Riasztások
Tunisia's debt-laden public firms edge toward ruin
Ten years since a revolution that overthrew the nepotistic regime of Zine El Abidine Ben Ali, the sweeping reforms economists say are needed to clean up state finances have yet to materialise. The situation has pushed many of the cash-strapped North African country's 110 state-owned firms towards the edge.
Google Releases Security Updates for Chrome
Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. Web Application Firewall customers with the Cloudflare Specials ruleset enabled are automatically protected against....
D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014 , has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks.
World's best 500+ cybersecurity experts fail to hack the Morpheus processor - Notebookcheck.net
A couple of years ago, we were reporting on the announcement of the “unhackable” Morpheus computer processor developed by the computer science researchers at the University of Michigan in the US. On paper, the processor presented quite the paradigm shift from traditional cybersecurity that usually....
Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277)
Mar 6, 2021 7:00 pm EST | High Severity IBM API Connect has addressed the following vulnerability.
Mar 5, 2021 7:00 pm EST | High Severity Vulnerability exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.3.1, V7.3, V7.2.1, and V7.2.0.2.
Security Bulletin: IBM API Connect's provider org registration flow is vulnerable to impersonation and sensitive information leak. CVE-2020-4903)
IBM Product Security Vulnerabilities. See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering.
IBM Product Support Portal. Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix....
Backdoor.Win32.Antilam.14.o / Unauthenticated Remote Command Execution
Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3f3ee9dce39e816b4001bd6ae66e8f1a.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP ports 47891 and 29559.
Sitio Web desarrollado por misionessistemas Sql Injection Vulnerability
********************************************************* #Exploit Title: Sitio Web desarrollado por misionessistemas Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Sitio Web desarrollado por misionessistemas" #Category:webapps #Tested On: windows 10,....
CatDV 9.2 Authentication Bypass
# Exploit Title: CatDV 9.2 - RMI Authentication Bypass # Date: 3/1/2021 # Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. # Vendor Homepage: https://catdv.com/ # Software Link: https://www.squarebox.com/download/CatDVServer9.2.0.exe # Version: 9.2 and lower # Tested on: Windows, Mac import org.
ITAcumens Sql Injection Vulnerability
********************************************************* #Exploit Title: ITAcumens Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Powered by ITAcumens" #Category:webapps #Tested On: windows 10, Firefox Proof of Concept: Search google Dork: "Powered by ITAcumens" ### Demo : http://ecolabs.
هوشمند فناوران میهن مهر Sql Injection Vulnerability
********************************************************* #Exploit Title: هوشمند Ùناوران میهن مهر Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "طراØÛŒ Ùˆ بر نامه نویسی سایت ها Ùˆ پرتال های ØØ±ÙÙ‡ ای....
Textpattern CMS 4.8.3 Remote Code Execution
# Exploit Title: Textpattern 4.8.3 - Remote code execution (Authenticated) (2) # Date: 03/03/2021 # Exploit Author: Ricardo Ruiz (@ricardojoserf) # Vendor Homepage: https://textpattern.com/ # Software Link: https://textpattern.com/start # Version: Previous to 4.8.3 # Tested on: CentOS, textpattern 4.
Textpattern CMS 4.9.0-dev Cross Site Scripting
# Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS) # Date: 2021-03-04 # Exploit Author: Tushar Vaidya # Vendor Homepage: https://textpattern.com # Software Link: https://textpattern.com/start # Version: v 4.9.0-dev # Tested on: Windows Steps-To-Reproduce: 1. Login into Textpattern CMS admin panel.
Microsoft Windows RRAS Service MIBEntryGet Overflow
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Egghunter include Msf::Exploit::Remote::DCERPC include....
Federal officials scramble to assess widening Microsoft Exchange Server fallout
technology Federal officials scramble to assess widening Microsoft Exchange Server fallout.
Microsoft's Redmond, Washington, headquarters. The tech giant is dealing with another major hack.(Stephen Brashear/Getty Images)
Written by Mar 6, 2021 | CYBERSCOOP.
Microsoft Updates Exchange Server IoC Tool, Emergency Alternative Mitigations Overnight
WASHINGTON: Microsoft updated its free Exchange server and released emergency alternative mitigation measures overnight as the extent of damage globally from four recently disclosed zero-day vulnerabilities becomes clearer. The IoC tool can be used to scan Exchange server log files to identify whether they are compromised.
Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers
A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsoft’s email software in a cyber campaign the US government describes as “widespread domestic and international....
Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China
Businesses and government agencies in the United States that use a Microsoft email service have been compromised in an aggressive hacking campaign that was probably sponsored by the Chinese government, Microsoft said. The number of victims is estimated to be in the tens of thousands and could rise,....
This new Microsoft tool checks Exchange Servers for ProxyLogon hacks
Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. On March 2nd, Microsoft released out-of-band emergency security updates to fix four zero-day vulnerabilities actively used in attacks against Microsoft Exchange .