Riasztások

SANS · 6 óra 4 perc

ISC Stormcast For Monday, June 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7540, (Mon, Jun 14th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
ECHO Network · 7 óra 37 perc

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-13947)

Share this post: Apache ActiveMQ is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. CVE(s): Affected product(s) and affected version(s): IBM Product Security Vulnerabilities.
ECHO Network · 8 óra 8 perc

Mageia 2021-0253: slurm security update>

MGASA-2021-0253 - Updated slurm packages fix a security vulnerability Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0253.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-31215 SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.
ECHO Network · 8 óra 8 perc

Mageia 2021-0254: wpa_supplicant, hostapd security update>

MGASA-2021-0254 - Updated wpa_supplicant, hostapd packages fix security vulnerability Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0254.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-30004 The wpa_supplicant and hostapd packages are updated to fix a....
ECHO Network · 8 óra 8 perc

Mageia 2021-0256: microcode security update>

MGASA-2021-0256 - Updated microcode packages fix security vulnerabilities Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0256.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-24489, CVE-2020-24511, CVE-2020-24513 Updated microcodes for Intel processors,....
ECHO Network · 8 óra 8 perc

Mageia 2021-0258: kernel-linus security update>

MGASA-2021-0258 - Updated kernel-linus packages fix security vulnerabilities Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0258.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141,....
ECHO Network · 8 óra 17 perc

Ransomware is biggest online threat to people in UK, spy agency chief to warn

via theguardian.com GCHQ cybersecurity boss sounds alarm over extortion by hackers who are mostly based in former Soviet statesRansomware represents the biggest threat to online security for most people and businesses in the UK, the head of GCHQ’s cybersecurity arm is to warn.
ECHO Network · 10 óra 2 perc

Observable discrepancy in aaugustin websockets

Security Advisory. This security advisory describes one low risk vulnerability. Description. CWE-203 - Observable discrepancy The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to observable timing discrepancy on server when HTTP Basic....
Linux security Advisories · 2021. június 13.

Fedora 33: libxml2 2021-b950000d2b>

Update to 2.9.12 * Fix CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541 * Verify sources with GPG signature
Linux security Advisories · 2021. június 13.

Fedora 34: glibc 2021-7ddb8b0537>

This glibc update fixes a use-after-free in the `mq_notify` function (CVE-2021-33574).
Linux security Advisories · 2021. június 13.

Mageia 2021-0258: kernel-linus security update>

This kernel-linus update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received
Linux security Advisories · 2021. június 13.

Mageia 2021-0257: kernel security update>

This kernel update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received
Linux security Advisories · 2021. június 13.

Mageia 2021-0256: microcode security update>

Updated microcodes for Intel processors, fixing various functional issues, and atleast the following security issues: Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege
Linux security Advisories · 2021. június 13.

Mageia 2021-0255: irssi security update>

The irssi packages are updated to irssi 1.2.3 to fix several issues among some security vulnerabilities: * memory handling issues * memory leaks * erroneous free * crashes / freezes
ECHO Network · 2021. június 13.

Blue Team Detection: DarkSide Ransomware Malware write-ups can be found in abundance online, they are often written from the point of view of a malware researcher who focuses on the deep internals of how malicious software works.

Malware write-ups can be found in abundance online, they are often written from the point of view of a malware researcher who focuses on the deep internals of how malicious software works, in some cases the information provided cannot be used to derive actionable interligience and defence mechanisms by cyber security blue teams.
ECHO Network · 2021. június 13.

GitHub Releases Key Findings of an Easy-to-Exploit Linux flaw

Kevin Backhouse, a researcher at GitHub Security Lab revealed the details of an easy-to-exploit Linux flaw that can be exploited to escalate privileges to root on the targeted system. The vulnerability, classified as highly critical and termed as CVE-2021-3560, affects polkit, a system service installed by default on many Linux distributions.
ECHO Network · 2021. június 13.

Vigil@nce - Mosquitto: Man-in-the-Middle, analyzed on 13/04/2021

The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. Synthesis of the vulnerability An attacker can act as a Man-in-the-Middle on Mosquitto, in order to read or write data in the session.
ECHO Network · 2021. június 13.

REvil Hits US Nuclear Weapons Contractor: Report

The researchers noted that RDP “was implicated as one of the most common methods of breaching a network in cases we were called in to investigate, which is why shutting off the outside world’s access to RDP is one of the most effective defenses an IT admin can take.
ECHO Network · 2021. június 13.

TryHackMe: That’s The Ticket Walkthrough

IT Support are going to have a bad day, can you get into the admin account? You can access the room through this link: https://tryhackme.com/room/thatstheticket Hello everyone, this is Mrinal Prakash aka EMPHAY and today I am going to take you to the walkthrough of the room- “That’s The Ticket” which is a pretty beginner friendly room.
ECHO Network · 2021. június 13.

VulnHub — BlueMoon:2021 Walkthrough

VulnHub BlueMoon ( https://www.vulnhub.com/entry/bluemoon-2021,679/ ) is an easy level boot2root CTF challenge, where you have to grab 3 flags on your way towards root. Let us begin with finding the IP of the box. Nmap was used to find the IP of the BlueMoon VM as follows. Finding the IP of BlueMoon VM.