Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control 攻击者利用AWS X-Ray作为隐蔽双向C2通道，通过合法云追踪服务实现命令控制。该技术将X-Ray注释存储为任意键值数据，并通过API写入和查询数据。攻击分为三个阶段：植入信标、命令交付和结果外泄。通信基于AWS X-Ray服务域名xray.[region].amazonaws.com，并采用HMAC-SHA256签名确保流量合法化。... 2025-10-5 13:6:27 | 阅读: 100 | 收藏 | Security Affairs - securityaffairs.com c2 xray ray 1e055763 a3f7b2c8

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65 本网站使用cookies以记住您的偏好和访问记录，并提供更相关体验。点击“Accept All”即同意使用所有cookies；您也可通过“Cookie Settings”进行个性化设置。... 2025-10-5 12:1:0 | 阅读: 15 | 收藏 | Security Affairs - securityaffairs.com visits remembering repeat

Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION 网站使用cookies记住偏好和访问记录以提供相关体验。点击“Accept All”同意使用所有cookies, 或通过“Cookie Settings”控制同意.... 2025-10-5 11:35:2 | 阅读: 14 | 收藏 | Security Affairs - securityaffairs.com remembering repeat visits

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals GreyNoise发现针对Palo Alto Networks登录门户的扫描激增500%，主要来自美国及部分欧洲国家。93%的IP可疑，7%恶意。扫描活动与近期Cisco ASA事件相似，可能关联共享基础设施。GreyNoise正在开发动态IP黑名单以应对威胁。... 2025-10-4 19:50:0 | 阅读: 16 | 收藏 | Security Affairs - securityaffairs.com palo alto greynoise portals asa

U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog 美国网络安全和基础设施安全局（CISA）将Smartbedded Meteobridge、三星、Juniper ScreenOS、Jenkins和GNU Bash的多个漏洞加入其已知被利用的漏洞目录。这些漏洞包括命令注入、身份验证问题和远程代码执行等高风险安全问题。... 2025-10-4 15:49:21 | 阅读: 13 | 收藏 | Security Affairs - securityaffairs.com catalog remote jenkins samsung

ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims Trinity of Chaos, linked to cybercrime groups like Lapsus$ and ShinyHunters, exploited Salesforce vulnerabilities to attack 39 companies, including Google and Cisco. They launched a TOR-based data leak site, threatening to release over 1.5 billion records if ransoms aren't paid. The FBI issued warnings about the risks of stolen data misuse.... 2025-10-3 22:33:21 | 阅读: 15 | 收藏 | Security Affairs - securityaffairs.com salesforce trinity dls ransomware

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE 研究人员发现两款安卓间谍软件ProSpy和ToSpy伪装成Signal和ToTok应用，在阿联酋通过伪造网站和社交工程手段窃取用户数据。这些恶意软件伪装成Signal加密插件或ToTok升级版本，诱导用户手动安装后持续窃取敏感信息。... 2025-10-3 13:44:5 | 阅读: 11 | 收藏 | Security Affairs - securityaffairs.com totok spyware prospy tospy malicious

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE ESET研究人员发现两个Android间谍软件活动ProSpy和ToSpy，伪装成Signal和ToTok应用，在阿联酋通过假冒网站和社会工程手段传播，窃取用户数据。... 2025-10-3 13:44:5 | 阅读: 14 | 收藏 | Security Affairs - securityaffairs.com totok spyware prospy malicious tospy

Google warns of Cl0p extortion campaign against Oracle E-Business users Google发现Cl0p勒索团伙向使用Oracle E-Business Suite的企业高管发送勒索邮件，声称窃取数据并索要高额赎金。攻击者可能利用默认密码重置功能获取有效凭证。FIN11团伙或参与其中，Cl0p曾利用零日漏洞攻击Accellion等软件。... 2025-10-3 05:21:58 | 阅读: 25 | 收藏 | Security Affairs - securityaffairs.com cl0p ransomware extortion mandiant fin11

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor CERT-UA警告UAC-0245组织利用恶意Excel XLL加载项传播CABINETRAT后门攻击乌克兰。该恶意软件通过伪装成合法工具传播，并具备反分析功能和多种数据收集能力。... 2025-10-2 18:1:26 | 阅读: 11 | 收藏 | Security Affairs - securityaffairs.com xll ukraine cabinetrat malicious 0245

Allianz Life data breach impacted 1.5 Million people Allianz Life数据泄露事件影响约150万人，涉及姓名、地址、出生日期和社会安全号码等信息。黑客通过社会工程手段入侵第三方CRM系统。尽管内部网络未受侵入，但调查仍在进行中。ShinyHunters黑客组织或与此事件相关，并泄露了超过280万条记录。受影响者将获得两年免费身份监控服务以防止身份盗窃。... 2025-10-2 14:13:43 | 阅读: 9 | 收藏 | Security Affairs - securityaffairs.com allianz security salesforce dates

Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories 网络犯罪团伙Crimson Collective声称入侵了Red Hat的私人GitHub仓库，窃取了570GB数据，包括28,000个项目和800份客户参与报告（CER），涉及敏感网络信息。Red Hat确认了此次数据泄露，并采取补救措施，但强调事件不影响其他服务或产品安全。... 2025-10-2 10:37:5 | 阅读: 25 | 收藏 | Security Affairs - securityaffairs.com collective crimson security github cers

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors 中国关联的APT组织Phantom Taurus利用Net-Star恶意软件针对政府和电信机构实施间谍活动，采用独特战术持续两年。... 2025-10-2 07:40:57 | 阅读: 14 | 收藏 | Security Affairs - securityaffairs.com phantom taurus memory espionage

OpenSSL patches 3 vulnerabilities, urging immediate updates OpenSSL修复了三个漏洞，涉及密钥恢复、代码执行和拒绝服务攻击，并敦促用户立即更新以避免潜在风险。... 2025-10-1 20:15:47 | 阅读: 10 | 收藏 | Security Affairs - securityaffairs.com library tracked encryption 9231

Apple urges users to update iPhone and Mac to patch font bug 苹果发布iOS和macOS更新修复字体处理漏洞CVE-2025-43400，该漏洞可能导致拒绝服务或内存损坏。攻击者可利用此漏洞制作恶意字体引发应用崩溃或内存破坏，甚至可能远程执行代码控制设备。建议用户尽快更新以防范风险。... 2025-10-1 11:0:2 | 阅读: 12 | 收藏 | Security Affairs - securityaffairs.com memory attacker corruption attackers corrupt

WestJet confirms cyberattack exposed IDs, passports in June incident WestJet在6月遭遇网络攻击，影响内部系统和移动应用，导致客户护照、身份证等个人信息泄露。未涉及信用卡号等敏感数据。公司已采取措施应对，并提供24个月免费身份盗窃保护服务。... 2025-10-1 06:38:18 | 阅读: 7 | 收藏 | Security Affairs - securityaffairs.com westjet airline rewards canada security

Broadcom patches VMware Zero-Day actively exploited by UNC5174 Broadcom修复了六个VMware漏洞，包括 CVE-2025-41244（CVSS 7.8），该零日漏洞自 2024 年 10 月起被 UNC5174 利用以实现本地提权至 root。受影响版本包括 VMware Cloud Foundation、vSphere、Aria Operations、Tools 等多个系列。此外还修复了信息泄露和授权问题。... 2025-9-30 14:6:54 | 阅读: 7 | 收藏 | Security Affairs - securityaffairs.com broadcom unc5174 cloud aria 41244

UK convicts Chinese national in £5.5B crypto fraud, marks world’s largest Bitcoin seizure 一名中国籍女子因涉及55亿英镑的加密货币欺诈案在英国被判有罪，警方查获了61,000个比特币，创全球最大比特币 seizure记录。她通过虚假投资承诺欺骗了12.8万名受害者，并试图将赃款洗白用于购房。... 2025-9-30 13:21:38 | 阅读: 4 | 收藏 | Security Affairs - securityaffairs.com police seizure met laundering qian

U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog 美国网络安全机构CISA新增五项高危漏洞至已知被利用漏洞目录，涉及Adminer、Cisco IOS、Fortra GoAnywhere MFT、Libraesva ESG和Sudo产品。这些漏洞已被证实被积极利用，CISA要求联邦机构于10月20日前完成修复以应对潜在威胁。... 2025-9-30 09:7:17 | 阅读: 11 | 收藏 | Security Affairs - securityaffairs.com fortra goanywhere mft catalog

Asahi halts ordering, shipping, and customer service after cyberattack 日本最大啤酒商朝日集团因网络攻击暂停在日本的订购、运输和客服服务，目前未发生数据泄露，调查仍在进行中，恢复时间未知。... 2025-9-30 08:24:50 | 阅读: 8 | 收藏 | Security Affairs - securityaffairs.com asahi japan cyberattack ordering shipping