Aggregator

这篇文章解释了错误代码521的含义及其常见原因。该错误通常发生在使用Cloudflare服务的网站上，表示服务器无法处理请求或存在连接问题。文章还提供了可能的解决方案和故障排除建议。

HackerNews 编译，转载请注明出处： 一种名为“幽灵呼叫”（Ghost Calls）的新型攻击后命令与控制（C2）规避技术，通过滥用Zoom和Microsoft Teams等会议应用的TURN服务器，将流量隧道化传输至受信任的基础设施中。 幽灵呼叫技术利用合法凭证、WebRTC及定制工具，在不依赖漏洞利用的情况下，绕过了大多数现有防御和反滥用措施。 该新战术由Praetorian安全研究员Adam Crosser在BlackHat USA大会上公布，并强调红队（Red Teams）在执行渗透模拟演习时可使用该技术。 “我们利用专为实时、低延迟通信设计的网络会议协议，这些协议通过作为天然流量中继的全球分布式媒体服务器运行，”演示文稿摘要中写道。“这种方法使操作者能够将交互式C2会话融入正常的企业流量模式中，使其看起来就像临时加入了一个在线会议。” 幽灵呼叫如何运作 TURN（Traversal Using Relays around NAT）是一种网络协议，常见于视频通话、VoIP和WebRTC服务中。当设备位于NAT防火墙后无法直接连接时，它可帮助设备相互通信。 当Zoom或Teams客户端加入会议时，它会收到临时TURN凭证。幽灵呼叫技术可劫持这些凭证，在攻击者与受害者之间建立基于TURN的WebRTC隧道。该隧道可用于代理任意数据，或将C2流量伪装成通过Zoom或Teams使用的受信任基础设施传输的常规视频会议流量。 由于流量通过企业广泛使用的合法域名和IP地址路由，恶意流量可绕过防火墙、代理和TLS检测。此外，WebRTC流量是加密的，因此隐蔽性极佳。通过滥用这些工具，攻击者既能避免暴露自身域名和基础设施，又能享受高性能、可靠的连接，以及通过443端口同时使用UDP和TCP的适应性优势。相比之下，传统C2机制速度慢、特征明显，且通常缺乏支持VNC（虚拟网络计算）操作所需的实时交换能力。 TURNt工具 Crosser的研究最终开发出一款名为“TURNt”的自定义开源工具（可在GitHub获取），该工具可利用Zoom和Teams提供的WebRTC TURN服务器对C2流量进行隧道化传输。 TURNt包含两个组件：运行在攻击者端的控制器（Controller）和部署在已入侵主机上的中继器（Relay）。控制器运行一个SOCKS代理服务器，用于接收通过TURN隧道传输的连接。中继器使用TURN凭证回连控制器，并通过提供商的TURN服务器建立WebRTC数据通道。 TURNt可执行SOCKS代理、本地或远程端口转发、数据窃取，并支持隐蔽的VNC流量隧道传输。 尽管幽灵呼叫技术并未利用Zoom或Microsoft Teams的任何漏洞，BleepingComputer已联系两家供应商，询问其是否计划引入额外保障措施以降低该技术的可行性。将在收到任一方回复后更新本文。       消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

党的十八大以来，党中央把发展人工智能提升到战略高度。人工智能带来前所未有发展机遇，也带来前所未遇风险挑战。

A vulnerability was found in LiveHelperChat 4.60. It has been classified as problematic. Affected is an unknown function of the component Department Assignment Editing Module. The manipulation of the argument Alias Nick leads to cross site scripting. This vulnerability is traded as CVE-2025-51403. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in LiveHelperChat 4.60. This affects an unknown part of the component Facebook Registration Page. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-51398. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in OpenCart 4.1.0.4. Affected is an unknown function of the component Blog Editor. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-45892. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in OpenCart up to 4.1.0.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-45893. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. This issue affects some unknown processing of the file /change-password.php. The manipulation leads to session expiration. The identification of this vulnerability is CVE-2025-50484. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in ipTIME NAS 1.5.04. It has been rated as critical. This issue affects the function strcpy of the file upload.cgi. The manipulation of the argument Content-Type leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-50464. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera 1.00.02. This affects an unknown part of the component ONVIF Service. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-50777. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as problematic has been found in andisearch 0.5.249. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-51951. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in playground.electronhub.ai 1.1.9. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-51954. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in LiveHelperChat 4.60 and classified as problematic. This issue affects some unknown processing of the component Personal Canned Message Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-51400. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in LiveHelperChat 4.60. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2025-51401. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in GetProjectsIdea School Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file my_profile_update_form1.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-52187. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-8334. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-8336. The attack can be initiated remotely. Furthermore, there is an exploit available.

OpenAI和Anthropic以1美元/年的低价向美国联邦政府提供AI服务，吸引200万工作人员使用ChatGPT和Claude，并培养依赖性以期未来盈利。

文章介绍了错误代码521的原因、影响及解决方法。该错误通常由服务器配置问题导致，可能使网站无法正常加载。用户需检查服务器设置或联系主机提供商以解决问题。

HackerNews 编译，转载请注明出处： 研究人员发现，黑客一直在发送伪装成乌克兰法院传票的虚假邮件，以此针对乌克兰政府、军事及国防部门实施新的网络间谍活动。 乌克兰计算机应急响应小组（CERT-UA）追踪到此次攻击活动由黑客组织UAC-0099发起。乌克兰网络安全部门此前表示，该组织至少自2022年起就在该国活跃，并已非法远程入侵数十台本地计算机。 在最新行动中，黑客发送了伪装成法院传票的网络钓鱼邮件。这些邮件包含指向合法文件共享平台的链接，这些平台提供捆绑了恶意软件的压缩文件。 攻击中使用的主要恶意软件Matchboil能收集系统数据并部署其他恶意工具——包括允许远程命令执行的后门程序Matchwok，以及窃取浏览器密码、Cookies和桌面文件等数据的窃取程序Dragstare。 CERT-UA未透露受影响的系统数量及泄露的数据量。虽然该机构尚未将攻击归因于特定国家，但其战术和攻击模式与此前俄罗斯黑客的行动相似。 乌克兰网络安全机构此前曾将UAC-0099与2024年末的一系列攻击相关联，当时该组织针对林业部门、法医机构和工业设施发动攻击。当时该组织使用名为Lonepage的不同恶意软件，而在近期行动中似乎已替换为Matchboil。 “战术、技术和工具的转变表明这一网络威胁具有持续演变的特性。”研究人员指出。 在俄乌冲突背景下，CERT-UA的报告通常仅提供有限技术细节，但为持续的网络行动提供了罕见洞察。该机构早前曾警告，黑客通过冒充乌克兰无人机制造商和国家机构，在军事及政府系统中植入窃取数据的恶意软件。另一起在6月监测到的攻击活动则涉及通过加密通讯应用Signal分发与俄罗斯军事情报机构关联的恶意软件。       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文