop.
This vulnerability is handled as CVE-2024-4068. The attack may be launched remotely. There is no exploit available.
vuldb.com
孙宇晨搭乘 Blue Origin 飞船完成亚轨道飞行
6 months 1 week ago
加密货币波场(TRON)的创始人孙宇晨周日搭乘贝佐斯(Jeff Bezos)旗下太空公司 Blue Origin 的飞船完成了亚轨道太空飞行。这次任务是 Blue Origin 飞船 New Shepard 的第 34 次飞行,因此代号为 NS-34。孙宇晨于 2021 年以 2800 万美元拍下了 New Shepard 首次载人飞行的座位,但由于时间安排上的冲突,孙未能参与此次任务。参与 NS-34 任务的共有六人,除了最受瞩目的孙宇晨外,还有印度裔美国房地产投资人 Arvinder (Arvi) Singh Bahal,土耳其企业家 Gökhan Erdem、波多黎各气象学家兼记者 Deborah Martorell、在尼泊尔经营孤儿院三十年的英国人 Lionel Pitchford,以及美国企业家 James (J.D.) Russell。
苦中作乐,路在脚下
6 months 1 week ago
似是而非的年终总结
透明人
Cyera launches AI Guardian to secure all types of AI systems
6 months 1 week ago
Cyera launched AI Guardian, a solution built to secure any type of AI. It expands Cyera’s platform to meet the needs of enterprises adopting AI at scale, anchored by two core products: AI-SPM, providing inventory on all AI assets at a granular level, and AI Runtime Protection, monitoring and responding to AI data risks in real-time. The launch comes as enterprises scale AI initiatives while facing new security and operational risks. According to Forrester, enterprises … More →
The post Cyera launches AI Guardian to secure all types of AI systems appeared first on Help Net Security.
Industry News
New Plague Linux malware stealthily maintains SSH access
6 months 1 week ago
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. [...]
Sergiu Gatlan