🔵Unpatched Arbitrary file download vulnerability exists in v2 video conference system:

https://dailycve.com/unpatched-arbitrary-file-download-vulnerability-exists-v2-video-conference-system

🔵New Bug in OpenVpn could leak your ip adress |(DC: 245-2021)

https://dailycve.com/new-bug-openvpn-could-leak-your-ip-adress

For the first time, Apple’s recent quarterly revenues are forecast to reach $100 billion.
#Analytiques

Applications are at risk as digital transformation accelerates.
#Updates

Apple's official emergency response could be messed with by the IPhone 12.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🔍 How to Install GVM Vulnerability Scanner on Ubuntu 20.04 ?

Install the following dependency packages first.

sudo su -
apt update && \
apt -y dist-upgrade && \
apt -y autoremove && \
apt install -y software-properties-common && \
apt install -y build-essential cmake pkg-config libglib2.0-dev libgpgme-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev libldap2-dev doxygen graphviz libradcli-dev libhiredis-dev libpcap-dev bison libksba-dev libsnmp- dev gcc-mingw-w64 heimdal-dev libpopt-dev xmltoman redis-server xsltproc libical-dev postgresql postgresql-contrib postgresql-server-dev-all gnutls-bin nmap rpm nsis curl wget fakeroot gnupg sshpass socat snmpm smbclihtt gnupg sshpass socat snmpm smbclih dev python3-polib gettext rsync xml-twig-tools python3-paramiko python3-lxml python3-defusedxml python3-pip python3-psutil python3-impacket virtualenv vim git && \
apt install -y texlive-latex-extra --no-install-recommends && \
apt install -y texlive-fonts-recommended && \
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
apt update && \
apt -y install yarn && \
yarn install && \
yarn upgrade
Create a GVM user
Paste the following commands into a terminal to create a gvm user that will be used during installation and compilation:

echo 'export PATH = "$ PATH: / opt / gvm / bin: / opt / gvm / sbin: /opt/gvm/.local/bin"' | tee -a /etc/profile.d/gvm.sh && \
chmod 0755 /etc/profile.d/gvm.sh && \
source /etc/profile.d/gvm.sh && \
bash -c 'cat </etc/ld.so.conf.d/gvm.conf
# gmv libs location
/ opt / gvm / lib
EOF '
mkdir / opt / gvm && \
adduser gvm --disabled-password --home / opt / gvm / --no-create-home --gecos '' && \
usermod -aG redis gvm && \
chown gvm: gvm / opt / gvm /
Now login as user gvm.

sudo su - gvm
Download and install the software (GVM)
mkdir src && \
cd src && \
export PKG_CONFIG_PATH = / opt / gvm / lib / pkgconfig: $ PKG_CONFIG_PATH
git clone -b gvm-libs-20.08 --single-branch https://github.com/greenbone/gvm-libs.git && \
git clone -b openvas-20.08 --single-branch https://github.com/greenbone/openvas.git && \
git clone -b gvmd-20.08 --single-branch https://github.com/greenbone/gvmd.git && \
git clone -b master --single-branch https://github.com/greenbone/openvas-smb.git && \
git clone -b gsa-20.08 --single-branch https://github.com/greenbone/gsa.git && \
git clone -b ospd-openvas-20.08 --single-branch https://github.com/greenbone/ospd-openvas.git && \
git clone -b ospd-20.08 --single-branch https://github.com/greenbone/ospd.git
Install gvm-libs (GVM)
In this step, we will compile gvm-lib from github:

cd gvm-libs && \
export PKG_CONFIG_PATH = / opt / gvm / lib / pkgconfig: $ PKG_CONFIG_PATH && \
mkdir build && \
cd build && \
cmake -DCMAKE_INSTALL_PREFIX = / opt / gvm .. && \
make && \
make doc && \
make install && \
cd / opt / gvm / src

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Hyweb HyCMS-J SQL injection vulnerability:
(DC: 246-2021)


https://dailycve.com/hyweb-hycms-j-sql-injection-vulnerability

🔵Cross-site scripting vulnerabilities in Aterm products:

(DC: 247-2021)

https://dailycve.com/cross-site-scripting-vulnerabilities-aterm-products

“Tracking users” blocked by Apple, Facebook fights back.
#International

Intel shares are down 9% after decent performance from the fourth quarter.
#Analytiques

🔵mutt: Denial of service - Remote with user interaction:

(DC: 248-2021)


https://dailycve.com/mutt-denial-service-remote-user-interaction

🔵hawk2: Execute arbitrary code/commands - Remote/unauthenticated (DC: 249-2021)


https://dailycve.com/hawk2-execute-arbitrary-codecommands-remoteunauthenticated

Apple launches Powerbeats Pro limited edition wireless headset: classic monochrome.
#Technologies

PCIe 4.0 SSD exposure Corsair 2nd generation: reading 7GB/s breakthrough.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑☸️ Kubestrike: an incredibly fast security auditing tool for Kubernetes :

Kubestrike performs numerous in-depth inspections of the Kubernetes infrastructure to identify security misconfigurations and issues DevOps engineers / developers may encounter when using Kubernetes, especially in production and at large scale.

kubestrike is platform independent and works equally well on many platforms like standalone k8s, Amazon EKS, Azure AKS, Google GKE, etc.



Current opportunities
Scans Kubernetes infrastructure managed by a standalone and cloud provider
During the exploration phase, the presence of various services or open ports is checked
Performs automatic scans if unsafe services, read-write, or read-only services are enabled.
Performs both Authenticated Scan and Non-Authenticated Scan
Scans a wide variety of IAM misconfigurations across a cluster
Scans a wide range of misconfigured containers
Scans for many misconfigured pod security policies
Performs with kanirovanie the presence of a wide variety of incorrectly configured network policies
Scans the privileges of a subject in the cluster
Runs commands in containers and feeds back the output
Provides endpoints of misconfigured services
Provides information about possible privilege escalation
Provides a detailed report with detailed explanation


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) clone https://github.com/vchinnipilli/kubestriker#how-to-install

2) go dir

3) # Create python virtual environment
$ python3 -m venv env

# Activate python virtual environment
$ source env/bin/activate

# Clone this repository
$ git clone https://github.com/vchinnipilli/kubestriker.git

# Go into the repository
$ cd kubestriker

# Install dependencies
$ pip install -r requirements.txt

# Incase of prompt toolkit or selectmenu errors
$ pip install prompt-toolkit==1.0.15
$ pip install -r requirements.txt

# Gearing up Kubestriker
$ python -m kubestriker

# Result will be generated in the current working directory with the name of the target
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Tufin Securechange cross-site scripting vulnerability:

(DC: 250-2021)

https://dailycve.com/tufin-securechange-cross-site-scripting-vulnerability-0