ECHO Network

Subscribe to  ECHO Network hírcsatorna
RSS feed from the corresponding page on http://emm.newsbrief.eu/NewsBrief
Frissítve: 2 óra 21 perc
3 óra 7 perc

Tunisia's debt-laden public firms edge toward ruin

Ten years since a revolution that overthrew the nepotistic regime of Zine El Abidine Ben Ali, the sweeping reforms economists say are needed to clean up state finances have yet to materialise. The situation has pushed many of the cash-strapped North African country's 110 state-owned firms towards the edge.
3 óra 45 perc

Google Releases Security Updates for Chrome

Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
5 óra 31 perc

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. Web Application Firewall customers with the Cloudflare Specials ruleset enabled are automatically protected against....
5 óra 39 perc

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014 , has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks.
6 óra 24 perc

World's best 500+ cybersecurity experts fail to hack the Morpheus processor - Notebookcheck.net

A couple of years ago, we were reporting on the announcement of the “unhackable” Morpheus computer processor developed by the computer science researchers at the University of Michigan in the US. On paper, the processor presented quite the paradigm shift from traditional cybersecurity that usually....
7 óra 35 perc

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277)

Mar 6, 2021 7:00 pm EST | High Severity IBM API Connect has addressed the following vulnerability. Mar 5, 2021 7:00 pm EST | High Severity Vulnerability exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.3.1, V7.3, V7.2.1, and V7.2.0.2.
7 óra 35 perc

Security Bulletin: IBM API Connect's provider org registration flow is vulnerable to impersonation and sensitive information leak. CVE-2020-4903)

IBM Product Security Vulnerabilities. See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering. IBM Product Support Portal. Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix....
8 óra 13 perc

Backdoor.Win32.Antilam.14.o / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3f3ee9dce39e816b4001bd6ae66e8f1a.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP ports 47891 and 29559.
8 óra 13 perc

Sitio Web desarrollado por misionessistemas Sql Injection Vulnerability

********************************************************* #Exploit Title: Sitio Web desarrollado por misionessistemas Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Sitio Web desarrollado por misionessistemas" #Category:webapps #Tested On: windows 10,....
8 óra 13 perc

CatDV 9.2 Authentication Bypass

# Exploit Title: CatDV 9.2 - RMI Authentication Bypass # Date: 3/1/2021 # Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. # Vendor Homepage: https://catdv.com/ # Software Link: https://www.squarebox.com/download/CatDVServer9.2.0.exe # Version: 9.2 and lower # Tested on: Windows, Mac import org.
8 óra 13 perc

ITAcumens Sql Injection Vulnerability

********************************************************* #Exploit Title: ITAcumens Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Powered by ITAcumens" #Category:webapps #Tested On: windows 10, Firefox Proof of Concept: Search google Dork: "Powered by ITAcumens" ### Demo : http://ecolabs.
8 óra 13 perc

هوشمند فناوران میهن مهر Sql Injection Vulnerability

********************************************************* #Exploit Title: هوشمند Ùناوران میهن مهر Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "طراحی Ùˆ بر نامه نویسی سایت ها Ùˆ پرتال های حرÙÙ‡ ای....
8 óra 13 perc

Textpattern CMS 4.8.3 Remote Code Execution

# Exploit Title: Textpattern 4.8.3 - Remote code execution (Authenticated) (2) # Date: 03/03/2021 # Exploit Author: Ricardo Ruiz (@ricardojoserf) # Vendor Homepage: https://textpattern.com/ # Software Link: https://textpattern.com/start # Version: Previous to 4.8.3 # Tested on: CentOS, textpattern 4.
8 óra 13 perc

Textpattern CMS 4.9.0-dev Cross Site Scripting

# Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS) # Date: 2021-03-04 # Exploit Author: Tushar Vaidya # Vendor Homepage: https://textpattern.com # Software Link: https://textpattern.com/start # Version: v 4.9.0-dev # Tested on: Windows Steps-To-Reproduce: 1. Login into Textpattern CMS admin panel.
8 óra 13 perc

Microsoft Windows RRAS Service MIBEntryGet Overflow

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Egghunter include Msf::Exploit::Remote::DCERPC include....
8 óra 56 perc

Federal officials scramble to assess widening Microsoft Exchange Server fallout

technology Federal officials scramble to assess widening Microsoft Exchange Server fallout. Microsoft's Redmond, Washington, headquarters. The tech giant is dealing with another major hack.(Stephen Brashear/Getty Images) Written by Mar 6, 2021 | CYBERSCOOP.
2021. március 6.

Microsoft Updates Exchange Server IoC Tool, Emergency Alternative Mitigations Overnight

WASHINGTON: Microsoft updated its free Exchange server and released emergency alternative mitigation measures overnight as the extent of damage globally from four recently disclosed zero-day vulnerabilities becomes clearer. The IoC tool can be used to scan Exchange server log files to identify whether they are compromised.
2021. március 6.

Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers

A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsoft’s email software in a cyber campaign the US government describes as “widespread domestic and international....
2021. március 6.

Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China

Businesses and government agencies in the United States that use a Microsoft email service have been compromised in an aggressive hacking campaign that was probably sponsored by the Chinese government, Microsoft said. The number of victims is estimated to be in the tens of thousands and could rise,....
2021. március 6.

This new Microsoft tool checks Exchange Servers for ProxyLogon hacks

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. On March 2nd, Microsoft released out-of-band emergency security updates to fix four zero-day vulnerabilities actively used in attacks against Microsoft Exchange .