Forwarded from Deleted Account
40030549 Jan 21 08:13 1000000 yandex.txt
111788032 Jan 21 08:13 4000000 Mail.ru.txt
111788032 Jan 21 08:13 4000000 Mail.ru.txt
Forwarded from Deleted Account
Поражают объёмы. Но есть стойкое ощущение, что это свалка мусора не за один год
Forwarded from Deleted Account
Кстати почта на Tutanota.com и ProtonMail.com не скопрометировпна оказалась. Tutanota мне почему то больше нравится)
Forwarded from Deleted Account
По этому юзайте почту на Proton и Tutanota. Не реклама
Forwarded from TechToday News
#Vulnerability #Microsoft #Apple #iOS #MacOS #report
Abusing RFC-1342 to spoof email addresses: Most mail clients are vulnerable!
TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
Bugs were found in over 30 applications, including prominent ones like Apple Mail (macOS, iOS and watchOS), Mozilla Thunderbird, various Microsoft email clients, Yahoo! Mail, ProtonMail and others.
In addition to the spoofing vulnerability, some of the tested applications also proved to be vulnerable to XSS and code injection attacks.
https://www.mailsploit.com/index
https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk
Abusing RFC-1342 to spoof email addresses: Most mail clients are vulnerable!
TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
Bugs were found in over 30 applications, including prominent ones like Apple Mail (macOS, iOS and watchOS), Mozilla Thunderbird, various Microsoft email clients, Yahoo! Mail, ProtonMail and others.
In addition to the spoofing vulnerability, some of the tested applications also proved to be vulnerable to XSS and code injection attacks.
https://www.mailsploit.com/index
https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk
Google Docs
Vendors affected by Mailsploit (https://mailsploit.com)
Sheet1
Mail clients,Is affected by Mailsploit,Spoofing,XSS / Code Injection,Report date,Has been fixed,Notes
Apple Mail.app MACOS IOS,YES,YES,NO,July 16, 2017,FIXED AS OF 29 MAR. 2018,All versions of macOS and iOS are affected. watchOS as well. Regarding…
Mail clients,Is affected by Mailsploit,Spoofing,XSS / Code Injection,Report date,Has been fixed,Notes
Apple Mail.app MACOS IOS,YES,YES,NO,July 16, 2017,FIXED AS OF 29 MAR. 2018,All versions of macOS and iOS are affected. watchOS as well. Regarding…
Forwarded from TechToday News
#Vulnerability #Report
Protonmail XSS — Stored
It’s Series of Vulnerability which i found in the Protonmail Web app and also IOS app, and only publishing two now related to Protonmail.
https://medium.com/@ChandSingh/protonmail-xss-stored-b733031ac3b5
Protonmail XSS — Stored
It’s Series of Vulnerability which i found in the Protonmail Web app and also IOS app, and only publishing two now related to Protonmail.
https://medium.com/@ChandSingh/protonmail-xss-stored-b733031ac3b5
Forwarded from TechToday News
#Vulnerability #Web #Report
Firefox could be made to crash or run programs as your login if it opened a malicious website.
CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503,
CVE-2018-18504, CVE-2018-18505, CVE-2018-18506
https://usn.ubuntu.com/usn/usn-3874-1
https://access.redhat.com/security/cve/CVE-2018-18500
https://access.redhat.com/security/cve/CVE-2018-18501
https://access.redhat.com/security/cve/CVE-2018-18505
Firefox could be made to crash or run programs as your login if it opened a malicious website.
CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503,
CVE-2018-18504, CVE-2018-18505, CVE-2018-18506
https://usn.ubuntu.com/usn/usn-3874-1
https://access.redhat.com/security/cve/CVE-2018-18500
https://access.redhat.com/security/cve/CVE-2018-18501
https://access.redhat.com/security/cve/CVE-2018-18505
Ubuntu
USN-3874-1: Firefox vulnerabilities | Ubuntu security notices
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute…
Forwarded from TechToday News
#Vulnerability #Microsoft #Report
PoC Code Available for Microsoft Edge Remote Code Execution Bug
The flurry of security bugs Microsoft addressed with this month's rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters.
https://www.bleepingcomputer.com/news/security/poc-code-available-for-microsoft-edge-remote-code-execution-bug/
https://xakep.ru/2018/10/12/edge-rce/
https://leucosite.com/Microsoft-Edge-RCE/
PoC Code Available for Microsoft Edge Remote Code Execution Bug
The flurry of security bugs Microsoft addressed with this month's rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters.
https://www.bleepingcomputer.com/news/security/poc-code-available-for-microsoft-edge-remote-code-execution-bug/
https://xakep.ru/2018/10/12/edge-rce/
https://leucosite.com/Microsoft-Edge-RCE/
Multiple vulnerabilities in Microsoft Edge:https://www.cybersecurity-help.cz/vdb/SB2018100916
CVE-2018-8473
CVE-2018-8509
CVE-2018-8512
CVE-2018-8530
CVE-2018-8503
CVE-2018-8505
CVE-2018-8510
CVE-2018-8511
CVE-2018-8513
BleepingComputer
PoC Code Available for Microsoft Edge Remote Code Execution Bug
The flurry of security bugs Microsoft addressed with its latest rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters.
Forwarded from TechToday News
#Vulnerability #Google #Linux #Windows #MacOS #Report
Multiple vulnerabilities in Google Chrome
The Chrome team is delighted to announce the promotion of Chrome 71 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 71.0.3578.80 contains a number of fixes and improvements -- a list of changes is available in the log.
https://www.cybersecurity-help.cz/vdb/SB2018120506
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Multiple vulnerabilities in Google Chrome
Severity: HighPatch available: YESNumber of vulnerabilities: 35The Chrome team is delighted to announce the promotion of Chrome 71 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 71.0.3578.80 contains a number of fixes and improvements -- a list of changes is available in the log.
https://www.cybersecurity-help.cz/vdb/SB2018120506
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
www.cybersecurity-help.cz
Multiple vulnerabilities in Google Chrome
Our company provides unique services for tracking security vulnerabilities in different kinds of software and hardware.
Forwarded from TechToday News
#Vulnerability #Exploit #Article
Exploiting the Magellan bug on 64-bit Chrome Desktop
In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure they state that they successfully exploited Google Home using this vulnerability. Despite several weeks having passed after the initial advisory, no public exploit was released. We were curious about how exploitable the bug was and whether it could be exploited on 64-bit desktop platforms. Therefore, we set out to create an exploit targeting Chrome on 64-bit Ubuntu.
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
Exploiting the Magellan bug on 64-bit Chrome Desktop
In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure they state that they successfully exploited Google Home using this vulnerability. Despite several weeks having passed after the initial advisory, no public exploit was released. We were curious about how exploitable the bug was and whether it could be exploited on 64-bit desktop platforms. Therefore, we set out to create an exploit targeting Chrome on 64-bit Ubuntu.
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
Exodus Intelligence
Exploiting the Magellan bug on 64-bit Chrome Desktop
In this post, we show how to reverse engineer the Magellan bug from the patch and exploit it on a 64bit desktop environment.
Forwarded from Deleted Account
Internet = подключение уязвимого устройства к другому уязвимому устройству через уязвимые маршрутизаторы
Forwarded from TechToday News
#Vulnerability #Hack #Hardware #Network #Article
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
With this research, I’m going to answer the question that has had to be answered for quite a time: to what extent is Marvell WiFi FullMAC SoC (not) secure. Since the wireless devices with the analyzed chip aren’t fully researched by the community yet, they may contain a tremendous volume of unaudited code, which may result in severe security issues swarming devices equipped with WLAN cards. At the outset, I should mention that this article is based on the info I presented during my ZeroNights 2018 talk. So, feel free to have a look at the original slides here There are also some notable researches on the subject of wireless SoC security. For example, Google Project Zero published a series of blog posts starting in April 2017 describing exploitation of Broadcom Wi-Fi stack on smartphones. This topic was also discussed at theBlackHat 2017 conference. Some smartphone baseband exploits write-ups might help understand the techniques used to reverse engineer firmware of wireless SoC.
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
With this research, I’m going to answer the question that has had to be answered for quite a time: to what extent is Marvell WiFi FullMAC SoC (not) secure. Since the wireless devices with the analyzed chip aren’t fully researched by the community yet, they may contain a tremendous volume of unaudited code, which may result in severe security issues swarming devices equipped with WLAN cards. At the outset, I should mention that this article is based on the info I presented during my ZeroNights 2018 talk. So, feel free to have a look at the original slides here There are also some notable researches on the subject of wireless SoC security. For example, Google Project Zero published a series of blog posts starting in April 2017 describing exploitation of Broadcom Wi-Fi stack on smartphones. This topic was also discussed at theBlackHat 2017 conference. Some smartphone baseband exploits write-ups might help understand the techniques used to reverse engineer firmware of wireless SoC.
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/