Aggregator

A vulnerability classified as critical has been found in Novell iManager 1.5/2.0/2.0.2/2.5. Affected is an unknown function. The manipulation of the argument TREE leads to improper resource management. This vulnerability is traded as CVE-2006-4517. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Qbik WinGate 6.1.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2006-4518. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in libgsf 1.11.1/1.13.2/1.14/1.14.1. It has been rated as critical. This issue affects the function ole_init_info. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2006-4514. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 勒索软件团伙早已恶名昭著，但近日其行径再度突破底线——竟将魔爪伸向墓地。活跃度极高的勒索组织INC Ransom宣称成功入侵加拿大汉密尔顿教区天主教墓园，并将该机构列入其暗网受害者名单。 与常规勒索攻击手法一致，黑客公开了据称窃取的数据样本。网络安全研究团队谨慎核查后发现，泄露信息涵盖： 财务文件 墓地规划图 合同文书 客户及员工姓名 出生日期 员工薪资单 理论上，攻击者可利用这些敏感信息针对丧亲家属实施金融诈骗：冒充殡葬服务机构骗取个人敏感数据，或定向推送欺诈信息。当前INC Ransom已成为最猖獗的勒索组织之一。该团伙自2023年7月活跃至今，攻击版图持续扩张，受害者包括： 美国国防承包商Stark AeroSpace 旧金山芭蕾舞团 英国莱斯特市政府 苏格兰NHS邓弗里斯-加洛韦卫生委员会 施乐公司（曾遭数据窃取） 据监测工具显示，过去12个月该组织累计侵害至少163家机构。该团伙采用”加密+窃密”的双重勒索模式，随机攻击医疗、教育、政府等多领域目标。虽其成员背景不明，但多数受害者集中于西方国家，且遵循“不攻击独联体国家”的潜规则——这与俄罗斯黑客组织的行为特征高度吻合。 有研究指出，新兴勒索组织Lynx可能是INC Ransom的分支或重组产物。       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic was found in GNU Mailman 2.1.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2006-4624. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Alwil Software Avast! Antivirus up to 4.7.869 and classified as critical. Affected by this issue is some unknown functionality of the component LHA Archive Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2006-4626. The attack needs to be done within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zope. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2006-4684. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Microsoft Windows 2000/XP. Affected by this issue is some unknown functionality of the component Workstation Service. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2006-4691. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

移动端恶意软件感染呈现加速蔓延趋势

A vulnerability was found in Microsoft Windows Server 2003/XP. It has been classified as critical. Affected is an unknown function of the component Object Packager. The manipulation leads to code injection. This vulnerability is traded as CVE-2006-4692. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

HackerNews 编译，转载请注明出处： 邮轮旺季正式到来，不法分子正虎视眈眈地瞄准粗心游客展开诈骗。如果您计划今年或明年夏季乘坐邮轮，务必警惕诈骗者的新伎俩，避免假期被毁。 诈骗者近期频繁针对预订热门目的地（如美国、英国、巴哈马群岛）邮轮行程的游客。为此，三大邮轮巨头——嘉年华邮轮、皇家加勒比邮轮和挪威邮轮——联合发布旅行警报，提醒乘客防范欺诈陷阱。 骗子手段多样。例如，他们伪造看似正规的预订网站，以“难以置信的优惠”为饵，诱骗计划预订酒店、机票或邮轮的网民。此外，当旅客尝试联系邮轮公司、酒店或航司咨询已有预订时，诈骗者会通过谷歌搜索结果中的恶意广告（Malvertising）劫持通话。一旦受害者使用该渠道联系，电话将被转接至冒充邮轮公司客服的骗子，进而兜售听似诱人实则欺诈的“优惠方案”。 一位嘉年华邮轮乘客在Reddit分享亲身经历：她在处理常规登船问题时，通过谷歌搜索拨打了虚假客服电话。对方声称提供“限时促销”，要求她立即重新预订即可享受1000美元折扣。心生疑虑的她挂断电话后直接联系嘉年华官方，证实遭遇诈骗，邮轮公司随即冻结其账户防止资金损失。 皇家加勒比和挪威邮轮乘客也报告类似事件。诈骗者常伪装成邮轮公司代理，以“限时优惠”为由催促交易，或要求重新确认个人信息及支付凭证。 邮轮公司敦促旅客：通过官网核实联系方式，避免使用第三方渠道，全程保持警惕。谷歌信任与安全团队在夏季旅行预警中指出：“虚假旅游网站常以‘过于优惠’的价格、体验或折扣诱骗用户。这些欺诈网站通常模仿知名酒店或伪装成正规旅行社，在节假日等预订高峰期尤其活跃，并通过即时通讯软件或电话实施诈骗。”       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as critical was found in Huge-IT Image Gallery 1.0.1. This vulnerability affects the function editgallery. The manipulation of the argument removeslide leads to sql injection. This vulnerability was named CVE-2014-7153. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Jobs Factory 2.0.4 on Joomla. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument filter_letter as part of Parameter leads to sql injection. This vulnerability is known as CVE-2018-17382. The attack can be launched remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： 攻击者通过利用SimpleHelp远程监控与管理（RMM）工具中的漏洞，成功入侵了一家公用事业软件计费服务提供商的客户系统。网络安全和基础设施安全局（CISA）发布的新公告警告称，此事件反映出勒索组织自2025年1月以来针对未修复版本SimpleHelp RMM的广泛攻击模式。 SimpleHelp 5.5.7及更早版本存在多个漏洞，其中包括路径遍历漏洞CVE-2024-57727。CISA指出：“勒索组织很可能利用CVE-2024-57727漏洞访问下游客户未修复的SimpleHelp RMM工具，通过双重勒索手段破坏服务。” 所有软件供应商、下游客户及终端用户均被敦促立即核查是否因该漏洞遭受入侵，并采取缓解措施。 漏洞利用详情 路径遍历漏洞CVE-2024-57727于2025年1月公开，并于同年2月13日被列入CISA已知可利用漏洞（KEV）目录。该漏洞可使未经认证的远程攻击者通过构造特殊HTTP请求，从SimpleHelp主机下载任意文件（包括含有机密信息和哈希用户密码的服务器配置文件）。 2025年5月，Sophos研究人员观察到DragonForce勒索软件通过组合利用CVE-2024-57727及同期披露的另外两个漏洞（CVE-2024-57728：允许管理员用户通过上传特制压缩包在文件系统任意位置写入文件的高危漏洞；CVE-2024-57726：允许低权限技术人员创建越权API密钥的严重漏洞）入侵多个客户网络。加密数据后，攻击者采用双重勒索策略，在索要赎金的同时威胁泄露窃取数据。CISA未透露攻击公用事业软件提供商的勒索组织名称。 防护措施 CISA针对不同主体提出建议： 1.软件供应商 若供应商自有软件中嵌入了SimpleHelp，或第三方服务提供商在下游客户网络中部署了SimpleHelp，应核查服务器版本（位于配置文件顶部）。若发现自2025年1月以来使用过5.5.7或更早版本，需立即执行： 隔离SimpleHelp服务器实例与互联网连接或停止服务器进程 升级至最新版本修复漏洞 通知所有下游客户并指导其加固终端设备，同时在网络中开展威胁狩猎 2.下游客户与终端用户 下游客户需立即核查系统是否直接或通过第三方软件间接运行未修复的SimpleHelp RMM。 若发现存在SimpleHelp，可通过向服务器发起HTTP查询确认版本。若确认系统存在5.5.7或更早版本，组织应： 开展威胁狩猎行动寻找入侵证据 持续监控SimpleHelp服务器的异常进出流量 若未发现入侵痕迹，立即升级至最新版本；若无法立即修复则应用临时解决方案 补充说明 SimpleHelp Ltd公司已发布移动端远程支持工具，但该应用与此次漏洞无关。CISA强调，及时升级和主动监控是应对此类供应链攻击的关键防线。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

战神榜奖金池限时上线！不限权重等级，瓜分数千元现金！

A vulnerability was found in Microsoft Internet Explorer up to 5.01. It has been rated as critical. This issue affects some unknown processing of the component HTML Rendering. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2006-4687. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Microsoft Visual Studio .net 2005. Affected by this vulnerability is an unknown functionality in the library wmiscriptutils.dll of the component ActiveX Control. The manipulation leads to memory corruption. This vulnerability is known as CVE-2006-4704. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Internet Explorer. It has been declared as critical. This vulnerability affects the function spline of the file daxctle.ocx. The manipulation leads to memory corruption. This vulnerability was named CVE-2006-4446. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Microsoft Internet Explorer up to 6 and classified as critical. This vulnerability affects the function CPathCtl::KeyFrame of the file daxctle.ocx. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2006-4446. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component.