Aggregator

A vulnerability classified as critical has been found in Oracle Communications Messaging Server 8.1.0.21.0. Affected is an unknown function of the component Security. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-3479. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Intel PROSet, Wireless WiFi and Killer WiFi. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2022-40964. Local access is required to approach this attack. There is no exploit available.

HackerNews 编译，转载请注明出处： 阿根廷情报部门近日披露一个涉嫌散布虚假信息的俄罗斯间谍网络，该组织被指控通过宣传活动服务莫斯科在拉美地区的地缘政治利益。据当地媒体援引国家情报秘书处（SIDE）消息，俄罗斯公民与阿根廷本地人员协作，通过宣传和虚假信息活动干预该国事务。 该组织名为“La Compañía”（公司），据信与克里姆林宫及“拉赫塔项目”存在关联。该项目是由已故俄罗斯寡头、瓦格纳集团首领叶夫根尼·普里戈津主导的国际干预计划，曾在美国、欧洲及乌克兰实施公民干预行动。其媒体帝国以运营散布虚假信息的“水军工厂”著称（包括干预2016年美国总统大选），后于2024年10月正式解散。 调查显示，俄籍夫妇列夫·康斯坦丁诺维奇·安德里阿什维利与伊琳娜·雅科文科是该间谍网核心人物。二人长期在阿根廷活动，负责接收莫斯科直接资金，并与当地亲俄组织建立联系。阿根廷总统发言人曼努埃尔·阿多尼指出，该组织旨在“组建效忠俄罗斯利益的团体”，具体实施手段包括： 操控社交媒体舆论导向 渗透影响非政府组织及民间团体 举办焦点座谈会收集公民政治立场 整理传递战略情报至俄方 阿多尼在援引法新社的声明中强调：“阿根廷不会屈从于任何国家的干预”。此次行动揭露了俄罗斯通过第三方代理人在拉美地区实施的新型渗透模式——不同于传统间谍活动，该组织以民间身份为掩护实施“润物细无声”的信息干预。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in w3m and classified as problematic. Affected by this issue is the function Strnew_size of the file w3m/Str.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2023-38252. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in w3m. It has been rated as problematic. This issue affects the function growbuf_to_Str of the file w3m/indep.c. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2023-38253. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Intel PROSet, Wireless WiFi and Killer WiFi. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2022-27635. Local access is required to approach this attack. There is no exploit available.

A vulnerability has been found in w3m and classified as critical. This vulnerability affects the function checkType of the file etc.c. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2023-4255. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in openCryptoki 1.5. Affected by this vulnerability is an unknown functionality of the component RSA PKCS#1 v1.5 Handler. The manipulation leads to observable timing discrepancy. This vulnerability is known as CVE-2024-0914. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in GnuTLS and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-28834. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Linux Kernel 6.0.8. It has been classified as problematic. This affects the function inode_cgwb_move_to_attached of the file fs/fs-writeback.c. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-26605. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel 6.0.8. It has been declared as problematic. This vulnerability affects the function ntfs_trim_fs of the file fs/ntfs3/bitmap.c. The manipulation leads to use after free. This vulnerability was named CVE-2023-26606. The attack needs to be done within the local network. Furthermore, there is an exploit available.

A vulnerability was found in cups-filters. It has been classified as critical. This affects an unknown part of the file beh.c of the component Backend Error Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2023-24805. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.121/5.10.39/5.12.6. This issue affects the function vmbus_establish_gpadl of the component uio_hv_generic. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2021-47071. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.10.36/5.10.37/5.11.20/5.12.3. Affected is an unknown function of the component iommu. The manipulation leads to permission issues. This vulnerability is traded as CVE-2021-47035. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.4.118/5.10.36/5.11.20/5.12.3. This vulnerability affects the function siw_alloc_mr of the component RDMA. The manipulation leads to use after free. This vulnerability was named CVE-2021-47012. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0-rc3. It has been declared as critical. This vulnerability affects the function nvmet_setup_auth of the component NVMe Handler. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2023-0122. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.36/5.11.20/5.12.3 and classified as problematic. Affected by this vulnerability is the function hdmi_14_process_transaction of the component DRM. The manipulation leads to off-by-one. This vulnerability is known as CVE-2021-47046. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 全球银行业巨头瑞银集团（UBS）因第三方供应商遭网络攻击而发生数据泄露。瑞银发言人在发送给Infosecurity的声明中确认事件发生，但强调“客户数据及业务运营未受影响”。声明指出：“外部供应商遭受的网络攻击导致瑞银及多家企业的信息被盗。事件发生后，瑞银立即采取迅速果断的行动，避免对业务运营造成任何影响。” 瑞士媒体《时代报》（Le Temps）报道称，勒索组织“世界泄露”（World Leaks，前身为“猎人国际”）在暗网公开了约13万名瑞银员工的详细信息。泄露数据包含员工电话号码、职位角色、办公地点及具体楼层信息，甚至涉及首席执行官塞尔吉奥·埃尔莫蒂（Sergio Ermotti）的直接电话号码。 瑞银向Infosecurity证实，涉事供应商为总部位于瑞士的采购服务商Chain IQ。另一家Chain IQ客户——瑞士私人银行百达（Pictet）也确认遭遇数据泄露，但声明被盗信息“仅涉及银行供应商的发票数据，不含任何客户资料”。 前所未有的全球性攻击 Chain IQ在6月19日的声明中表示，该公司与另外19家企业于6月12日遭受“全球范围内前所未见”的网络攻击。当日17:15（中欧时间），部分客户数据被发布至暗网。该公司称：“攻击导致精选客户员工的商务联系信息外泄，涵盖内部电话号码。”事发后Chain IQ立即通知了所有受影响客户及合作伙伴，并通报执法部门，同时采取强化系统安全的措施，但未说明攻击是否涉及勒索软件。 泄露事件的潜在连锁风险 网络安全专家针对事件影响提出多重警示： 风险潜伏性：ESET全球安全顾问杰克·摩尔（Jake Moore）指出，尽管当前未见客户数据泄露，“但历史经验表明，数据泄露的全部影响可能在数周后才会完全显现”； 声誉胁迫：OPSWAT国际业务高级副总裁詹姆斯·尼尔森（James Neilson）分析，公开员工信息是攻击者“通过公开羞辱施压企业支付赎金”的策略，此举可能严重损害银行声誉与客户信任； 衍生威胁：ImmuniWeb首席执行官伊利亚·科洛琴科（Ilia Kolochenko）警告，泄露数据可能被用于针对银行员工的社会工程攻击，结合深度伪造技术实施金融欺诈，甚至为洗钱活动提供便利。 第三方安全警钟再起 此次事件凸显供应链攻击对金融业的持续威胁。尼尔森强调：“金融系统的高度互联性使第三方供应商成为攻击大型银行的主要跳板。在银行业等强监管领域，整合第三方时必须设定最低安全运营标准，并实施审计与主动监控。”该观点呼应欧盟《数字运营弹性法案》（DORA）对金融机构第三方风险管理的要求。值得注意的是，近期英国零售商玛莎百货（M&S）等企业遭攻击的调查也显示，攻击者通过IT外包巨头塔塔咨询公司（TCS）的凭证入侵系统，而阿迪达斯5月同样因第三方漏洞导致客户数据泄露。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Kimsuky组织利用伪装成研究论文的钓鱼邮件传播恶意软件；XDSpy利用Windows LNK零日漏洞攻击目标；TaxOff组织攻击活动利用Chrome零日漏洞；Kimsuky（APT-Q-2）组织近期 Endoor 恶意软件分析

HackerNews 编译，转载请注明出处： 知名甜甜圈连锁品牌Krispy Kreme近日披露，2024年11月发生的数据安全事件导致超16万人敏感信息泄露。泄露数据包含高度敏感的财务信息，可能使受影响者面临欺诈风险，具体涉及： 财务账户信息 金融账户访问凭证 附带安全码的信用卡/借记卡信息 金融账户登录凭证 攻击者还窃取了多类个人数据，包括医疗健康信息、医保详情，以及姓名、社保号码、出生日期、驾照/州身份证号、护照号码、电子签名、账户密码、邮箱及密码、生物特征数据、美国移民登记号及军人证编号。具体泄露信息类型因个体而异。 该公司表示正通知受影响人员，并强调“绝大多数收到通知者为现雇员、前雇员及其家属”，目前尚未证实客户数据是否遭波及。受影响个体将获赠免费信用监控与身份保护服务，相关注册指南将随通知信函一并寄送。 Krispy Kreme声明，目前“无证据表明泄露信息遭滥用”，但仍呼吁所有接收通知者警惕身份盗用风险，建议定期核查财务账户流水、信用报告等异常活动迹象。公司承诺“事件发生后已采取适当措施加固系统，并将持续强化系统安全以保障数据隐私”。 根据6月16日提交至缅因州总检察长办公室的通报文件，事件共影响161,676人。此次泄露已造成显著经济损失——该公司2025年2月发布的年报显示，事件导致1100万美元营收损失。早在2024年12月首次披露事件时，Krispy Kreme便承认网络安全事件引发的数字销售损失、顾问费用及系统恢复成本“可能对公司财务状况产生实质性影响”，并预计2025财年将持续承担相关支出。 经调查确认，个人信息泄露事实于2025年5月22日最终核实。尽管Play勒索软件组织曾宣称对此次攻击负责，但Krispy Kreme未就事件是否涉及勒索软件作出表态。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文