2024-04-13 安全日报

2024/04/13

• [webapps] GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
  https://www.exploit-db.com/exploits/51975
  

• [remote] MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
  https://www.exploit-db.com/exploits/51976
  

• [local] Terratec dmx_6fire USB - Unquoted Service Path
  https://www.exploit-db.com/exploits/51977
  

• [webapps] Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
  https://www.exploit-db.com/exploits/51978
  

• [webapps] HTMLy Version v2.9.6 - Stored XSS
  https://www.exploit-db.com/exploits/51979
  

• [webapps] Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)
  https://www.exploit-db.com/exploits/51981
  

• [webapps] PopojiCMS Version 2.0.1 - Remote Command Execution
  https://www.exploit-db.com/exploits/51982
  

• [local] PrusaSlicer 2.6.1 - Arbitrary code execution
  https://www.exploit-db.com/exploits/51983
  

• [webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter
  https://www.exploit-db.com/exploits/51984
  

• [webapps] WBCE 1.6.0 - Unauthenticated SQL injection
  https://www.exploit-db.com/exploits/51985
  

• [webapps] WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)
  https://www.exploit-db.com/exploits/51986
  

• [webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)
  https://www.exploit-db.com/exploits/51987
  

• 中国网络安全行业全景图（第十一版）发布
  https://www.aqniu.com/industry/103491.html
  

• 业内率先应用安全GPT大模型，深信服安全托管服务MSS守护升级！
  https://www.aqniu.com/vendor/103515.html
  

• 御安信息连续登榜《中国网络安全行业全景图》，入围四大安全领域
  https://www.aqniu.com/vendor/103526.html
  

• 锐意创新 | 国利网安斩获CAIAC 2024最具竞争力创新产品奖
  https://www.aqniu.com/vendor/103535.html
  

• 工信部：大力发展基于大模型的智能装备、软件等智能产品，加快培育面向工业领域的大模型
  https://www.anquanke.com/post/id/295533
  

• AT&T 数据泄露后果：最新数据显示超过 5100 万客户受到影响
  https://www.anquanke.com/post/id/295538
  

• 美国东中央大学遭受网络攻击，数据可能暴露
  https://www.anquanke.com/post/id/295541
  

• 法国五个城市遭受大规模网络攻击，影响可能持续数月
  https://www.anquanke.com/post/id/295534
  

• 美国富国银行确认数据泄露
  https://www.anquanke.com/post/id/295544
  

• CISA 发出警报：数据分析公司 Sisense 遭受攻击
  https://www.anquanke.com/post/id/295550
  

• 澳大利亚快递公司BHF被报 1920 万条数据记录泄露
  https://www.anquanke.com/post/id/295549
  

• 微软安全漏洞暴露了员工的敏感凭证和内部资源
  https://www.anquanke.com/post/id/295556
  

• CISA 公开其“恶意软件下一代”分析系统
  https://www.anquanke.com/post/id/295553
  

• Microsoft 2024 年星期二补丁更新修复了 147 个新漏洞
  https://www.anquanke.com/post/id/295559
  

• 乌克兰黑客禁用了莫斯科污水处理系统中的87,000 个传感器
  https://www.anquanke.com/post/id/295566
  

• 谷歌 DeepMind 训练出足球迷你机器人
  https://www.anquanke.com/post/id/295568
  

• Check Point：2024第一季度网络攻击数量跃升至新纪录
  https://www.anquanke.com/post/id/295571
  

• LockBit 山寨版 DarkVault 引发品牌重塑传闻
  https://www.anquanke.com/post/id/295573
  

• Qrator Labs：机器人攻击仍然是 2024 年的首要威胁
  https://www.anquanke.com/post/id/295575
  

• Apple向 150 个国家/地区的 iPhone 用户发出有关间谍软件感染的威胁警告
  https://www.anquanke.com/post/id/295577
  

• 英国及爱尔兰 30 万出租车乘客信息泄露
  https://www.anquanke.com/post/id/295581
  

• CISA ：恶意软件分析平台Malware Next-Gen全新升级
  https://www.freebuf.com/news/397708.html
  

• 树莓罗宾变异，现在可通过 Windows 脚本文件传播
  https://www.freebuf.com/news/397709.html
  

• 机器人攻击仍然是2024年的最大威胁
  https://www.freebuf.com/news/397714.html
  

• 又一间谍软件“盯上”了苹果公司，波及到 92 个国家的 iPhone 用户
  https://www.freebuf.com/news/397719.html
  

• 金融监管总局发布《反保险欺诈工作办法（征求意见稿）》
  https://www.freebuf.com/news/397772.html
  

• 真是炸裂！俄APT组织成功窃取美国政府通信数据和微软源代码
  https://www.freebuf.com/news/397778.html
  

• 浅谈数据安全治理和分级分类实施
  https://www.freebuf.com/articles/database/397780.html
  

• 浅谈网络代理 proxy
  https://xz.aliyun.com/t/14284