unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Attackers used a public ASP.NET machine to conduct ViewState code injection attacks
文章指出攻击者利用公开的ASP.NET机器密钥进行ViewState代码注入攻击,微软发现Godzilla恶意软件被用于此类攻击,并警告3,000多个公开密钥的风险高于被盗密钥。ViewState数据被篡改可导致远程代码执行。微软建议安全生成机器密钥、升级框架版本,并移除文档中的示例以防止滥用。...
2025-2-7 09:31:40 | 阅读: 5 |
收藏
|
Security Affairs - securityaffairs.com
viewstate
machine
microsoft
malicious
injection
U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog
美国网络安全机构CISA将多个高危漏洞加入已知被利用漏洞目录,包括微软Outlook远程代码执行和Sophos防火墙缓冲区溢出问题,并要求联邦机构于2月27日前修复。...
2025-2-6 22:36:30 | 阅读: 5 |
收藏
|
Security Affairs - securityaffairs.com
catalog
microsoft
exploited
xg
Cisco addressed two critical flaws in its Identity Services Engine (ISE)
Cisco修复了身份服务引擎(ISE)中的两个严重漏洞(CVE-2025-20124和CVE-2025-20125),涉及远程代码执行和授权绕过问题。攻击者可借此提升权限或更改系统配置。建议用户升级至修复版本以应对风险。...
2025-2-6 15:42:28 | 阅读: 3 |
收藏
|
Security Affairs - securityaffairs.com
attacker
remote
ise
addressed
20124
Notorious hacker behind 40+ cyberattacks on strategic organizations arrested
西班牙警方逮捕一名黑客,该嫌疑人涉嫌对40多个政府机构实施网络攻击,包括美国陆军、联合国和北约等。嫌疑人通过暗网论坛使用化名掩盖身份,并利用匿名工具隐藏行踪。此次行动中查获加密货币及设备,嫌疑人已被释放但护照被没收以限制出行。...
2025-2-6 09:55:30 | 阅读: 3 |
收藏
|
Security Affairs - securityaffairs.com
spanish
icao
civil
police
arrested
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
Lazarus APT组织利用跨平台JavaScript窃取工具针对加密钱包展开攻击。该组织通过伪造LinkedIn上的加密货币、旅行和金融领域的工作机会引诱受害者,并要求提供个人信息以获取恶意代码。最终payload可窃取浏览器数据和登录凭证,并部署恶意软件进行进一步攻击。此次行动被归因于朝鲜关联的Lazarus集团。...
2025-2-6 00:8:2 | 阅读: 23 |
收藏
|
Security Affairs - securityaffairs.com
malicious
wallets
korea
north
stealer
U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
美国网络安全和基础设施安全局(CISA)将Linux内核漏洞CVE-2024-53104添加到其已知被利用的漏洞目录中。该漏洞允许本地认证攻击者通过低复杂度攻击提升权限。Android 2月安全更新已修复此问题,CISA要求联邦机构于2月26日前完成修复。...
2025-2-5 21:0:42 | 阅读: 7 |
收藏
|
Security Affairs - securityaffairs.com
exploited
catalog
frames
uvc
U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
美国网络安全机构CISA将Microsoft .NET Framework、Apache OFBiz和Paessler PRTG Network Monitor的四个高危漏洞加入已知被利用漏洞目录,并要求联邦机构于2025年2月25日前修复这些漏洞。...
2025-2-5 15:2:59 | 阅读: 4 |
收藏
|
Security Affairs - securityaffairs.com
catalog
prtg
network
ofbiz
SparkCat campaign target crypto wallets using OCR to steal recovery phrases
Kaspersky发现名为“SparkCat”的恶意活动,通过伪装成SDK的恶意软件攻击加密钱包。该活动利用OCR技术窃取用户的恢复短语,并通过Google Play和App Store传播至Android和iOS用户。该恶意软件已下载超24.2万次,并针对欧洲和亚洲用户展开攻击。...
2025-2-5 12:53:43 | 阅读: 0 |
收藏
|
Security Affairs - securityaffairs.com
malicious
sparkcat
wallets
phrases
c2
International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists
国际民航组织(ICAO)和阿拉伯民航组织(ACAO)近期遭遇数据泄露事件。ICAO确认约1.19万名员工的个人信息被窃取,包括招聘申请中的姓名、出生日期等敏感数据;ACAO则因SQL注入攻击导致员工凭证外泄。这些事件凸显航空组织信息安全漏洞,可能引发间谍活动或进一步攻击,需加强安全防护措施以应对威胁。...
2025-2-5 08:38:18 | 阅读: 2 |
收藏
|
Security Affairs - securityaffairs.com
aviation
icao
civil
security
Online food ordering and delivery platform GrubHub discloses a data breach
在线食品订购和配送平台GrubHub披露了一起数据泄露事件,攻击者通过第三方支持服务提供商的账户入侵系统,暴露了客户和司机的个人信息,包括姓名、邮箱、电话号码、部分信用卡信息和旧系统的哈希密码。GrubHub已采取措施终止账户访问并重置受影响密码。...
2025-2-5 00:14:2 | 阅读: 2 |
收藏
|
Security Affairs - securityaffairs.com
passwords
grubhub
ordering
food
attackers
Netgear urges users to upgrade two flaws impacting WiFi router models
Netgear披露了两个影响多款WiFi路由器的严重漏洞:远程代码执行(RCE)和认证绕过问题。攻击者无需用户交互即可利用这些漏洞。Netgear建议用户尽快更新至最新固件以修复问题。...
2025-2-4 22:24:8 | 阅读: 2 |
收藏
|
Security Affairs - securityaffairs.com
firmware
netgear
psv
download
impacting
AMD fixed a flaw that allowed to load malicious microcode
AMD修复了一个安全漏洞,该漏洞可能导致攻击者绕过其Secure Encrypted Virtualization (SEV)保护机制并加载恶意CPU微代码。Google研究人员发现该漏洞(CVE-2024-56161),涉及不正确的签名验证。AMD已发布微代码和固件更新以修复问题,并要求进行BIOS更新和重启以完成验证。...
2025-2-4 14:49:46 | 阅读: 0 |
收藏
|
Security Affairs - securityaffairs.com
microcode
sev
malicious
security
zen
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps...
2025-2-4 12:20:50 | 阅读: 6 |
收藏
|
Security Affairs - securityaffairs.com
trojan
coyote
windows
powershell
brazilian
Google fixed actively exploited kernel zero-day flaw
Google fixed actively exploited kernel zero-day flaw Pierluigi...
2025-2-4 00:26:45 | 阅读: 20 |
收藏
|
Security Affairs - securityaffairs.com
security
exploited
frames
uvc
addressed
Web Skimmer found on at least 17 websites, including Casio UK
Web Skimmer found on at least 17 websites, including Casio UK P...
2025-2-3 22:2:42 | 阅读: 6 |
收藏
|
Security Affairs - securityaffairs.com
skimmer
casio
jscrambler
skimming
security
Crazy Evil gang runs over 10 highly specialized social media scams
Crazy Evil gang runs over 10 highly specialized social media scams...
2025-2-3 14:49:35 | 阅读: 4 |
收藏
|
Security Affairs - securityaffairs.com
crazy
phishing
amos
Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are...
2025-2-3 11:6:55 | 阅读: 3 |
收藏
|
Security Affairs - securityaffairs.com
musk
treasury
wyden
doge
security
Texas is the first state to ban DeepSeek on government devices
Texas is the first state to ban DeepSeek on government devices...
2025-2-3 07:23:14 | 阅读: 3 |
收藏
|
Security Affairs - securityaffairs.com
deepseek
texas
italy
garante
ban
Law enforcement seized the domains of HeartSender cybercrime marketplaces
Law enforcement seized the domains of HeartSender cybercrime marketplaces...
2025-2-3 06:20:33 | 阅读: 4 |
收藏
|
Security Affairs - securityaffairs.com
heartsender
seized
advertised
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 31
Security Affairs newsletter Round...
2025-2-2 14:55:8 | 阅读: 471 |
收藏
|
Security Affairs - securityaffairs.com
exploited
ransomware
security
affairs
Previous
2
3
4
5
6
7
8
9
Next