ECHO Network · 2 óra 57 perc

Tunisia's debt-laden public firms edge toward ruin

Ten years since a revolution that overthrew the nepotistic regime of Zine El Abidine Ben Ali, the sweeping reforms economists say are needed to clean up state finances have yet to materialise. The situation has pushed many of the cash-strapped North African country's 110 state-owned firms towards the edge.
ECHO Network · 3 óra 35 perc

Google Releases Security Updates for Chrome

Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
ECHO Network · 5 óra 21 perc

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. Web Application Firewall customers with the Cloudflare Specials ruleset enabled are automatically protected against....
ECHO Network · 5 óra 29 perc

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014 , has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks.
ECHO Network · 6 óra 14 perc

World's best 500+ cybersecurity experts fail to hack the Morpheus processor - Notebookcheck.net

A couple of years ago, we were reporting on the announcement of the “unhackable” Morpheus computer processor developed by the computer science researchers at the University of Michigan in the US. On paper, the processor presented quite the paradigm shift from traditional cybersecurity that usually....
ECHO Network · 7 óra 25 perc

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277)

Mar 6, 2021 7:00 pm EST | High Severity IBM API Connect has addressed the following vulnerability. Mar 5, 2021 7:00 pm EST | High Severity Vulnerability exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.3.1, V7.3, V7.2.1, and V7.2.0.2.
ECHO Network · 7 óra 25 perc

Security Bulletin: IBM API Connect's provider org registration flow is vulnerable to impersonation and sensitive information leak. CVE-2020-4903)

IBM Product Security Vulnerabilities. See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering. IBM Product Support Portal. Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix....
ECHO Network · 8 óra 3 perc

Backdoor.Win32.Antilam.14.o / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3f3ee9dce39e816b4001bd6ae66e8f1a.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP ports 47891 and 29559.
ECHO Network · 8 óra 3 perc

Sitio Web desarrollado por misionessistemas Sql Injection Vulnerability

********************************************************* #Exploit Title: Sitio Web desarrollado por misionessistemas Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Sitio Web desarrollado por misionessistemas" #Category:webapps #Tested On: windows 10,....
ECHO Network · 8 óra 3 perc

CatDV 9.2 Authentication Bypass

# Exploit Title: CatDV 9.2 - RMI Authentication Bypass # Date: 3/1/2021 # Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. # Vendor Homepage: https://catdv.com/ # Software Link: https://www.squarebox.com/download/CatDVServer9.2.0.exe # Version: 9.2 and lower # Tested on: Windows, Mac import org.
ECHO Network · 8 óra 3 perc

ITAcumens Sql Injection Vulnerability

********************************************************* #Exploit Title: ITAcumens Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Powered by ITAcumens" #Category:webapps #Tested On: windows 10, Firefox Proof of Concept: Search google Dork: "Powered by ITAcumens" ### Demo : http://ecolabs.
ECHO Network · 8 óra 3 perc

هوشمند فناوران میهن مهر Sql Injection Vulnerability

********************************************************* #Exploit Title: هوشمند Ùناوران میهن مهر Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "طراحی Ùˆ بر نامه نویسی سایت ها Ùˆ پرتال های حرÙÙ‡ ای....
ECHO Network · 8 óra 3 perc

Textpattern CMS 4.8.3 Remote Code Execution

# Exploit Title: Textpattern 4.8.3 - Remote code execution (Authenticated) (2) # Date: 03/03/2021 # Exploit Author: Ricardo Ruiz (@ricardojoserf) # Vendor Homepage: https://textpattern.com/ # Software Link: https://textpattern.com/start # Version: Previous to 4.8.3 # Tested on: CentOS, textpattern 4.
ECHO Network · 8 óra 3 perc

Textpattern CMS 4.9.0-dev Cross Site Scripting

# Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS) # Date: 2021-03-04 # Exploit Author: Tushar Vaidya # Vendor Homepage: https://textpattern.com # Software Link: https://textpattern.com/start # Version: v 4.9.0-dev # Tested on: Windows Steps-To-Reproduce: 1. Login into Textpattern CMS admin panel.
ECHO Network · 8 óra 3 perc

Microsoft Windows RRAS Service MIBEntryGet Overflow

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Egghunter include Msf::Exploit::Remote::DCERPC include....
ECHO Network · 8 óra 46 perc

Federal officials scramble to assess widening Microsoft Exchange Server fallout

technology Federal officials scramble to assess widening Microsoft Exchange Server fallout. Microsoft's Redmond, Washington, headquarters. The tech giant is dealing with another major hack.(Stephen Brashear/Getty Images) Written by Mar 6, 2021 | CYBERSCOOP.
ECHO Network · 2021. március 6.

Microsoft Updates Exchange Server IoC Tool, Emergency Alternative Mitigations Overnight

WASHINGTON: Microsoft updated its free Exchange server and released emergency alternative mitigation measures overnight as the extent of damage globally from four recently disclosed zero-day vulnerabilities becomes clearer. The IoC tool can be used to scan Exchange server log files to identify whether they are compromised.
ECHO Network · 2021. március 6.

Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers

A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsoft’s email software in a cyber campaign the US government describes as “widespread domestic and international....
ECHO Network · 2021. március 6.

Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China

Businesses and government agencies in the United States that use a Microsoft email service have been compromised in an aggressive hacking campaign that was probably sponsored by the Chinese government, Microsoft said. The number of victims is estimated to be in the tens of thousands and could rise,....
ECHO Network · 2021. március 6.

This new Microsoft tool checks Exchange Servers for ProxyLogon hacks

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. On March 2nd, Microsoft released out-of-band emergency security updates to fix four zero-day vulnerabilities actively used in attacks against Microsoft Exchange .