🛠 AIDE 0.17.3 🛠
📖 Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.📖 Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.17.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ How Email Attacks are Evolving in 2021 ❌
📖 Read
via "Threat Post".
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.📖 Read
via "Threat Post".
Threat Post
How Email Attacks are Evolving in 2021
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.
❌ Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims ❌
📖 Read
via "Threat Post".
The attackers ported victims' cell phone lines and then defeated 2FA to access accounts and apps.📖 Read
via "Threat Post".
Threat Post
Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims
The attackers ported victims' cell phone lines and then defeated 2FA to access accounts and apps.
🕴 Unemployment Fraud: As If Being Out of Work Wasn't Bad Enough 🕴
📖 Read
via "Dark Reading".
With the pandemic as a backdrop, cybercriminals have recognized an unprecedented opportunity to steer billions of dollars in unemployment claims into the own accounts.📖 Read
via "Dark Reading".
Dark Reading
Unemployment Fraud: As If Being Out of Work Wasn't Bad Enough
With the pandemic as a backdrop, cybercriminals have recognized an unprecedented opportunity to steer billions of dollars in unemployment claims into the own accounts.
‼ CVE-2020-8027 ‼
📖 Read
via "National Vulnerability Database".
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8029 ‼
📖 Read
via "National Vulnerability Database".
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8030 ‼
📖 Read
via "National Vulnerability Database".
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8031 ‼
📖 Read
via "National Vulnerability Database".
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.📖 Read
via "National Vulnerability Database".
🕴 7 Things We Know So Far About the SolarWinds Attacks 🕴
📖 Read
via "Dark Reading".
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.📖 Read
via "Dark Reading".
Dark Reading
7 Things We Know So Far About the SolarWinds Attacks
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
🕴 Game Over: Stopping DDoS Attacks Before They Start 🕴
📖 Read
via "Dark Reading".
Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.📖 Read
via "Dark Reading".
Dark Reading
Game Over: Stopping DDoS Attacks Before They Start
Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.
🦿 How to use the Vault command line tool to store your code secrets 🦿
📖 Read
via "Tech Republic".
Developers must stop saving secrets in code. One way to avoid that is to use HashiCorp's Vault. Jack Wallen shows you how to install this tool and take your first steps in its usage.📖 Read
via "Tech Republic".
TechRepublic
How to use the Vault command line tool to store your code secrets
Developers must stop saving secrets in code. One way to avoid that is to use HashiCorp's Vault. Jack Wallen shows you how to install this tool and take your first steps in its usage.
🔏 FBI Urges Caution with Legacy Systems Following Water Hack 🔏
📖 Read
via "Digital Guardian".
The FBI reiterated that using end-of-life operating systems and desktop sharing software can open the doors for attackers, like in the Oldsmar water treatment plant hack.📖 Read
via "Digital Guardian".
Digital Guardian
FBI Urges Caution with Legacy Systems Following Water Hack
The FBI reiterated that using end-of-life operating systems and desktop sharing software can open the doors for attackers, like in the Oldsmar water treatment plant hack.
🕴 Microsoft Launches Phase 2 Mitigation for Zerologon Flaw 🕴
📖 Read
via "Dark Reading".
The Netlogon remote code execution vulnerability, disclosed last August, has been weaponized by APT groups.📖 Read
via "Dark Reading".
Darkreading
Microsoft Launches Phase 2 Mitigation for Zerologon Flaw
The Netlogon remote code execution vulnerability, disclosed last August, has been weaponized by APT groups.
‼ CVE-2020-13185 ‼
📖 Read
via "National Vulnerability Database".
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21301 ‼
📖 Read
via "National Vulnerability Database".
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25493 ‼
📖 Read
via "National Vulnerability Database".
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21299 ‼
📖 Read
via "National Vulnerability Database".
hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in "request smuggling" or "desync attacks". To determine if vulnerable, all these things must be true: 1) Using hyper as an HTTP server (the client is not affected), 2) Using HTTP/1.1 (HTTP/2 does not use transfer-encoding), 3) Using a vulnerable HTTP proxy upstream to hyper. If an upstream proxy correctly rejects the illegal transfer-encoding headers, the desync attack cannot succeed. If there is no proxy upstream of hyper, hyper cannot start the desync attack, as the client will repair the headers before forwarding. This is fixed in versions 0.14.3 and 0.13.10. As a workaround one can take the following options: 1) Reject requests that contain a `transfer-encoding` header, 2) Ensure any upstream proxy handles `transfer-encoding` correctly.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22881 ‼
📖 Read
via "National Vulnerability Database".
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25689 ‼
📖 Read
via "National Vulnerability Database".
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22656 ‼
📖 Read
via "National Vulnerability Database".
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13186 ‼
📖 Read
via "National Vulnerability Database".
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.📖 Read
via "National Vulnerability Database".