[威胁情报CTI]
继vxunderground邀请Lockbit用DDOS攻击自己的网站后,Anonymous Sudan也对其发起DDOS攻击。
据称iOS17已被越狱,但也有说假的"每次看到这张照片只更改iPhone的名称"。
Indian Cyber Force声称对孟加拉国多个网站发起DDOS攻击:
- Evercare Hospitals Bangladesh
- Bangladesh Specialized Hospital
- Criminal Investigation Department
- Bangladesh Election Commission
勒索软件组织Play新增6名新受害者。
[安全简报]
PacketStorm
Apache Airflow 1.10.10 Remote Code Execution
https://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html
Lexmark Device Embedded Web Server Remote Code Execution
https://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
https://packetstormsecurity.com/files/174761/WordPress-Essential-Blocks-4.2.0-Essential-Blocks-Pro-1.1.0-PHP-Object-Injection.html
Taskhub 2.8.7 SQL Injection
https://packetstormsecurity.com/files/174760/Taskhub-2.8.7-SQL-Injection.html
Packers And Movers Management System 1.0 SQL Injection
https://packetstormsecurity.com/files/174758/Packers-And-Movers-Management-System-1.0-SQL-Injection.html
Super Store Finder 3.7 Remote Command Execution
https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html
Lamano CMS 2.0 SQL Injection
https://packetstormsecurity.com/files/174707/Lamano-CMS-2.0-SQL-Injection.html
Lacabane 1.0 SQL Injection
https://packetstormsecurity.com/files/174706/Lacabane-1.0-SQL-Injection.html
Free And Open Source Inventory Management System 1.0 SQL Injection
https://packetstormsecurity.com/files/174705/Free-And-Open-Source-Inventory-Management-System-1.0-SQL-Injection.html
GoogleProjectZero
分析野外安卓漏洞
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Sucuri Blog
如何查找和修复日本SEO垃圾邮件
https://blog.sucuri.net/2023/09/how-to-find-fix-japanese-seo-spam.html
BadSectorLabs
上周安全信息
https://blog.badsectorlabs.com/last-week-in-security-lwis-2023-09-19.html
unit42
伪造的CVE-2023-40477概念验证下载VenomRAT分析
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
HackRead
伪造的PoC脚本用于诱骗研究人员下载VenomRAT
https://www.hackread.com/fake-poc-script-researchers-download-venomrat/
诈骗分子利用卫星直播延迟获得投注优势
https://www.hackread.com/crooks-exploited-satellite-tech-betting-scheme/
BleepingComputer
诈骗者冒充Celsius以破产索赔代理进行网络钓鱼攻击
https://www.bleepingcomputer.com/news/security/claimants-in-celsius-crypto-bankruptcy-targeted-in-phishing-attack/
趋势科技(Trend Micro)修复了攻击中使用的端点保护零日漏洞
https://www.bleepingcomputer.com/news/security/trend-micro-fixes-endpoint-protection-zero-day-used-in-attacks/
黑客上周入侵了国际刑事法院(ICC)的系统
https://www.bleepingcomputer.com/news/security/hackers-breached-international-criminal-courts-systems-last-week/
GitLab敦促用户针对关键漏洞安装安全更新
https://www.bleepingcomputer.com/news/security/gitlab-urges-users-to-install-security-updates-for-critical-pipeline-flaw/
Microsoft将于2026年10月开始停用Exchange Web服务
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-start-retiring-exchange-web-services-in-october-2026/
黑客使用新的HTTPSnoop恶意软件攻击电信供应商
https://www.bleepingcomputer.com/news/security/hackers-backdoor-telecom-providers-with-new-httpsnoop-malware/
TheHackerNews
ShroudedSnooper的HTTPSnoop恶意软件攻击中东电信公司
https://thehackernews.com/2023/09/shroudedsnoopers-httpsnoop-backdoor.html
阿塞拜疆成为新一轮基于Rust的恶意软件攻击目标
https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html
新XWorm变种的代码内部
https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html
Earth Lusca新的SprySOCKS Linux后门攻击政府
https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html
Microsoft AI研究人员意外暴露了38TB的机密数据
https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html
近12,000个Juniper网络防火墙容易受到最近披露的RCE漏洞的攻击
https://thehackernews.com/2023/09/over-12000-juniper-firewalls-found.html
Transparent Tribe使用虚假的YouTube Android应用程序传播CapraRAT恶意软件
https://thehackernews.com/2023/09/transparent-tribe-uses-fake-youtube.html
Malwarebytes Labs
元宇宙的隐私风险
https://www.malwarebytes.com/blog/personal/2023/09/the-privacy-perils-of-the-metaverse
SecurityBoulevard
8Base 勒索软件网站的幕后黑手是谁?
https://securityboulevard.com/2023/09/whos-behind-the-8base-ransomware-website/
LockBit的分支在勒索软件攻击中使用RMM软件
https://securityboulevard.com/2023/09/lockbit-affiliates-use-rmm-software-in-ransomware-attacks/
DataBreaches
WeLeakInfo.to的客户将收到荷兰警方的消息
https://www.databreaches.net/customers-of-weleakinfo-to-will-receive-a-message-from-the-dutch-police/
以色列心理健康中心遭受网络攻击
https://www.databreaches.net/israeli-mental-health-center-in-jerusalem-hit-with-cyberattack/
SANS
针对旧版Adobe Experience Manager漏洞的模糊扫描
https://isc.sans.edu/diary/rss/30230
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...