ECHO Network

Ten years since a revolution that overthrew the nepotistic regime of Zine El Abidine Ben Ali, the sweeping reforms economists say are needed to clean up state finances have yet to materialise. The situation has pushed many of the cash-strapped North African country's 110 state-owned firms towards the edge.

Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. Web Application Firewall customers with the Cloudflare Specials ruleset enabled are automatically protected against....

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014 , has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks.

A couple of years ago, we were reporting on the announcement of the “unhackable” Morpheus computer processor developed by the computer science researchers at the University of Michigan in the US. On paper, the processor presented quite the paradigm shift from traditional cybersecurity that usually....

Mar 6, 2021 7:00 pm EST | High Severity IBM API Connect has addressed the following vulnerability. Mar 5, 2021 7:00 pm EST | High Severity Vulnerability exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.3.1, V7.3, V7.2.1, and V7.2.0.2.

IBM Product Security Vulnerabilities. See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering. IBM Product Support Portal. Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix....

Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3f3ee9dce39e816b4001bd6ae66e8f1a.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP ports 47891 and 29559.

********************************************************* #Exploit Title: Sitio Web desarrollado por misionessistemas Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Sitio Web desarrollado por misionessistemas" #Category:webapps #Tested On: windows 10,....

# Exploit Title: CatDV 9.2 - RMI Authentication Bypass # Date: 3/1/2021 # Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. # Vendor Homepage: https://catdv.com/ # Software Link: https://www.squarebox.com/download/CatDVServer9.2.0.exe # Version: 9.2 and lower # Tested on: Windows, Mac import org.

********************************************************* #Exploit Title: ITAcumens Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "Powered by ITAcumens" #Category:webapps #Tested On: windows 10, Firefox Proof of Concept: Search google Dork: "Powered by ITAcumens" ### Demo : http://ecolabs.

********************************************************* #Exploit Title: هوشمند Ùناوران میهن مهر Sql Injection Vulnerability #Date: 2021-03-05 #Exploit Author: Behrouz Mansoori #Google Dork: "طراحی Ùˆ بر نامه نویسی سایت ها Ùˆ پرتال های حرÙÙ‡ ای....

# Exploit Title: Textpattern 4.8.3 - Remote code execution (Authenticated) (2) # Date: 03/03/2021 # Exploit Author: Ricardo Ruiz (@ricardojoserf) # Vendor Homepage: https://textpattern.com/ # Software Link: https://textpattern.com/start # Version: Previous to 4.8.3 # Tested on: CentOS, textpattern 4.

# Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS) # Date: 2021-03-04 # Exploit Author: Tushar Vaidya # Vendor Homepage: https://textpattern.com # Software Link: https://textpattern.com/start # Version: v 4.9.0-dev # Tested on: Windows Steps-To-Reproduce: 1. Login into Textpattern CMS admin panel.

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Egghunter include Msf::Exploit::Remote::DCERPC include....

technology Federal officials scramble to assess widening Microsoft Exchange Server fallout. Microsoft's Redmond, Washington, headquarters. The tech giant is dealing with another major hack.(Stephen Brashear/Getty Images) Written by Mar 6, 2021 | CYBERSCOOP.

WASHINGTON: Microsoft updated its free Exchange server and released emergency alternative mitigation measures overnight as the extent of damage globally from four recently disclosed zero-day vulnerabilities becomes clearer. The IoC tool can be used to scan Exchange server log files to identify whether they are compromised.

A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsoft’s email software in a cyber campaign the US government describes as “widespread domestic and international....

Businesses and government agencies in the United States that use a Microsoft email service have been compromised in an aggressive hacking campaign that was probably sponsored by the Chinese government, Microsoft said. The number of victims is estimated to be in the tens of thousands and could rise,....

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. On March 2nd, Microsoft released out-of-band emergency security updates to fix four zero-day vulnerabilities actively used in attacks against Microsoft Exchange .