Aggregator

亚马逊会员日来临之际,钓鱼网站激增至 1230+

HackerNews
9 months 2 weeks ago
HackerNews 编译,转载请注明出处: 随着亚马逊Prime Day临近,各种优惠承诺令人期待,网络犯罪分子也如秃鹫般盘旋伺机而动。 今年的亚马逊Prime Day定于7月8日,当购物者们为折扣和优惠摩拳擦掌时,黑客们正忙于炮制虚假网站、钓鱼邮件和域名陷阱。大型购物节日往往潜藏着混乱的可能,而犯罪分子深知混乱有利可图。 仅在六月的头几周,Check Point的安全研究人员就发现了超过1,230个试图冒充亚马逊的新域名。其中约87%的域名充其量可疑,往坏了说则完全是恶意的。近1/81的这些域名包含了“Amazon Prime”字眼,旨在诱骗用户点击并泄露其登录凭证。 研究人员警告,骗子们正在发送看似亚马逊客服的钓鱼邮件,主题行涉及“退款错误”或“账户问题”。这些邮件经过精心设计,意在触发受害者的紧迫感。一旦点击链接,用户会被带到一个几可乱真的虚假亚马逊登录页面。结果不是更新了所需信息,而是将亚马逊凭证拱手送给了威胁行为者。 在此活动中观察到的一些欺诈网站示例: Amazon02atonline51[.]online amazon-2025[.]top 此类攻击一旦成功,可能导致未经授权的购物、身份盗用或礼品卡滥用。在黑色星期五、网络星期一或情人节前夕,也曾观察到类似的诈骗威胁激增,专家警告购物者需保持高度警惕。 如何在亚马逊Prime Day期间保证安全? 警惕可疑网址:如果你要点击一个以 .top 或 .online 结尾、或者带有连字符和额外数字的链接,请停手。计划好购物,直接访问亚马逊官网或应用。如果使用浏览器,务必手动输入 amazon.com。 避免点击邮件链接:如果收到关于账户问题的紧急邮件,请新开标签页手动访问亚马逊。不要跟随骗子设下的数字陷阱。 检查锁标,但仍需验证:HTTPS 和挂锁图标有帮助,但虚假网站也能伪造这些。真正的关键点在于域名本身。如果它看起来可疑,那很可能就是钓鱼。 启用双重认证并使用强密码:在亚马逊上设置双重认证。同时,使用密码管理器,因为重复使用密码会大大增加被入侵的风险。 紧急=诈骗套路:如果信息尖叫着要你立即行动,请先深呼吸。骗子总是利用紧迫感设局。如果是真的,十分钟后它依然还在。 难以置信的优惠?那很可能就是骗局:如果某款iPhone在一个非亚马逊的随机网站上打85折,那是个陷阱。你唯一可能拆箱的只有后悔。 使用安全支付方式:虚拟卡、支付应用等任何提供额外保护的方式,都是在线购物的好选择。避免电汇或直接银行转账。       消息来源: Cybernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

CVE-2023-0210 | Linux Kernel 5.15 ksmbd auth.c ksmbd_decode_ntlmssp_auth_blob nt_len memory corruption (EUVD-2023-12299 / Nessus ID 239841)

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in Linux Kernel 5.15. It has been declared as critical. This vulnerability affects the function ksmbd_decode_ntlmssp_auth_blob of the file auth.c of the component ksmbd. The manipulation of the argument nt_len leads to memory corruption. This vulnerability was named CVE-2023-0210. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2023-0223 | GitLab up to 15.7.7/15.8.3/15.9.1 API information disclosure (Issue 387870 / EUVD-2023-12309)

Vuldb Updates
9 months 2 weeks ago
A vulnerability classified as problematic has been found in GitLab up to 15.7.7/15.8.3/15.9.1. Affected is an unknown function of the component API. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-0223. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-0158 | NLnet Labs Krill up to 0.12.0 Web Server /rrdp uncaught exception (EUVD-2023-12248)

Vuldb Updates
9 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in NLnet Labs Krill up to 0.12.0. This issue affects some unknown processing of the file /rrdp of the component Web Server. The manipulation leads to uncaught exception. The identification of this vulnerability is CVE-2023-0158. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-0155 | GitLab Community Edition/Enterprise Edition up to 15.8.4/15.9.3/15.10.0 redirect (Issue 387638 / EUVD-2023-12245)

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 15.8.4/15.9.3/15.10.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. This vulnerability is handled as CVE-2023-0155. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-0141 | Google Chrome up to 108.0.5359.124 cross-domain policy (EUVD-2023-12231)

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2023-0141. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Aeza Group Latest BPH Service Provider Sanctioned by U.S. Treasury

Security Boulevard
9 months 2 weeks ago

Five months after sanction Zservers, the U.S. Treasury Department targeted Aeza Group, another Russia-based bulletproof hosting services provider for allowing threat actors to host ransomware and other campaigns on its infrastructure, which is resistant to law enforcement demands and investigations.

The post Aeza Group Latest BPH Service Provider Sanctioned by U.S. Treasury appeared first on Security Boulevard.

Jeffrey Burt

钓鱼组织伪造 PDF 设局,PayPal、DocuSign、微软遭仿冒

不安全
9 months 2 weeks ago
这篇文章介绍了HTTP错误代码521的情况,通常发生在使用Cloudflare服务时。该错误表示Cloudflare无法与源服务器建立连接,可能由于服务器配置问题或网络中断引起。解决方法包括检查源服务器状态、确认防火墙设置以及联系主机提供商排查问题。

钓鱼组织伪造 PDF 设局,PayPal、DocuSign、微软遭仿冒

HackerNews
9 months 2 weeks ago
HackerNews 编译,转载请注明出处: 人人都信任PDF——而这正是网络犯罪分子如此痴迷于它们的原因。 便携式文档格式(Portable Document Format),更常被称为PDF,每天被分发数百万次。从税务文件、简历到发票、数字手册或任何其他信息,都通过电子邮件以PDF附件的形式发送。 PDF简单、跨平台且普遍受信任。它们可以包含图像、可点击链接和看似官方的标识。这使它们成为攻击者想要混入其中的完美载体,也正是黑客们当前痴迷于它们的原因。 过去几个月,网络安全分析师观察到通过PDF文件发起的钓鱼攻击急剧增加。这些PDF被设计成模仿科技巨头和服务提供商的合法通信,以诱骗受害者泄露凭证或下载恶意软件。 根据思科Talos的洞察,在2025年5月5日至6月5日期间,使用PDF附件进行品牌冒充的行为激增。被冒充最多的品牌是微软(Microsoft)和DocuSign。而NortonLifeLock、PayPal和Geek Squad则属于包含PDF附件的电话导向攻击(TOAD)邮件中最常被冒充的品牌之列。 这些钓鱼活动是全球性的,许多源自美国和欧洲的IP地址。 攻击者如何利用PDF? 最近的一次攻击冒充了微软,使用了诸如“薪资调整”之类的诱饵主题行,时间点特意选在各组织可能发生晋升或绩效变动的时期。 该PDF看起来像一份标准的人力资源文件,足以让受害者相信并扫描其中的二维码,该二维码会将他们重定向到一个窃取凭证的网站。Dropbox也常被用作分发恶意PDF的平台。 然后是电话导向攻击(TOAD)。这些钓鱼PDF的目的不是让受害者简单地点击链接——而是通过电话对他们进行钓鱼。骗子通常会发送关于账单错误、可疑活动或订阅续费的信息,并包含一个“客服”电话号码。 这些邮件诈骗中使用的大多数电话号码是网络电话(VoIP)号码,追踪到真实个人或物理位置的难度远高于普通固话。 骗子还滥用Adobe电子签名服务等合法平台。2025年4月至5月期间,Talos发现了通过Adobe系统发送的PDF,冒充PayPal等品牌。 PDF也是二维码钓鱼的绝佳载体,而二维码钓鱼当下正大行其道。这些二维码通常冒充微软或Adobe等公司。 此外,还有一种危险策略是滥用PDF文件中的注释功能。PDF可以在评论、便签或表单域等地方隐藏链接。所有这些区域都会被许多扫描器忽略。 攻击者还会在文件中填充无关文本来混淆检测引擎。在某些情况下,他们会嵌入两个URL:一个看起来是干净的(用于建立信任),另一个隐藏的URL则会将你带到真正的钓鱼页面。       消息来源: Cybernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

CVE-2025-7101 | BoyunCMS up to 1.4.20 Configuration File /install/install_ok.php db_pass code injection (EUVD-2025-20160)

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code injection. This vulnerability is uniquely identified as CVE-2025-7101. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7102 | BoyunCMS up to 1.4.20 Server.php phone sql injection (EUVD-2025-20159)

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. This vulnerability was named CVE-2025-7102. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Lynx

Dark Feed IO
9 months 2 weeks ago

You must login to view this content

cohenido

黑客借服务商入侵宝马金融,1950 名用户信息遭窃

不安全
9 months 2 weeks ago
文章解释了HTTP错误代码521的含义及其常见原因。该错误通常发生在CDN服务提供商与原始Web服务器之间的通信出现问题时。常见原因包括服务器配置错误、网络连接问题或服务器负载过高。解决方法包括检查服务器配置、联系CDN提供商或优化网站资源以减少负载压力。

黑客借服务商入侵宝马金融,1950 名用户信息遭窃

HackerNews
9 months 2 weeks ago
HackerNews 编译,转载请注明出处: BMW金融服务公司(BMW Financial Services)被卷入一起影响少量人群的第三方数据泄露事件,但具体细节仍不明确。 BMW金融服务公司因第三方公司AIS遭受入侵而间接受影响。总部位于得克萨斯州的金融科技公司AIS在事件发生时,正为BMW金融服务公司及其账户持有人提供监控处理服务及法律监控服务。 该第三方公司在其网络内发现可疑活动后,在取证专家的协助下启动了调查。调查显示,恶意行为者入侵了AIS的系统并窃取了少量数据。 从AIS(进而间接涉及BMW金融服务公司)窃取的数据内容尚不清晰,违规通知函中仅提及姓名这一数据要素,未提及其他信息。不过已知该事件影响人数有限,仅超过1,950人,其中仅有两名缅因州居民受影响。 黑客可能在AIS系统内潜伏了两天,因入侵发生于2025年2月16日,而发现时间为2月18日。该金融科技公司明确表示,此次泄露未波及BMW金融服务公司自身的系统和数据库。 AIS将为受影响个人提供为期12个月的Equifax信用监控及身份盗窃预防服务。       消息来源: Cybernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

CVE-2015-1727 | Microsoft Windows up to Vista Kernel Mode Driver memory corruption (MS15-061 / EDB-38268)

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in Microsoft Windows up to Vista. It has been classified as problematic. This affects an unknown part of the component Kernel Mode Driver. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2015-1727. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad