Aggregator

HackerNews 编译，转载请注明出处： OpenAI与美国国防部签署价值2亿美元的合同，旨在提升其人工智能能力，包括强化网络防御。该公司本周宣布启动“OpenAI for Government”计划，通过AI解决方案增强美国政府工作人员的效能。 美国国防部（DoD）将成为该计划的首个受益方，通过其首席数字与人工智能办公室（CDAO）开展试点项目。OpenAI声明称：“这份上限2亿美元的合同将借助OpenAI行业领先的专业能力，帮助国防部探索前沿AI如何变革行政运营——从优化军人及家属的医疗保健服务，到精简项目与采购数据处理，再到支持主动网络防御。”该公司同时强调“所有应用场景必须符合OpenAI的使用政策和准则”。 国防部表示，这笔资金将用于开发“原型前沿AI能力，以应对作战领域和企业领域的关键国家安全挑战”。网络安全媒体SecurityWeek已联系OpenAI获取更多网络防御能力细节，若获回应将更新报道。 AI治理与应用安全公司PointGuard AI高级官员Willy Leichter通过邮件评论：“生成式AI必将在国防和行政运营中发挥关键作用。鉴于AI发展的迅猛势头，外包给行业领导者比政府完全自主开发更切实可行。以国防部的标准看，2亿美元投入或许不算庞大，但这份一年期合同让OpenAI获得了宝贵的机会来原型开发广泛用例。如同私营领域，许多AI实验可能不尽如人意，但另一些或带来突破性成果。关键在于快速推进，而本次计划已迈出坚实的第一步。”       消息来源： securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 新型安卓恶意软件“Godfather”通过虚拟环境窃取银行数据。该恶意软件利用嵌入虚拟化框架的APK文件，整合开源工具VirtualApp引擎和Xposed框架创建隔离环境。当用户设备安装目标银行应用时，恶意程序将其置入虚拟容器，通过“桩活动”(StubActivity)在宿主应用中启动。此举欺骗安卓系统使其误判为合法应用运行，实则拦截并操控所有操作。 核心欺骗技术 意图劫持：利用无障碍服务权限拦截银行应用启动指令，将其重定向至虚拟容器内的桩活动 视觉伪装：用户所见界面与真实银行应用完全一致，但所有交互数据（账号、密码、PIN码、触屏操作）均通过API钩子技术被窃取 场景欺骗：在关键操作节点弹出虚假锁屏界面诱骗输入密码，执行交易时显示伪装更新/黑屏界面掩盖后台操作 相比2022年Group-IB分析的版本（仅覆盖400个应用、16国），新版具备三大突破： 攻击范围：目标应用扩展至全球500余个银行/加密货币/电商平台 虚拟化深度：构建完整虚拟文件系统，伪造虚拟进程ID，实现更彻底的运行环境隔离 设备兼容：通过桩活动声明机制规避安卓系统对未注册活动的检测 威胁演变轨迹 2021年3月：由ThreatFabric首次发现，初代版本基于银行木马Anubis代码改造 2022年12月：进化至采用HTML覆盖攻击界面，移除GPS跟踪等冗余功能 2024年6月：Zimperium捕获最新变种，确认其具备虚拟环境操控能力，当前主要针对土耳其银行，但底层框架支持全球多区域攻击 防御建议 仅通过Google Play或可信渠道安装应用 启用Play Protect防护功能并定期更新系统 警惕应用索取的权限请求，特别是无障碍服务权限 该攻击模式与2023年末出现的FjordPhantom恶意软件类似，均通过虚拟化技术绕过检测。但Godfather的攻击广度与技术复杂度显著提升，标志着移动银行威胁进入新阶段。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Mozilla Thunderbird up to 102.8. It has been classified as problematic. Affected is an unknown function of the component JIT Code Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-25751. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 110. It has been classified as critical. This affects an unknown part of the component JIT Code Handler. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2023-25751. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 110. Affected by this issue is some unknown functionality of the component Throttled Stream Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2023-25752. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Thunderbird up to 102.8. This affects an unknown part of the component Throttled Stream Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2023-25752. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in libarchive up to 3.3.x. Affected by this issue is some unknown functionality of the file archive_read_support_format_rar.c. The manipulation leads to use after free. This vulnerability is handled as CVE-2019-18408. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in libarchive 3.4.0. This affects the function archive_wstring_append_from_mbs of the file archive_string.c. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2019-19221. An attack has to be approached locally. There is no exploit available.

A vulnerability, which was classified as critical, was found in libarchive. This affects an unknown part of the component Access Control List Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2021-23177. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in libarchive and classified as critical. This vulnerability affects unknown code of the component Access Control List Handler. The manipulation leads to link following. This vulnerability was named CVE-2021-31566. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was suspected in pymongo up to 4.6.2. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was found in Linux Kernel 6.2.16. It has been classified as problematic. Affected is the function ipv4_send_dest_unreach of the file net/ipv4/route.c of the component IPv4 Handler. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-42754. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Dovecot up to 2.2.36.3/2.3.7.1. It has been declared as critical. This vulnerability affects unknown code of the component Quoted String Handler. The manipulation with the input $software_input_value leads to out-of-bounds write. This vulnerability was named CVE-2019-11500. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle JD Edwards EnterpriseOne Tools. It has been classified as very critical. This affects an unknown part of the component E1 Dev Platform Tech - Cloud Manager. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2022-28738. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Ruby up to 3.0.3/3.1.1. This affects an unknown part of the component Regexp Compiler. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2022-28738. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in VideoLAN dav1d up to 1.3.x. Affected is an unknown function of the component AV1 Decoder. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2024-1580. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle JD Edwards EnterpriseOne Tools Prior to 9.2.8.0. Affected by this vulnerability is an unknown functionality of the component Enterprise Infrastructure SEC. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-3479. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in NSS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component tstclnt. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2022-3479. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Oracle Healthcare Translational Research 4.1.0/4.1.1. It has been classified as critical. Affected is an unknown function of the component DataStudio. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-3479. It is possible to launch the attack remotely. There is no exploit available.