Riasztások

ECHO Network · 2021. április 16.

Fedora 32: kernel-tools 2021-21360476b6>

The 5.11.14 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-21360476b6 2021-04-16 14:42:40.037694 --------------------------------------------------------....
ECHO Network · 2021. április 16.

7 SugarSync Alternatives

The following SugarSync alternatives are your best bets for backing up your beloved files and folders. Not only can you perform backups, but also access the lot via different computers or even mobile devices. This ability comes in handy especially when you want to show off your pictures, videos,....
ECHO Network · 2021. április 16.

New Google Chrome 90 Update: 37 Additional Bug Security Fixes Included; No More Zero-Day Flaws (Tech Times : Tech)

New Google Chrome 90 Update: 37 Additional Bug & Security Fixes Included; No More Zero-Day Flaws. Google Chrome has recently rolled out its Chrome 90 update a day later than its anticipated release. It is now available for Windows, macOS, and Linux users.
ECHO Network · 2021. április 16.

NA - CVE-2021-20491 - IBM Spectrum Protect Server 7.1 and 8.1 is...

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.
ECHO Network · 2021. április 16.

NSA: 5 Security Bugs Under Active Nation-State Cyberattack

The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S.
ECHO Network · 2021. április 16.

One-Click Remote Code Execution Vulnerabilities Found in Multiple Popular Apps

Security researchers have identified several vulnerabilities in how apps open and handle URLs, leading to 1-click code execution actions that don’t require user input. It’s easy to think that a simple action like opening an URL in an application doesn’t pose much of a security problem, but that’s not really the case.
ECHO Network · 2021. április 16.

The Patch Tuesday focus for April: Windows and Exchange (again)

Microsoft delivered a broad series of updates across the Windows ecosystems this week. Meanwhile, four vulnerabilities affecting Windows have been disclosed and one security flaw, reportedly exploited, affects the Windows kernel. On Tuesday, MIcrosoft rolled out another broad series of updates....
ECHO Network · 2021. április 16.

Critical RCE can allow attackers to compromise Juniper Networks devices

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Read the original article: Critical RCE can allow attackers to compromise Juniper Networks devices....
ECHO Network · 2021. április 16.

FBI cleans web shells from hacked Exchange servers in rare active defense move

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Read the original article: FBI cleans web shells from hacked Exchange servers in rare active defense....
NVD: all CVE · 2021. április 16.

CVE-2020-9667

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
NVD: all CVE · 2021. április 16.

CVE-2020-9668

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
NVD: all CVE · 2021. április 16.

CVE-2020-9681

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
NVD: all CVE · 2021. április 16.

CVE-2021-26830

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
NVD: all CVE · 2021. április 16.

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || >=3.11.4`. Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4. Thanks to Jason from Microsoft Vulnerability Research (MSVR) for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.
NVD: all CVE · 2021. április 16.

CVE-2021-31347

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
NVD: all CVE · 2021. április 16.

CVE-2021-31348

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
ECHO Network · 2021. április 16.

Google Chrome Vulnerabilities Exploited in the Wild – Patch Now

. Summary. Several vulnerabilities were discovered in Google Chrome, the most severe of which could allow a threat actor to execute arbitrary code in the affected browser. The high severity vulnerabilities, and CVE-2021-21220 , are currently being exploited in the wild, making patching vital to protect against unauthorized access.
ECHO Network · 2021. április 16.

This Week in Security: Pwn2own, Zoom Zero Day, Clubhouse Data, and an FBI Hacking Spree

Re:FBI. What I’m reading is that 60,000 exchange servers were either vulnerable or compromised by the original attack. Microsoft eventually released a patch that fixed the vulnerabilities, but compromised machines needed the owner to take action to remove the infection.
ECHO Network · 2021. április 16.

Google Project Zero Extend its Bug Disclosure Period

The Google Project Zero team has updated their vulnerability disclosure policies, continuing to make improvements to better address new issues as the security community grows. According to the updated policies, Google Project Zero will wait 30 days before disclosing technical details about a....
ECHO Network · 2021. április 16.

FBI cleans web shells from hacked Exchange servers in rare active defense move

The FBI has been deleting backdoors placed by cyberespionage group Hafnium on Microsoft Exchange servers. The court order allowing them to do so signals a more active defense approach. In a move that has been described as unprecedented, the FBI obtained a court order that allowed it to remove a....